mitmproxy is an excellent console app written in Python.
It is easy to use on Linux and OS X.
Use brew install mitmproxy
to install it on OS X.
mitmproxy is an excellent console app written in Python.
It is easy to use on Linux and OS X.
Use brew install mitmproxy
to install it on OS X.
All of this information was collected by doing google searches or from the URLs mentioned in the References section. I collected them here because I wanted a single list that I could update, refer to, and share with others. Simply having a link listed here is not necessarily an endorsement. I only have personal experience with a small number of the resources listed here. I did however, make an initial attempt to remove dead links from the reference links. Some good starting points are Lenny Zelster's Reverse-Engineering Malware Cheat Sheet and Analyzing Malicious Documents Cheat Sheet. In fact, as you'll notice in the reference section, Lenny's site is included multiple times. He has some really awesome information.
http://www.securityfocus.com/archive/138/description http://reddit.c
[Settings] | |
Check DLL versions=0 | |
Topmost window=0 | |
Show main menu items that don't apply=0 | |
Show popup items that don't apply=0 | |
Show toolbar=1 | |
Use system colours in toolbar=0 | |
Status in toolbar=0 | |
Flash duration=1 | |
Autoupdate interval=4 |
https://www.andrew.cmu.edu/user/mteh/docs/C_Pointers.txt | |
Pointers | |
===================================================================== | |
--------------------------------------------------------------------- | |
Reading C type declarations | |
--------------------------------------------------------------------- | |
void * foo; (foo is a pointer to void; generic pointer) |
A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.
When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\
.
The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN
The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc