Welcome

This Blog is for Malware Researching, Reverse Engineering and System Programming

SRDF - Write your Own Security Tool

Posted by AmrThabet on 5:52 PM
Do you see writing a security tool in windows is hard?
Do you have a great idea but you can’t implement it?
Do you have a good malware analysis tool and you don’t need it to become a plugin in OllyDbg or IDA Pro?
So, Security Research and Development Framework is for you.



Abstract:
-----------
This is a free open source Development Framework created to support writing security tools and malware analysis tools. And to convert the security researches and ideas from the theoretical approach to the practical implementation.

This development framework created mainly to support the malware field to create malware analysis tools and anti-virus tools easily without reinventing the wheel and inspire the innovative minds to write their researches on this field and implement them using SRDF.

Introduction:
-------------
In the last several years, the malware black market grows widely. The statistics shows that the number of new viruses increased from 300,000 viruses to millions and millions nowadays.

The complexity of malware attacks also increased from small amateur viruses to stuxnet, duqu and flame.

The malware field is searching for new technologies and researches, searching for united community can withstand against these attacks. And that’s why SRDF

The SRDF is not and will not be developed by one person or a team. It will be developed by a big community tries to share their knowledge and tools inside this Framework

SRDF still not finished … and it will not be finished as it’s a community based framework developed by the contributors. We just begin the idea.

The SRDF is divided into 2 parts: User-Mode and Kernel-Mode. And we will describe each one in the next section.

The Features:
---------------
Before talking about SRDF Design and structure, I want to give you what you will gain from SRDF and what it could add to your project.

In User-Mode part, SRDF gives you many helpful tools … and they are:

· Assembler and Disassembler
· x86 Emulator
· Debugger
· PE Analyzer
· Process Analyzer (Loaded DLLs, Memory Maps … etc)
· MD5, SSDeep and Wildlist Scanner (YARA)
· API Hooker and Process Injection
· Backend Database, XML Serializer
· And many more

In the Kernel-Mode part, it tries to make it easy to write your own filter device driver (not with WDF and callbacks) and gives an easy, object oriented (as much as we can) development framework with these features:

· Object-oriented and easy to use development framework
· Easy IRP dispatching mechanism
· SSDT Hooker
· Layered Devices Filtering
· TDI Firewall
· File and Registry Manager
· Kernel Mode easy to use internet sockets
· Filesystem Filter

Still the Kernel-Mode in progress and many features will be added in the near future.

Source Code: http://code.google.com/p/srdf
Facebook Page: http://www.facebook.com/SecDevelop


JOIN US ... just mail me at: amr.thabet[at]student.alx.edu.eg

The Art of Win32 Shellcoding

Posted by AmrThabet on 1:31 PM

The Art of Win32 Shellcoding published in December 2011 in Hackin9 Exploiting Software

now the article published in CodeProject

http://www.codeproject.com/Articles/325776/The-Art-of-Win32-Shellcoding

SRDF Design - White Paper

Posted by AmrThabet on 1:04 PM

I begin publishing the The Design and The Framework in Brief ... I hope you read it

http://www.mediafire.com/?ymb1n9e6yb1en36

I'm waiting for your comments on it on my mail: amr.thabet[at]student.alx.edu.eg

and If you are a professional programmer and want to join ... you are more than welcome and mail me

if you want to sponsor the project and help ... we need to build a website (prefer Ruby on Rails) and mail me for more details

wait for yours

Amr Thabet

Security Research and Development Framework (SRDF)

Posted by AmrThabet on 3:19 AM


I aim to create the first development framework to support writing security tools, malware analysis tools and penetration testing tools and support converting the security researches for the theoretical approach to a practical implementation. and it's free and open-source on windows platform.

As windows OS is widely used and not many open source applications in windows ... and very hard to create security applications in windows especially when you need to write a device driver.So I decided to create This Framework for these reasons. Open source Framework to push writing security applications in windows and push the open source on windows more.
I also aim to create a big community from security researchers ... includes many of free and open-source tools,articles and researches .... one community ... one vision ... to defend against the recent cyber threats and create a safe internet to browse.

The Framework will be divided into 2 parts ... part in kernel-mode and a part in user-mode.
This Framework will help you in writing inside the kernel-mode ... and gives also gives you tools inside the user-mode.

Note: it's not a competitor to Metasploit ... Metasploit is an Exploit Development Framework ... created for exploits only.
It's not competitor to WinPcap .... Winpcap will be a part of it .... you will have two libraries ... WinPcap and another library in kernel-mode and user-mode ... and their will be many other tools inside ... winpcap will be just a part of it.




Win32 Shellcode Writing - Hackin9 Exploiting Software

Posted by AmrThabet on 3:26 PM
Hello

I finished my new article "Shellcode: From a Simple Bug to OS Control"

it will be posted in the next issue of Hackin9 Exploiting Software

that's the sources of the article

http://www.mediafire.com/?gpbv7ct3qjn4yu9

don't forget to download it

Amr Thabet

Stuxnet Malware Analysis Paper - on CodeProject

Posted by AmrThabet on 9:45 PM
Hello Everyone

Today ... I'm celebrating the release of My article "Stuxnet Malware Analysis Paper"

I finished this article at the middle of june 2011 but due to some problems I published it today at this link
http://www.codeproject.com/KB/web-security/StuxnetMalware.aspx

I hope you enjoy it

Amr Thabet






Speaker at University of Sydney

Posted by AmrThabet on 1:51 PM
I spoke in the University of Sydney in CISS6011 Special Topic: Cybersecurity

about "Stuxnet as a Case Study"

it's not a very advanced presentation and that's related to the level of students in the cyber security field

I hope you enjoy it