From November 2013 I have developed a new Linux distribution for IT Security. This distributions is a collection of tools for CERT (Computer Emergency Response Team) groups for Vulnerability Assessment, Penetration Test, Forensic e Malware Analysis.
This tool, wrote in python, gets a pcap file and extracts a lot of information and statistics detail. It’s possible to see if there are some packets with bad TCP Flags, or if there are sql injection attack, XSS attacks or DNS tuneling.
Scanfolder is an open source tool to analyze a subfolder of your disc (or dd file mounted on your PC). With this tool is possible to find some bad MD5 or find some know malicious pattern with YARA, or extract some data like IP, email address, credit card number, ssn and more data type.
It’s an hack tool for ARP scans, used to discover and attack machines in your network. The attack type is “man in the midlle” with arp spoof mac address.
This tool is a prototype of malware, wrote in Delphi only to show what is possible to do with this malware type. There are a malware and a remote command and control. Thanks to this tool it is possible to see the process that is active in remote machine. It’s also possible to get the screenshot, to active a keylogger, to take a picture with webcam, to download and upload file, to record the microphone and to restart the machine.
In the below video you can see this malware, for obvious reason the malware and the command and control are in the same Virtual Machine.