Skip to main content


Showing posts from August, 2013

Microsoft Windows 2000 IIS 5.0 IPP Vulnerability

Exploit Microsoft Windows 2000 IIS 5.0 IPP ISAPI Vulnerability Click Here  To Download 

Install And Configure Yara

Step1: To Install YARA on Ubuntu we need the PCRE and some libraries first:   sudo apt-get install libpcre3 libpcre3-dev   Then we start downloading the YARA source code: $ wget  $ wget Step2:  Compile and install yara on your linux box.   a) cd yara-1.4     chmod +x -R /root/Desktop/yara-1.4/*    ./configure     make     make check     make install  b) cd ..     cd yara-python-1.4     python install Step 3: C onvert clamav database to yara sigtool -u /var/lib/clamav/main.cvd                                     // decompress the database python -f main.ndb -o clamav.yara    // convert clamav to yara Step 4: For packing signature(PEID tool uses these signature to detect type of packing) go to this site and copy pa

Clamav Tutorial

Install Clamav And Create Signatures   Step1: Install clamav in ubuntu by following simple steps given below: Edit /etc/apt/sources.list and add a line like this to it: deb lenny/volatile main contrib non-free Then run apt-get update &&  apt-get install clamav If you need clamd, you may also want to run   apt-get install clamav-daemon Step2: CVD (ClamAV Virus Database) is a digitally signed container that includes signature databases in various text formats. The header of the container is a 512 bytes long string with colon separated fields: ClamAV-VDB:build time:version:number of signatures:functionalitylevel required:MD5 checksum:digital signature:builder name:build time (sec) sigtool --info displays detailed information about a given CVD file: Signature formats: MD5 The easiest way to create signatures for ClamAV is to use MD5 checksums, however this method can be only used against static malware. MD5, PE section b