|
Stealth LKM
|
|
Hits: 4 |
|
Date added: 09/21/2007 |
|
Linux 2.2.x kernel module which discards packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags. |
|
|
|
|
|
MSyslog v1.08g
|
|
Hits: 3 |
|
Date added: 09/06/2007 |
|
MSyslog is a logging subsystem for UNIX operating systems. It replaces the traditional UNIX logging daemon, syslogd, with an improved version that provides capabilities for log centralization, preservation of log integrity, and storage on a myriad of popular database engines. MSyslog, which stands for Modular Syslog, has a very flexible architecture that allows the administrator to configure it to receive log data from several input sources such as TCP and UDP network connections, UNIX named pipes and plaintext files. Log data storage is available through multiple output options including plaintext files, MySQL and PostgreSQL database engines. Log relaying can be performed over TCP sessions or the traditional UDP-based syslog protocol. MSyslog also supports filters that perform cryptographic integrity checks and filtering by regular expressions. MSyslog runs on a variety of UNIX and Linux operating systems. |
|
|
|
|
|
|
HeapDraw / HeapTracer
|
|
Hits: 6 |
|
Date added: 09/01/2007 |
|
HeapDraw was originally created as a postmortem analisys tool, to see how the heap evolved during the life of a process. The idea is that although we may be used to textual output, like that of ltrace or a malloc/free hooking library, it's much better to see it graphically (in fact I used to make drawings by hand until I realized WTF am I doing? I have a computer to do it for me! ).
HeapTracer is the new name, after it became a runtime analisys tool.
In the image you can see an example. It's the heap of ping. The 4 spikes correspond to the 4 packets sent. Before the first spike you can see the initialization, and after the last, the evolution of the heap for the final phase.
In this release you can find four different versions of HeapDraw/HeapTracer, all including full sourcecode:
* Windows postmortem native version.
* Linux postmortem native version.
* IDA plugin, for doing runtime analisys (only Windows version for Windows appliations)
* An unfinished python version.
If you are an IDA fan, and like developing for it, you may find interesting the IDA Plugin version, as it's a relatively complex example of an IDA debugging plugin which opens an OpenGL window to make drawings. |
|
|
|
|
|
|
The Coroner%60s Toolkit Source v1.18
|
|
Hits: 3 |
|
Date added: 08/13/2007 |
|
TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in. |
|
|
|
|
|
|
EncFS Encrypted Filesystem v1.3.2
|
|
Hits: 1 |
|
Date added: 08/10/2007 |
|
EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. You can find links to source and binary releases below. EncFS is open source software, licensed under the GPL.
As with most encrypted filesystems, Encfs is meant to provide security against off-line attacks; ie your notebook or backups fall into the wrong hands, etc. The way Encfs works is different from the “loopback” encrypted filesystem support built into the Linux kernel because it works on files at a time, not an entire block device. This is a big advantage in some ways, but does not come without a cost. |
|
|
|
