From Collaborative RCE Tool Library

Jump to: navigation, search

Install Monitoring Tools


Tool name: All-Seeing Eye
Rating: 5.0 (1 vote)
Author: Fortego Security                        
Website: http://www.fortego.com/en/ase.html
Current version: 0.7.1
Last updated: 2007
Direct D/L link: http://www.fortego.com/resources/ase071.zip
License type: Free
Description: Tool for automated diff-style checking of many sensitive system areas that malware and other programs often try to modify silently. Like Tripwire on speed.
Also listed in: File System Diff Tools, Registry Monitoring Tools, System Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SysAnalyzer
Rating: 4.0 (2 votes)
Author: David Zimmer (iDefense Labs)                        
Website: http://sandsprite.com/blogs/index.php?uid=7&pid=185
Current version:
Last updated: March 21, 2011
Direct D/L link: http://sandsprite.com/CodeStuff/SysAnalyzer_Setup.exe
License type: GPL2
Description: Update: This tool is no longer available for download through the iDefense website. An updated installer has been made available by the author.

SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system. SysAnalyzer can automatically monitor and compare:

* Running Processes
* Open Ports
* Loaded Drivers
* Injected Libraries
* Key Registry Changes
* APIs called by a target process
* File Modifications
* HTTP, IRC, and DNS traffic

SysAnalyzer also comes with a ProcessAnalyzer tool which can perform the following tasks:

* Create a memory dump of target process
* parse memory dump for strings
* parse strings output for exe, reg, and url references
* scan memory dump for known exploit signatures

Full GPL source for SysAnalyzer is included in the installation package.
Also listed in: API Monitoring Tools, Disk Monitoring Tools, File Monitoring Tools, Memory Dumpers, Network Monitoring Tools, Registry Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Attack Surface Analyzer
Rating: 0.0 (0 votes)
Author: Microsoft Corporation                        
Website: http://go.microsoft.com/?linkid=9758398
Current version: Beta
Last updated: January 18, 2011
Direct D/L link: http://go.microsoft.com/?linkid=9758398
License type: Freeware
Description: Attack Surface Analyzer is the same tool used by Microsoft's internal product teams to catalogue changes made to the operating system by the installation of new software.

Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface.

This allows:
- Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
- IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
- IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
- IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)
Also listed in: File System Diff Tools, Registry Diff Tools, System Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SandboxDiff
Rating: 0.0 (0 votes)
Author: majoMo (Rui Morais)                        
Website: N/A
Current version: 2.3
Last updated: January 10, 2011
Direct D/L link: Locally archived copy
License type: Freeware
Description: 'SandboxDiff' allows tracking changes in Registry and Files when using 'Sandboxie' (an amazing application created by Ronen Tzur).

All Registry entries and File system created/modified by a program sandboxed (or any action sandboxed) are monitored and listed with SandboxDiff.

Very useful when users want (before to install an application) to know all changes made by the installer in Registry and File system.
Also listed in: File Monitoring Tools, File System Diff Tools, Monitoring Tools, Registry Diff Tools, Registry Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Winalysis
Rating: 0.0 (0 votes)
Author:                         
Website: http://www.winalysis.com
Current version: 3.1
Last updated: January 13, 2006
Direct D/L link: Locally archived copy
License type: Shareware
Description: Winalysis is a software application that can help you manage change on computers running Windows. The program can:

Make compressed Snapshots of local and remote computer configurations. Test for changes from snapshots at any time.

Monitor for changes to files, the registry, users, groups, security policies, services, shares, scheduled jobs, the system environment and more.

Monitor remote computers from a central location. There is no need to install Winalysis on the remote machines.

Restore files and/or the registry from compressed snapshots with the ability to undo a restore at any time.
Also listed in: System Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (22)
   Needs New Category  (3)