Friday, January 23, 2009

Cool Tools and DoD Cybercrime Conference

For the past two weeks I have been doing web application assessments. During this process I have had to try different tools to get the job done. During the trial and error process I can across some really cool tools, they are probably not new but new to me. The first is Charles proxy. This proxy is great for doing binary web application assessments allowing you to easily view the binary data being passed. A screen shot of Charles in action is below in Figure 1.

You can get the Charles proxy here.

Since I was looking at flash applications I needed analyze the swf file. While searching for a decent decomplier I found FileInsight by Secure Computing. Get FileInsight here:

This tools is great. It is a hex editor with collaborative reverse engineering in mind. Besides being a hex editor it allows you to do a number of actions I found to be useful:

-Breaks out PE header.
-Understands OLE2 structures.
-Ability to decode using multiple.
-Bookmark capability.
-Plug-ins for strings and an anomaly chart.

This will be replacing my other free and paid for hex editors, it is great cause it is free. It also looks to have a scripting capability that looks like it will come in handy.

On another note I spoke at the Defense Cyber Crime Conference last week. I addressed forensic issues on the Advanced Persistent Threat (APT). The talk is titled "Complex APT Forensics: Answering the Difficult Questions". You can get the sides and the customs Template and EnScripts from the following link:

APT M-unition Pack

No comments: