The Difference Between a Vulnerability Assessment and a Penetration Test

Good article to read: The Difference Between a Vulnerability Assessment and a Penetration Test

DllHijackAuditor – Free Audit Tool For DLL Hijack Vulnerability

DllHijackAuditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application. This is recently discovered critical security issue affecting almost all Windows systems on the planet. It appears that large amount of Windows applications are currently susceptible to this vulnerability which can allow any attacker to completely take over the system.

DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system. With its simple GUI interface, DllHijackAuditor makes it easy for anyone to instantly perform the auditing operation. It also presents detailed technical Audit report which can help the developer in fixing all vulnerable points in the application.

New version v2 brings out following features,

• New & Smart Debugger based ‘Interception Engine’ for consistent and efficient performance.
• Support for specifying as well as auditing of application with custom & multiple Extensions.
• Timeout Configuration to alter the waiting time for each Application.

DllHijackAuditor is a standalone portable application which support from Windows XP to Windows 7.

Reference:

• more info & download

Exploiting DLL Hijacking Flaws

In the month of August/September time frame, there has been a lot of attacks on DLL Hijacking. More than 200 Windows applications are having this flaw and vulnerable to this attack.

DLL Hijacking is a vulnerability that triggered when a vulnerable file type is opened from within a directory controlled by the attacker.


HD Moore (Metasploit) explains the problem and adds a *scanner* into the metasploit framework. Please read his blog entry here (tool for scanning the local machine)

• http://blog.metasploit.com/2010/08/better-faster-stronger.html
• http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html

Memory Analysis with Mandiant Memoryze

There is a great article posted by ctilbury on Digital Forensics How-To: Memory Analysis with Mandiant Memoryze.

It introduces 2 tools, Memoryze and Audit Viewer. Both are available free at Mandiant. The article shows:

• How to install Memoryze on USB as incident response kit.
• Work through the steps to acquire a memory image.
• Outline the potential issue/solution with memory acquisition.
• Performing live memory analysis.

Mandiant: Forensic and Incident Response Tools

Below is the list of tools that I used to perform forensic and incident response. All are available at Mandiant free software.

1. MANDIANT IOCe is a free editor for Indicators of Compromise (IOCs). 
2. Memoryze - A free memory forensics software designed to help incident responders find evil within live memory.
3. MIR Lite-CDT - A command line utility based on technology from MANDIANT's Intelligent Response enterprise product.
4. Audit Viewer - An open source tool that allows users to examine the results of Memoryze's analysis.
5. Highlighter - Designed to help network analysts rapidly review log and other structured text files.
6. Red Curtain - A software for incident responders that helps find and analyze unknown malware.
7. Web Historian - Assists users in reviewing websites that are stored in the history files of the most commonly used browsers.