From Collaborative RCE Tool Library
Install Monitoring Tools
| Tool name: | All-Seeing Eye |
| ||
|---|---|---|---|---|
| Author: | Fortego Security | |||
| Website: | http://www.fortego.com/en/ase.html | |||
| Current version: | 0.7.1 | |||
| Last updated: | 2007 | |||
| Direct D/L link: | http://www.fortego.com/resources/ase071.zip | |||
| License type: | Free | |||
| Description: | Tool for automated diff-style checking of many sensitive system areas that malware and other programs often try to modify silently. Like Tripwire on speed. | |||
| Also listed in: | File System Diff Tools, Registry Monitoring Tools, System Diff Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | SysAnalyzer |
| ||
|---|---|---|---|---|
| Author: | David Zimmer (iDefense Labs) | |||
| Website: | http://labs.idefense.com/software/malcode.php#more_malcode+analysis+pack | |||
| Current version: | ||||
| Last updated: | March 21, 2011 | |||
| Direct D/L link: | http://labs.idefense.com/software/download/?downloadID=15 | |||
| License type: | GPL2 | |||
| Description: | SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system. SysAnalyzer can automatically monitor and compare: * Running Processes * Open Ports * Loaded Drivers * Injected Libraries * Key Registry Changes * APIs called by a target process * File Modifications * HTTP, IRC, and DNS traffic SysAnalyzer also comes with a ProcessAnalyzer tool which can perform the following tasks: * Create a memory dump of target process * parse memory dump for strings * parse strings output for exe, reg, and url references * scan memory dump for known exploit signatures Full GPL source for SysAnalyzer is included in the installation package. | |||
| Also listed in: | API Monitoring Tools, Disk Monitoring Tools, File Monitoring Tools, Memory Dumpers, Network Monitoring Tools, Registry Monitoring Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Attack Surface Analyzer |
| ||
|---|---|---|---|---|
| Author: | Microsoft Corporation | |||
| Website: | http://go.microsoft.com/?linkid=9758398 | |||
| Current version: | Beta | |||
| Last updated: | January 18, 2011 | |||
| Direct D/L link: | http://go.microsoft.com/?linkid=9758398 | |||
| License type: | Freeware | |||
| Description: | Attack Surface Analyzer is the same tool used by Microsoft's internal product teams to catalogue changes made to the operating system by the installation of new software. Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface. This allows: - Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform - IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications - IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews - IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase) | |||
| Also listed in: | File System Diff Tools, Registry Diff Tools, System Diff Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | SandboxDiff |
| ||
|---|---|---|---|---|
| Author: | majoMo (Rui Morais) | |||
| Website: | N/A | |||
| Current version: | 2.3 | |||
| Last updated: | January 10, 2011 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Freeware | |||
| Description: | 'SandboxDiff' allows tracking changes in Registry and Files when using 'Sandboxie' (an amazing application created by Ronen Tzur). All Registry entries and File system created/modified by a program sandboxed (or any action sandboxed) are monitored and listed with SandboxDiff. Very useful when users want (before to install an application) to know all changes made by the installer in Registry and File system. | |||
| Also listed in: | File Monitoring Tools, File System Diff Tools, Monitoring Tools, Registry Diff Tools, Registry Monitoring Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Winalysis |
| ||
|---|---|---|---|---|
| Author: | ||||
| Website: | http://www.winalysis.com | |||
| Current version: | 3.1 | |||
| Last updated: | January 13, 2006 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Shareware | |||
| Description: | Winalysis is a software application that can help you manage change on computers running Windows. The program can: Make compressed Snapshots of local and remote computer configurations. Test for changes from snapshots at any time. Monitor for changes to files, the registry, users, groups, security policies, services, shares, scheduled jobs, the system environment and more. Monitor remote computers from a central location. There is no need to install Winalysis on the remote machines. Restore files and/or the registry from compressed snapshots with the ability to undo a restore at any time. | |||
| Also listed in: | System Diff Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.
