Penetration Testing mailing list archives
New Tools from Imperva ADC
From: "Imperva Application Defense Center" <adc () imperva com>
Date: Mon, 10 May 2004 22:08:27 +0200
Dear List, Imperva(tm)'s Application Defense Center has released two new security testing tools. These tools are aimed at testing of Client-Server applications, where the Client behavior's needs to be analyzed. The first tool, Dl-Hell, easily identifies DLL's called by an executable or another DLL. This can be useful for identifying a dll that is related to security calls, which can then be replaced by a DLL created by the tester. The second tool, PassLoc, allows graphically locating the existance of an encryption key inside an executable file (based on Adi Shamir's "Playing hide and seek with encryption keys"). The tools can be obtained in the following URL's: PassLoc: http://www.imperva.com/adc/tools/passloc DlHell: http://www.imperva.com/adc/tools/dlhell Both tools were created by Moran Surf, an Application Security Expert in Imperva's ADC. Detailed Description of the Tools: ================================= Dl-Hell: ------- The Dl-Hell tool is an easy to use tool for identifying an executable's dynamic link library (DLL) files, and their relations. Given an executable, the tool returns a list of possible DLL files that it uses, including the functions within those that it calls, and possibly the type of parameters they receive (this depends on the type of export the DLL files implement). Dl-Hell is a useful tool for locating calls to external DLLs in applications that use those for security measurement. For example, an application that does its encryption operation using one of those DLLs, or an application that performs its authentication checks in an external DLL. Dl-Hell can be scaled to become a tool for replacing those DLLs with different ones, thus overriding operations in executables. All of this is done without the sources. PassLoc: ------- Based on Adi Shamir's "Playing hide and seek with encryption keys" article, which suggests a way for locating keys within a buffer (memory, large file, etc.). The PassLoc tool accepts a file as input and returns a graphical plot of its content where the most random part of the file is colored. The article suggests that due to the random nature of long keys put in non-random files, the human eye can easily distinguish the key given a sufficiently long file. --- Imperva's Application Defense Center http://www.imperva.com/adc ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- New Tools from Imperva ADC Imperva Application Defense Center (May 10)