RE: Exploit package analysis

["Todd Towles" <toddtowles () brookshires com>]

A bit off-topic, but I would look into VMWare. There are several Linux
tools that will work the same as well. A separate OS environment would
be very helpful in your new interest. Plus, it is very easy to go back
to a fresh OS  state after a malware analyzing session. 

> -----Original Message-----
> From: Erin Carroll [mailto:amoeba () amoebazone com] 
> Sent: Thursday, July 28, 2005 11:45 AM
> To: pen-test () securityfocus com
> Subject: Exploit package analysis
>
> All,
>
> Some of the fun of moderating this list is getting a wide 
> exposure to aspects of pen-testing I have yet to tackle. One 
> thing managing the list has prompted me to explore is 
> exploit/code package analysis... thanks to all the spam I get 
> to sift through :)
>
> In addition to worrying about my poker game, manly endowment 
> & performance, and Rolex collection (once I get money from my 
> friends in Nigeria), I get a lot of spams with attachments, 
> usually .zip, that are obviously malware that I'd like to 
> open up safely and see how they tick. I'm hoping to pick up 
> some interesting pen-test techniques by looking at the 
> current state of malware exploits to see how they 
> work/reproduce/hide at the system level. While most of them I 
> assume will be run-of-the-mill spambot or zombie generators, 
> there's always a chance of running across a 0-day in the wild.
>
> My question to all of you is what are some basic sandbox 
> tools you would recommend to pursue this? Does anyone work in 
> a similar vein and has the experience been helpful in your 
> pen-testing work?
>
>
> --
> Erin Carroll
> "Do Not Taunt Happy-Fun Ball"