ratNetw0rk Statistik


Steganos Konto-Ticker 2012
Mit Steganos Konto-Ticker 2012 überwachen Sie einfach und bequem Ihre Bankkonten. Ganz automatisch werden Sie über eingehende Zahlungen, Abbuchungen und Lastschriften informiert. So haben Sie jederzeit im Blick, was auf Ihrem Bankkonto passiert und können bei unberechtigten Abbuchungen sofort handeln. Dieser zusätzliche Schutz für Ihre Konten kostet Sie keinen Cent, denn Steganos Konto-Ticker ist Freeware!

BotHunter is the first, and still the best, network-based malware infection detection system out there. It tracks the two-way communication flows between your computer(s) and the Internet, comparing your network traffic against an abstract model of malware communication patterns.(1) Its goal is to catch bots and other coordination-centric malware infesting your network, and it is exceptionally effective.

BotHunter will help you catch malware infections that go regularly undetected by antivirus systems and completely ignored by traditional intrusion detection systems. Let's find out who really owns your network.

PCs unterliegen der ständigen Bedrohung durch Viren, Spyware und Identitätsdiebstahl. Jeden Tag ist Ihr Computer neuen Gefahren ausgesetzt. Diese Bedrohungen werden immer schneller, lassen sich immer schwieriger aufhalten und sind traditionellen Antivirus-Programmen immer einen Schritt voraus.

Kann Ihre Antivirus-Software auch Malware-Bedrohungen erkennen, die erst vor wenigen Stunden entwickelt wurden? In den meisten Fällen nicht! Sie weiß nämlich noch gar nicht, dass sie überhaupt existieren! Die ActiveDefense-Technologie von ThreatFire ist aber dazu in der Lage. Im Vergleich mit traditionellen Antivirus-Programmen bietet sie einen um 243% besseren Schutz. Siehe die folgende Tabelle.

Norton AntiBot
Symantec hat seine Produktpalette um den proaktiven Scanner "Norton AntiBot" erweitert. Mit Hilfe der verhaltensbasierten Analyse will der Sicherheitsanbieter der Flut neuer Malware entgegentreten.

Der Schutzbefohlene behält sämtliche laufende Prozesse rund um die Uhr im Auge und ist im Idealfall mit klassischen Virenscannern zu kombinieren.

Malicious software called Bots can secretly take control of computers and make them participate in networks called “Botnets.” These networks can harness massive computing power and Internet bandwidth to relay spam, attack web servers, infect more computers, and perform other illicit activities.

Security experts believe that millions of computers have already joined Botnets without the knowledge of their owners. By using remotely-controlled computers, the criminals in charge of the Botnets try to remain anonymous and elude authorities seeking to prosecute them.

RUBotted monitors your computer for suspicious activities and regularly checks with an online service to identify behavior associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer.

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

Ebfe's Anti-B00TKIT Projekt
Ein Bootloader/eine Bootdisk. Damit kann man den Rechner hochfahren, die Master
Boot Record Einträge der Festplatten auslesen, deren CRC-16 und SHA1 Prüfsummen
anzeigen und von der ausgewählten Festplatte weiterbooten.

Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and over 270,000 registered users, Snort has become the de facto standard for IPS.

FileInsight hat Funktionen zu Auswertung von Dateien und Webseiten wie Hexeditor, Decoder, JavaScript-Analyse. Zudem zeigt es bei geladenen Dateien, welche Funktionen es aufruft.

Browser Defender™ Website Safety Lookup
Web sites are tested for what we believe are excessive pop-ups, "phishing" and other fraudulent practices, and browser exploits. Downloads are tested for viruses and bundled adware, spyware or other possibly unwanted programs.

Rishi is a botnet detection software, capable of detecting hosts infected with IRC based bots by passively monitoring network traffic. A webinterface provides additional information to found incidents.

Infiltrator v0.1
For those of you interested in little helpful tools, i uploaded my infiltrator script for quick and dirty botnet monitoring. There is no documentation available right now but usually a questionmark in front of a command gives some hints (e.g. ? show all).

Fluxy is a toolset to support detection of fast-flux domains used by fast-flux botnets. The toolset includes the library, the command-line tool, and FireFox plugin.

Wireshark (früher als Ethereal bekannt) ist ein beliebtes Tool zur Netzwerk-Analyse.

Windows Sysinternals
The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Microsoft acquired Sysinternals in July, 2006. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications. If you have a question about a tool or how to use them, please visit the Sysinternals Forum for answers and help from other users and our moderators.

Netjini Plus Traffic Analyzer
Network Traffic Analyser, Network Traffic Monitoring and Network Monitoring solution. Sniff and decode Network traffic. Network monitor, protocol analyzer and packet sniffer never made as easy as this.

ettercap by alor, lordnaga
Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.

EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.

Cain & Abel
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.

JODE is a java package containing a decompiler and an optimizer for java. This package is freely available under the GNU GPL. New: The bytecode package and the core decompiler is now under GNU Lesser General Public License, so you can integrate it in your project.

Malzilla: Malware hunting tool
JohnC from Malware Domain List says:
"Web pages that contain exploits often use a series of redirects and obfuscated code to make it more difficult for somebody to follow. MalZilla is a useful program for use in exploring malicious pages. It allows you to choose your own user agent and referrer, and has the ability to use proxies. It shows you the full source of webpages and all the HTTP headers. It gives you various decoders to try and deobfuscate javascript aswell."

Enhanced Mitigation Experience Toolkit v2.0
The enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system.

Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc.

Security mitigation technologies are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows users to manage these technologies on their system and provides several unique benefits:

1. No source code needed: Until now, several of the available mitigations (such as Data Execution Prevention) have required for an application to be manually opted in and recompiled. EMET changes this by allowing a user to opt in applications without recompilation. This is especially handy for deploying mitigations on software that was written before the mitigations were available and when source code is not available.

2. Highly configurable: EMET provides a higher degree of granularity by allowing mitigations to be individually applied on a per process basis. There is no need to enable an entire product or suite of applications. This is helpful in situations where a process is not compatible with a particular mitigation technology. When that happens, a user can simply turn that mitigation off for that process.

3. Helps harden legacy applications: It’s not uncommon to have a hard dependency on old legacy software that cannot easily be rewritten and needs to be phased out slowly. Unfortunately, this can easily pose a security risk as legacy software is notorious for having security vulnerabilities. While the real solution to this is migrating away from the legacy software, EMET can help manage the risk while this is occurring by making it harder to hackers to exploit vulnerabilities in the legacy software.

4. Ease of use: The policy for system wide mitigations can be seen and configured with EMET's graphical user interface. There is no need to locate up and decipher registry keys or run platform dependent utilities. With EMET you can adjust setting with a single consistent interface regardless of the underlying platform.

5. Ongoing improvement: EMET is a living tool designed to be updated as new mitigation technologies become available. This provides a chance for users to try out and benefit from cutting edge mitigations. The release cycle for EMET is also not tied to any product. EMET updates can be made dynamically as soon as new mitigations are ready

The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques. These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use. The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques.