Category Archives: Malware Analysis

Rekall memory analysis framework for Windows, Linux, and Mac OSX

Rekall is the most complete Memory Analysis framework. Rekall provides an end-to-end solution to incident responders and forensic analysts. From state of the art acquisition tools, to the most advanced open source memory analysis framework. Rekall provides cross-platform solutions on Windows, Mac OSX, and Linux. Additionally, as stated above each operating system has it’s own memory acquisition tool provided by Rekall called pmem.

Continue reading

Cowire Honeypot Install and Setup

 

Kippo is typically the go to application for information security researchers looking to set up an SSH honeypot. Likewise the Cowire honeypot is forked from the Kippo project. I personally believe that Cowire is better than Kippo and has fixed some common issues within Kippo. Below I go through a simple instillation of Cowire on Ubuntu 14.04. Within the coming posts I will show some of the common ways attackers detect a Cowire/Kippo instance, and its short comings. Please keep in mind that I mean no disrespect to the developers of the Kippo honeypot! They have provided the most used honeypot on the internet today and have truly done a remarkable job.

Continue reading