Latest Security News

Perl IDE -Eclips Running EPIC - Eclipse Perl Integration

Some time ,Writing a Perl script with notepad is just not enough for getting the job done.
 an excellent module + debugger for running Perl in eclipse is called EPIC .
You can download it from  HERE and integrate it with eclipse classic (HERE) .

Follow the simple installation  
Have Fun


*install Padwalker package from ppm .
*known bug in the debugger running activestate perl :
change a line in the cwd.pm and remove the "eval" in line 758:
 if (eval 'defined &DynaLoader::boot_DynaLoader') {



McafeeQuarantineExtractor1.1 TOOL

Just finish writing the first beta tool for Auto extracting Mcafee Quarantine file 
It is written in c# and contain all the functions for upzip/xoring a bup file into a new directory for further examination.  
you can get it HERE ,just run the setup.exe and follow the install process .

SCREEN SHOTS:

  

How take out a sample from the MCAFEE quarantine folder for further examination

I wanted to take out a sample from the MCAFEE  quarantine folder on a host machine for further examination.But bad for me , I've  discovered that that only way to extract the virus is to the original place! After googling  a bit  I found out that the .bup extension is actually a 7zip archive + xor by 0X6A ! So After I downloaded the 7zip and a simple xor tool ((http://www.softpedia.com/get/Programming/Other-Programming-Files/Xor.shtml)I've got 2 file in every .bup
  ·xor.exe Details Details.txt 0X6A  
  > xor.exe File_0 file_0.xor 0X6A>

Rename File_0.xor to Original name found in Details.txt
 And the virus is ready for investigation!