lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 15 May 2011 08:31:27 +1000
From: "-= Glowing Doom =-" <secn3t@...il.com>
To: Chris M <chris@...lroute.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: MalBox Release! A Program Behavior Analysis
	System!

Very good question.. would be nice if the src was available, even as a web
based php script wich could then be used locally, or even rented with banner
to always show where it is from, that would be nice but yea, i doubt your
gonna do that :P
Still, it would be nice to see what is behind it..ie: honeypot system in
use, or sandbox model ? even if it is modified, atleast could tell us the
origins of the src, and if you gys coded it, i think you should get some
hints from shadowserver.de and honeypot.org, maybe look at some common
IDS/Forensic srcs,and see what it this problem about uploaded exes wich are
not showing up in results, that would be easy to debug if it is a communal
project,and you could only release the code to websites you approve of if
you want.
There is many avenues you guys could take this, but the first one, is fixing
it so it is 100% Browser friendly (EVEN with addon scripts people may use,
or atleast show a warning/error msg to show what the person must do...)
Thankyou guys, it still is a great project, i will support, but i hope it is
working today :)
xd



On 15 May 2011 08:24, Chris M <chris@...lroute.net> wrote:

> Yeah, and lets have some more info on the technology behind it :)
>
> Open sauce?
>
> Have you looked at any "enterprise" malware analysis platforms?
>
> -C
>
>
> On Sat, May 14, 2011 at 11:22 PM, -= Glowing Doom =- <secn3t@...il.com>wrote:
>
>> Hello ppl,
>> same , I had uploaded a KNOWN infected exe, and it loaded page, but then
>> returned nothing , Using firefox 4 browser, yes some script addons wich
>> prevent crapware,but other than that, it should have been swift to respond
>> with a positive, it did nothing but load in the browser, was a letdown,hope
>> you can get it to work cross browser, because would be a very handy app for
>> sure
>> xd
>>
>>
>>
>> On 15 May 2011 07:55, Chris M <chris@...lroute.net> wrote:
>>
>>> Not convinced.
>>>
>>> Tried to upload a few samples, "only support EXE files" ---- no DLLs? yet
>>> you take URLs? only to exes?
>>>
>>> The file I upped was a PE file. Just with a renamed extension.
>>>
>>> Also submitted a couple of "known bad" files and got a list of tcp ports
>>> back.... how is this operating? _SHARED_ sandbox?
>>>
>>> Whats it based on?
>>>
>>> More information would be appreciated :)
>>>
>>> -C
>>>
>>> 2011/5/13 CnCxzSec衰仔 <cncxzhack@...il.com>
>>>
>>>>                    .__ ___. _____ _____ | | \_ |__ ____ ___ ___ / \ \__
>>>> \ | | | __ \ / _ \\ \/ / | Y Y \ / __ \_| |__| \_\ \( <_> )> < |__|_| /(____
>>>> /|____/|___ / \____//__/\_ \ \/ \/ \/ \/ MalBox Release!!A Program Behavior
>>>> Analysis System! MalBox:A Program/Malware Behavior Analysis System, which is
>>>> able to analyze the local and network behaviors of a submitted malware,
>>>> including file/process/registry/network(irc,http,ect.) behaviors, and will
>>>> send the report to the submitter .
>>>>
>>>> Welcome to use our MalBox: http://malbox.xjtu.edu.cn/
>>>>
>>>> --------------------------------------
>>>> Malbox is always improving! If you want to contact us, send e-mail to
>>>> dflower.zs@...il.com
>>>> --------------------------------------
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>>
>>>
>>> --
>>>  I’m a hot-wired, heat seeking, warm-hearted cool customer, voice
>>> activated and bio-degradable. I interface with my database, my database is
>>> in cyberspace, so I’m interactive, I’m hyperactive and from time to time I’m
>>> radioactive.
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>
>
> --
>  I’m a hot-wired, heat seeking, warm-hearted cool customer, voice activated
> and bio-degradable. I interface with my database, my database is in
> cyberspace, so I’m interactive, I’m hyperactive and from time to time I’m
> radioactive.
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ