Mr.peach Posted February 10, 2016 Posted February 10, 2016 Hi all experts I want to know what tools are used to analyze the industrial malwares
Nieo Posted February 10, 2016 Posted February 10, 2016 Basic to Start with..Hop it Helps https://zeltser.com/build-malware-analysis-toolkit/ 2
crystalboy Posted February 10, 2016 Posted February 10, 2016 (edited) @Nieo you beat me in speed This scenario can change from target to target there is not a set of predefined tools. The approach is the same that you will use to reverse a normal software with the difference that in the most of the case before do dinamic analysis you will perform static analysis. This will be basic steps to how to proceed to perform static and dinamic analysis safely: - Use Vmware or similar product (Virtualbox) to creare a virtual machine system and make a backup of it - Copy the malware inside the virtual machine created in zip or rar format - Isolate the machine from the pc host and internet Tools may vary based on target but a general kit will be that: - Disassemblers (IDA Pro) - Debugger (Windbg, OllyDbg or IDA again) - System monitor utilities (ProcessMonitor, ProcDOT, ProcessExplorer...) - Network analysis (Wireshark, Fiddler) - Register monitor (Regmon, Regshot) That is an intro list. You will increare your tools weapon every time you encounter a new needs. Hope it helps. Edited February 10, 2016 by crystalboy 4
Mr.peach Posted February 10, 2016 Author Posted February 10, 2016 Thank you for your response I've worked with Windows malware But now I want to know to analyze security threats that exist in SCADA systems what special tools are needed?
crystalboy Posted February 10, 2016 Posted February 10, 2016 I have no experience in what you ask i am sorry. Maybe someone else can give it's opinion but i find an article that can give you an idea of what you need, you can find it here: http://resources.infosecinstitute.com/improving-scada-system-security/ Hope it helps 1
Nieo Posted February 11, 2016 Posted February 11, 2016 (edited) SCADA is Macro Concept.. You supposed to know Linux because most of Tools u find for Security & Penetration Testing is Linux based.. Here Few Basic Stuff to setup Right Right Environment & Kick Start.. https://www.scadahacker.com/tools.html http://seclists.org/fulldisclosure/2013/Jan/157 http://www.digitalbond.com/tools/scada-honeynet/downloads/ http://sectools.org/ http://blog.securityonion.net/ http://scadastrangelove.blogspot.com/2013/01/s7brut.html PS:- There is no Particular Set of Tools.. Its all depend's upon ur Need Edited February 11, 2016 by Nieo 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now