Meriadoc
July 29th, 2008, 12:27 AM
I've been keeping an eye on HBGary's Responder Pro and Field edition recently. The products and free analysis tools are interesting as are the management of HBGary, have a look...
HBGary (http://www.hbgary.com/index.html) - Greg Hoglund, Rich Cummings, Penny Leavy, Bob Slapnik.
{QUOTE-> HBGary was founded in 2003... We have developed advanced software security technologies to actively assess information risks in deployed applications, stealthily monitor information systems for external and internal threats, and perform post-exploitation forensics with dynamic analysis of malware and live running software. <-QUOTE}
Responder Pro (http://www.hbgary.com/responder_pro.html) :
{QUOTE-> Responder Professional is the industry's first live memory and runtime analysis platform for Windows operating systems. Responder Pro integrates the most powerful physical memory and reverse engineering capabilities into one product suite... Disk and signature based detection tools are no match against malicious code using the latest anti-forensics, anti-detection, and anti-debugging techniques. It's no wonder that 80% of new malware is missed by Antivirus <-QUOTE}
Responder Field Ed (http://www.hbgary.com/responder_field.html) :
{QUOTE-> Responder Field Edition was designed to provide law enforcement and computer intrusion investigators with the most powerful Live Windows Memory preservation and analysis capabilities. <-QUOTE}
Fastdump (http://www.hbgary.com/download_fastdump.html) free download :
{QUOTE-> Fastdump is the industry's most forensically sound windows memory dumping utility... FD is very simple to use. Use a USB stick or other means to make FD available to a command prompt on the target windows system. Type FD where filename is the dump file and FD takes a snapshot of physical RAM. This file will be a binary dump of RAM... HBGary has released FD for free for the incident response and forensics community... Release Notes: FD 1.2 is a purely usermode application and does not support Vista or Windows 2003 at this time. Stay tuned for updates. <-QUOTE}
Flypaper (http://www.hbgary.com/download_flypaper.html) free download :
{QUOTE-> HBGary Flypaper is an invaluable tool in your fight against malware. Most malware is designed into two or three stage deployment. First, a dropper program will launch a second program, and then delete itself. The second program may take additional steps, such as injecting DLL's into other processes, loading a rootkit, etc... Flypaper loads as a device driver and blocks all attempts to exit a process, end a thread, or delete memory. All components used by the malware will remain resident in the process list, and will remain present in physical memory. The entire execution chain is reported so you can follow each step... Flypaper is designed to be used with a virtual machine. <-QUOTE}
HBGary (http://www.hbgary.com/index.html) - Greg Hoglund, Rich Cummings, Penny Leavy, Bob Slapnik.
{QUOTE-> HBGary was founded in 2003... We have developed advanced software security technologies to actively assess information risks in deployed applications, stealthily monitor information systems for external and internal threats, and perform post-exploitation forensics with dynamic analysis of malware and live running software. <-QUOTE}
Responder Pro (http://www.hbgary.com/responder_pro.html) :
{QUOTE-> Responder Professional is the industry's first live memory and runtime analysis platform for Windows operating systems. Responder Pro integrates the most powerful physical memory and reverse engineering capabilities into one product suite... Disk and signature based detection tools are no match against malicious code using the latest anti-forensics, anti-detection, and anti-debugging techniques. It's no wonder that 80% of new malware is missed by Antivirus <-QUOTE}
Responder Field Ed (http://www.hbgary.com/responder_field.html) :
{QUOTE-> Responder Field Edition was designed to provide law enforcement and computer intrusion investigators with the most powerful Live Windows Memory preservation and analysis capabilities. <-QUOTE}
Fastdump (http://www.hbgary.com/download_fastdump.html) free download :
{QUOTE-> Fastdump is the industry's most forensically sound windows memory dumping utility... FD is very simple to use. Use a USB stick or other means to make FD available to a command prompt on the target windows system. Type FD where filename is the dump file and FD takes a snapshot of physical RAM. This file will be a binary dump of RAM... HBGary has released FD for free for the incident response and forensics community... Release Notes: FD 1.2 is a purely usermode application and does not support Vista or Windows 2003 at this time. Stay tuned for updates. <-QUOTE}
Flypaper (http://www.hbgary.com/download_flypaper.html) free download :
{QUOTE-> HBGary Flypaper is an invaluable tool in your fight against malware. Most malware is designed into two or three stage deployment. First, a dropper program will launch a second program, and then delete itself. The second program may take additional steps, such as injecting DLL's into other processes, loading a rootkit, etc... Flypaper loads as a device driver and blocks all attempts to exit a process, end a thread, or delete memory. All components used by the malware will remain resident in the process list, and will remain present in physical memory. The entire execution chain is reported so you can follow each step... Flypaper is designed to be used with a virtual machine. <-QUOTE}