Sunday, May 18, 2014

Hook Analyser 3.1 : Major release


I'm glad to announce major release (community version)  of Hook Analyser 3.1. In this build, significant changes have been made to static malware analysis (option #3) and Cyber threat intelligence (option #6) modules, along with addition of a new module - batch analysis (option #7).

Following are key changes made - 
  1. (Major Improvements) Cyber threat intelligence module -
    1. (Added) : New dashboard - which includes 
      1. Global threat-landscape  
      2. Keyword based malware intelligence 
      3. IP based intelligence.
    2. (Added) : IP based intelligence output in XML format
    3. (Reference) : Videos - 

  2. (Moderate Improvements) Static malware analysis module - 
    1. (Added) : Signed file/malware detection and certificate extraction
    2. (Modified) :  Deep detection signatures improved
    3. (Added) : Output in XML format
  3. (Moderate Improvements) Other bug fixes
  4. (Minor Addition) Batch analysis module - Perform static analysis on all files in a directory.
As you'd noticed from above, there is an "exclusive" version of the software- with additional features on Cyber threat intelligence module, which includes -

  1. Keyword based search analysis
  2. "Unlimited" IP addresses and keywords analysis (instead of 1 - in community version) - through additional sources on the Internet 
  3. Keywords based search intelligence module (in concert with above item #2)  - Demo 1 and Demo 2
Important note - The software shall only be used for "NON-COMMERCIAL" purposes. For commercial usage, written permission from the Author must be obtained prior to use.

If you're interested, feel free to write back on - 

Download the software here

For quick guide or how-to document, click here

Thank you.

Saturday, May 3, 2014

Internet Explorer , Adobe Flash Player, MS-Office and Java Vulnerabilities - Used/Leveraged on Malware Attacks / Exploits


You might be aware, I'm working on the Hook Analyser v3.1. As part of the development, I put / test certain test use cases. On this instance, I was interested to understand (and visualise) which (and how many) vulnerabilities have been exploited (by malware) for various client side applications - MS Internet Explorer, Adobe Flash Player, MS Office and Oracle Java.

Observations -

  1. MS Internet Explorer outstands as being most exploited or targeted software. This can be attributed to large market share, which makes it an attractive target.
  2. MS applications (Internet Explorer and MS Office) have been exploited more compared to Adobe Flash Player and Oracle Java.