[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] MalBox Release! A Program Behavior Analysis System!

To: Chris M <chris@xxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] MalBox Release! A Program Behavior Analysis System!
From: Henri Salo <henri@xxxxxxx>
Date: Sun, 15 May 2011 02:43:23 +0300

On Sat, May 14, 2011 at 10:55:30PM +0100, Chris M wrote:
> Not convinced.
> 
> Tried to upload a few samples, "only support EXE files" ---- no DLLs? yet
> you take URLs? only to exes?
> 
> The file I upped was a PE file. Just with a renamed extension.
> 
> Also submitted a couple of "known bad" files and got a list of tcp ports
> back.... how is this operating? _SHARED_ sandbox?
> 
> Whats it based on?
> 
> More information would be appreciated :)
> 
> -C

I can still get HTTP 500 errors easily. That service is running vulnerable 
version of Tomcat and still saying wrong TCP-connections with any scan 
url/exe-sample. JS checks aren't done in backend.

Best regards,
Henri Salo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] MalBox Release! A Program Behavior Analysis System!
  - From: 赵双
- Re: [Full-disclosure] MalBox Release! A Program Behavior Analysis System!
  - From: DFlower

References:
- [Full-disclosure] MalBox Release! A Program Behavior Analysis System!
  - From: CnCxzSec衰仔
- Re: [Full-disclosure] MalBox Release! A Program Behavior Analysis System!
  - From: Chris M

Prev by Date: Re: [Full-disclosure] MalBox Release! A Program Behavior Analysis System!
Next by Date: Re: [Full-disclosure] Sony: No firewall and no patches
Previous by thread: Re: [Full-disclosure] MalBox Release! A Program Behavior Analysis System!
Next by thread: Re: [Full-disclosure] MalBox Release! A Program Behavior Analysis System!
Index(es):
- Date
- Thread