hi,

Just like we have tools like Appscan, Acunetix for automated blackbox testing for web apps, are there any automated blackbox tools for Mobile Apps as well ? Mainly iPhone and Android Apps.

hi,

I wanted to look more into rootkits, specially kernel mode rootkits which affect the boot sector.

Please suggest resources for me to understand and learn so that I am able to analyse these malwares.

I want to dig deep into rootkits and understand how to analyze them.

Any help appreciated.

a general question here. It is a common observation that a malware creates a file temporarily and then deletes it after a while, generally after performing a set of operations.

Running capturebat when the malware is running enables us to have a backup of the file which is created temporarily. What are other tools which have this capability.

a question specific to this challenge, i was able to see the record of a folder being created 'algonic' but it was not saved when the malware deleted it. Any thoughts on this ?

Wonderful read... thanks a bunch

Going through the solution to understand what the winners have done. Forgive if this is a noob question but I did not understand how the solution for this question was answered

Q. Describe the API hooking mechanism used by the sample
Ans: The malware uses a data structure for each hooked function that looks like the following:

DWORD FunctionAddress 
DWORD HookFunctionAddress
BYTE  ModifiedOriginalFunctionStart[44]
DWORD Unknown
BYTE  Unknown
BYTE  OriginalFunctionStart[44]
DWORD Unknown
DWORD ModuleHandle
DWORD Unknown
BYTE  JumpCode[8]
DWORD CriticalSection[6]
DWORD CriticalSectionInitialized
BYTE  ModuleName[260]
DWORD Unknown[2]


If possible please refer the solution here
http://www.honeynet.org/files/1312123013_lutz_dot_schildt_at_googlemail_dot_com_Forensic%20Challenge%202011%20-%20Challenge%208.zip


Is there a place where I can understand this process via tutorials or examples if possible ?

Any help is highly appreciated.

people, I saw a challenge on Honeynet.org yesterday which deals with analysis of Mobile malware.

http://www.honeynet.org/node/751

they have given a corrupted /data partition ... any idea how to start with this ?

will appreciate if you give me pointers on where to start so that i work my way to the correct path ... this challenge looks like an exxcellent learning experience .... do give it a shot ..

Hi all,

Ive been following a number of posts which have analyzed Android Malware. Most of them begin by analyzing the AndroidManifest.xml file. After that they speak about individual modules present in the application.

Ive configured Eclipse with the Android SDK, i can see some information about the applications running.

Any of you guys have experience in performing analysis of Android malwares ? Any suggestions on the approaches to perform analysis of malware/trojans for android ? any good sites which i can follow ? 

Hi guys

Any idea where i can find a sample for Geinimi Android Trojan

ive found analysis for the same but im searching for a sample to work with.
Help greatly appreciated.

This is becoming popular these days. There are some sites which give us information about mobile malwares

http://contagiominidump.blogspot.com/

We use virtual machines to test malwares, can we use mobile simulators on virtual machines to test mobile malwares too ?
Just wondering how to do a dynamic/static analysis on a simulator.

Thoughts anyone ?

Awesome. That helps a lot.
I have been following some forums and looking for analysis articles.

i have heard about Malware Analysts Cookbook ... any other books which someone can recommend ?

Hi all,

I have been reading about Malware Analysis, Ive had some samples for analysis which I used for understanding.

Guys im looking for sources from where I can get malwares for analysis, currently im looking at sites like
MalwareDomainList
OffensiveComputing
Tuts4You

I would love to get a sample and a analysis report of the sample so that i can try all the things mentioned in the analysis. I want to do this till im a little familiar with the basics. After that id love to go ahead and do my own analysis.

Please tell me some forums/sites which anyone here uses for malware analysis.
Please tell me some other methods which I can use, Honeypot I know is one of them.

Thanks all for reading, please share your thoughts on this.

Very inofrmative... thank you for sharing.

Can someone point to some good sources to understand analysis of malwares... i have been looking at some sites and I will share them

Tracur Malware Analysis
http://quequero.org/Tracur_Malware_Analysis
Sophos Security - Good source
http://www.sophos.com/en-us/threat-center/threat-analyses/hoaxes/scare.aspx
2008 Malware Challenge Analysis
http://blog.mylookout.com/wp-content/uploads/2008/12/malwarechallenge2008.pdf
Microsoft Blog - Good Source
http://blogs.technet.com/b/mmpc/archive/2011/07.aspx

Please let me know of other sources or books which I can follow to understand more on this topic

thanks a ton for letting me know. Ill check the source you have mentioned.

Hello Everyone,

Has anyone seen the vulnerable Android Mobile app
http://imthezuk.blogspot.com/2011/07/creating-vulnerable-android-application.html

Does anyone have pointers about where to look at for exploiting Android apps ?

Has anyone used Cloud services like Amazon for the purpose of malware analysis.
Its a really good option as there is no need to invest in a hardware.
But is it okay to deliberately infect an instance on cloud just like we do it on vm and revert it back ?

I do not know much about this, please shed light on this topic