Warning: fopen(/home/seclistu/public_html/wp-content/iosec_admin/banlisttemp): failed to open stream: Permission denied in /home/seclistu/public_html/wp-content/plugins/iosec-anti-flood-security-gateway-module/iosec.php on line 273

Warning: fopen(/home/seclistu/public_html/wp-content/iosec_admin/banlist): failed to open stream: Permission denied in /home/seclistu/public_html/wp-content/plugins/iosec-anti-flood-security-gateway-module/iosec.php on line 277

Warning: fopen(/home/seclistu/public_html/wp-content/iosec_admin/ips): failed to open stream: Permission denied in /home/seclistu/public_html/wp-content/plugins/iosec-anti-flood-security-gateway-module/iosec.php on line 281

Warning: Cannot modify header information - headers already sent by (output started at /home/seclistu/public_html/wp-content/plugins/iosec-anti-flood-security-gateway-module/iosec.php:273) in /home/seclistu/public_html/wp-includes/feed-rss2.php on line 8
Anti-Debuging – Security List Network™ http://seclist.us Wed, 25 Apr 2018 22:10:46 +0000 en-US hourly 1 PEframe is a open source tool to perform static analysis on (portable executable) malware. http://seclist.us/peframe-is-a-open-source-tool-to-perform-static-analysis-on-portable-executable-malware.html Thu, 09 Nov 2017 14:59:03 +0000 http://seclist.us/?p=15907 PEframe is a open source tool to perform static analysis on Portable Executable malware and generic suspicious file. It can help malware researchers to detect packer, xor, digital signature, mutex, anti debug, anti virtual machine, suspicious sections and functions, and much more information about the suspicious files.

peframe v5.0.1


+ Python 2.7.x


git clone https://github.com/guelfoweb/peframe && cd peframe
pip install simplejson

python setup.py install
peframe example.exe

Source: https://github.com/guelfoweb

AntiFooling – Prevent the Malware Execution. http://seclist.us/antifooling-prevent-the-malware-execution.html Tue, 06 Dec 2016 10:22:46 +0000 http://seclist.us/?p=12739 AntiFooling is a tool designed for preventing the Malware Execution. This is possible through the exploitation of the most common exceptions for Anti-Emulation and Anti-Debuging techniques used by the Malware, that will stop the execution if it detects something.

antifooling v1.0.0

antifooling v1.0.0

+ AutoIt https://www.autoitscript.com/site/autoit/downloads/

– Download *.zip, then unzip it.
– right click, compile script. [Be sure autoit has been install]

Download: antifooling.zip
source: https://github.com/ScorpioTM

RocProtect – tool to protect against malware aware of Analysis Machine. http://seclist.us/rocprotect-tool-to-protect-against-malware-aware-of-analysis-machine.html Sun, 04 Dec 2016 12:58:00 +0000 http://seclist.us/?p=12719 Malware are able sometimes to detect a virtual environment to avoid analysis and detection. RocProtect is a quick and dirty POC to emulate Virtual artifacts into a physical machine.



Portable Binary Structure:
+ mt.exe : Tool for windows manifest analysis
+ RockProtect.exe: Tool for generated fake registry, folder etc.
+ FakeAp.exe : example AP.

Manifest Tool

Manifest Tool

Support system:
– Currently Support x86 windows Machine.

Download: RocProtect.zip
Source: https://github.com/fr0gger