|
The Coroner%60s Toolkit Source v1.18
|
|
Hits: 3 |
|
Date added: 08/13/2007 |
|
TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in. |
|
|
|
|
|
|
HeapDraw / HeapTracer
|
|
Hits: 6 |
|
Date added: 09/01/2007 |
|
HeapDraw was originally created as a postmortem analisys tool, to see how the heap evolved during the life of a process. The idea is that although we may be used to textual output, like that of ltrace or a malloc/free hooking library, it's much better to see it graphically (in fact I used to make drawings by hand until I realized WTF am I doing? I have a computer to do it for me! ).
HeapTracer is the new name, after it became a runtime analisys tool.
In the image you can see an example. It's the heap of ping. The 4 spikes correspond to the 4 packets sent. Before the first spike you can see the initialization, and after the last, the evolution of the heap for the final phase.
In this release you can find four different versions of HeapDraw/HeapTracer, all including full sourcecode:
* Windows postmortem native version.
* Linux postmortem native version.
* IDA plugin, for doing runtime analisys (only Windows version for Windows appliations)
* An unfinished python version.
If you are an IDA fan, and like developing for it, you may find interesting the IDA Plugin version, as it's a relatively complex example of an IDA debugging plugin which opens an OpenGL window to make drawings. |
|
|
|
|
|
|
MSyslog v1.08g
|
|
Hits: 3 |
|
Date added: 09/06/2007 |
|
MSyslog is a logging subsystem for UNIX operating systems. It replaces the traditional UNIX logging daemon, syslogd, with an improved version that provides capabilities for log centralization, preservation of log integrity, and storage on a myriad of popular database engines. MSyslog, which stands for Modular Syslog, has a very flexible architecture that allows the administrator to configure it to receive log data from several input sources such as TCP and UDP network connections, UNIX named pipes and plaintext files. Log data storage is available through multiple output options including plaintext files, MySQL and PostgreSQL database engines. Log relaying can be performed over TCP sessions or the traditional UDP-based syslog protocol. MSyslog also supports filters that perform cryptographic integrity checks and filtering by regular expressions. MSyslog runs on a variety of UNIX and Linux operating systems. |
|
|
|
|
|
Stealth LKM
|
|
Hits: 4 |
|
Date added: 09/21/2007 |
|
Linux 2.2.x kernel module which discards packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags. |
|
|
|
