Showing posts with label Cryptography. Show all posts
Showing posts with label Cryptography. Show all posts

Android Privacy Guard v1.0.8 - OpenPGP for Android

Labels:
, , , , ,

There's no public key encryption for Android yet, but that's an important feature for many of us. Android Privacy Guard is to manage OpenPGP keys on your phone, use them to encrypt, sign, decrypt emails and files.
Android Privacy Guard v1.0.8 OpenPGP for Android

Change log v1.0.8
  • HKP key server support
  • app2sd support
  • more pass phrase cache options: 1, 2, 4, 8 hours
  • bugfixes


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Tuesday, October 23, 2012  

Volatility 2.2 Released - Introduced Linux support (Intel x86, x64)

Labels:
, , , , , ,

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

Windows Basic

  • Current date, time, CPU count, CPU speed, service pack
  • Current thread and idle thread
  • Addresses of the KDBG, KPCR, DTB, PsActiveProcessHead, PsLoadedModuleList, etc

Processes

  • List active processes (column or tree view)
  • Scan for hidden or terminated _EPROCESS objects (using pool tags or _DISPATCHER_HEADER)
  • Enumerate DLLs in the PEB LDR lists
  • Rebuild/extract DLLs or EXEs to disk based on name, base address, or physical offset
  • Print open handles to files, registry keys, mutexes, threads, processes, etc
  • List security identifiers (SIDs) for processes
  • Scan for cmd.exe command history and full console input/output buffers
  • List process environment variables
  • Print PE version information from processes or DLLs (file version, company name, etc)
  • Enumerate imported and exported API functions anywhere in process or kernel memory
  • Show a list of virtual and physical mappings of all pages available to a process
  • Dump process address space to disk as a single file
  • Analyze Virtual Address Descriptor (VAD) nodes, show page protection, flags, and mapped files
  • Represent the VAD in tree form or Graphviz .dot graphs
  • Dump each VAD range to disk for inspecting with external tools
  • Parse XP/2003 event log records

Kernel Memory

  • List loaded kernel modules and scan for hidden/unloaded module structures
  • Extract PE files including drivers from anywhere in kernel memory
  • Dump the SSDT for all 32- and 64-bit windows systems
  • Scan for driver objects, print IRP major function tables
  • Show devices and device tree layout
  • Scan for file objects (can show deleted files, closed handles, etc)
  • Scan for threads, mutex objects and symbolic links

GUI Memory

  • Analyze logon sessions and the processes and mapped images belonging to the session
  • Scan for window stations and clipboard artifacts (clipboard snooping malware)
  • Scan for desktops, analyze desktop heaps and attached GUI threads
  • Locate and parse atom tables (class names, DLL injection paths, etc)
  • Extract the contents of the windows clipboard
  • Analyze message hooks and event hooks, show the injected DLL and function address
  • Dump all USER object types, pool tags, and flags from the gahti
  • Print all open USER handles, associated threads or processes, and object offsets
  • Display details on all windows, such as coordiates, window title, class, procedure address, etc
  • Take screen shots from memory dumps (requires PIL)

Malware Analysis

  • Find injected code and DLLs, unpacker stubs, and decrypted configurations, etc
  • Scan process or kernel memory for any string, regular expression, byte pattern, URL, etc
  • Analyze services, their status (running, stopped, etc) and associated process or driver
  • Cross-reference memory mapped executable files with PEB lists to find injected code
  • Scan for imported functions in process or kernel memory (without using import tables)
  • Detect API hooks (Inline, IAT, EAT), hooked winsock tables, syscall hooks, etc
  • Analyze the IDT and GDT for each CPU, alert on hooks and disassemble code
  • Dump details of threads, such as hardware breakpoints, context registers, etc
  • Enumerate kernel callbacks for process creation, thread creation, and image loading
  • Display FS registration, registry, shutdown, bugcheck, and debug print callbacks
  • Detect hidden processes with alternate process listings (6+ sources)
  • Analyze kernel timers and their DPC routine functions

Networking

  • Walk the list of connection and socket objects for XP/2003 systems
  • Scan physical memory for network information (recover closed/terminated artifacts)
  • Determine if listening sockets are IPv4, IPv6, etc and link to their owning processes

Registry

  • Scan for registry hives in memory
  • Parse and print any value or key cached in kernel memory, with timestamps
  • Dump an entire registry hive recursively
  • Extract cached domain credentials from the registry
  • Locate and decrypt NT/NTLM hashes and LSA secrets
  • Analyze user assist keys, the shimcache, and shellbags
  • Crash Dumps, Hibernation, Conversion
  • Print crash dump and hibernation file header information
  • Run any plugin on a crash dump or hibernation file (hiberfil.sys)
  • Convert a raw memory dump to a crash dump for opening in !WinDBG
  • Convert a crash dump or hibernation file to a raw memory dump

Miscellaneous

  • Link strings found at physical offsets to their owning kernel address or process
  • Interactive shell with disassembly, type display, hexdumps, etc


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Wednesday, October 03, 2012  

MultiObfuscator 2.00 - Professional cryptography tool

Labels:
, , ,

MultiObfuscator is a professional cryptography tool.
MultiObfuscator Screenshot

  • HW seeded random number generator (CSPRNG)
  • Deniable cryptography
  • Up to 256Mb of secret file (binary mode)
  • Up to 256Kb of secret text (text/email mode)
  • Whitening selection level
  • Modern multi-cryptography (16 algorithms)
  • Multi-layered data obfuscation (4 passwords)
  • Chi-squared cryptanalysis resistance
Unique layers of security and obfuscation

  • 256bit+256bit symmetric-key cryptography with KDF4 password extension
  • 256bit symmetric-key data scrambling (CSPRNG-based shuffling)
  • 256bit symmetric-key data whitening (CSPRNG-based noise mixing)
  • Adaptive Chi-squared correction

MultiObfuscator is a professional cryptography tool, with unique features you won't find among any other free or commercial software. MultiObfuscator is 100% free and suitable for highly sensitive data storage and transmission. Let's take a look at its features.

Layers of security : Data is encrypted (1), scrambled (2) and whitened (3).

  • Layer 1 - Modern multi-cryptography : A set of 16 modern 256bit open-source cryptography algorithms (chosen from AES Process [1997-2000],NESSIE Process [2000-2003] and CRYPTREC Process [2000-2003]) has been joined into a doublepassword multi-cryptography algorithm (256bit+256bit) : AES / Anubis / Camellia / Cast-256 / Clefia / FROG / Hierocrypt3 / Idea-NXT / MARS / RC6 / Safer+ / SC2000 / Serpent / Speed / Twofish / Unicorn-A
  • Layer 2 - CSPRNG based scrambling : Encrypted data is always scrambled to break any remaining stream pattern. A new cryptographically secure pseudo random number generator (CSPRNG) is seeded with a third password (256bit) and data is globally shuffled with random indexes.
  • Layer 3 - CSPRNG based whitening : Scrambled data is always mixed with a high amount of noise. A new CSPRNG is seeded with a forth password (256bit) and data is bit-by-bit split according to a random permutation.
  • Extra security - Deniable cryptography : Top secret data can be protected using less secret data as a decoy.

  • Source code : This program can be considered as a simple Windows GUI to the libObfuscate system-independent open-source library. Users and developers are absolutely free to link to the core library (100% of the cryptography & obfuscation code), read it and modify it.


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Sunday, July 22, 2012  

Subscribe to: Posts (Atom)