border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Thursday, June 7, 2012

ShellDetect v1.0 - Shell Tool Detection Codes

Detect Shell is a tool developed by Amit Malik for the presence of  Shell Codes within a file or network traffic. With it you can analyze binary (as generated by Metasploit for example) or files to a network stream (capturing traffic with tcpdump / wireshark ).

Today attackers distribute malicious files containing Shell Codes hidden. When you open these files, the Shell Code run in silence , which compromises the integrity of the system. This is more dangerous when the operation is " Zero Day " , and not be detected by the signature traditional of anti-virus . In these cases ShellDetect help to identify the presence of Shell Codes and assist in the task of keeping the system safe .

To run ShellDetect need to install Python also recommend running it on a virtual machine
( VMware / VirtualBox ) as the tool is still very beta and Shell escape him even more advanced Codes, but the important thing is to detect those of Metasploit which are the most used.

 The use of the tool is very easy (and for now just runs under Windows XP ), simply use the console: file_name and parses the file or the network traffic captured.

First analyzing a file (pgeneric-12.txt), then network traffic captured (network_stream).
As I said above, the tool is in beta, but I find it very useful and I see enough future.

More information:

ShellDetect Download v1.0 

No comments:

Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites More