Handler on Duty: Didier Stevens
Threat Level: green
Back to Tools | Tom Liston | Rob VandenBrink | Bojan Zdrnja | Lenny Zeltser | Richard Porter | Guy Bruneau | Russ McRee
Tom Liston
Download
- GDI Scan - gdiscan.exe was written for Windows 2000 and higher. It scans the drive containing the Windows %system% directory and Looks for vulnerable versions of gdiplus.dll, sxs.dll, wsxs.dll, mso.dll and vgx.dll.
Rob VandenBrink
Online
- WhereIs Country Lookup by IP - Mass Country lookup by IPv4 or IPv6 address
- whereis started as an idea and a cludgy 4-5 line script, and ended up being pared down to a much more elegant one line script over the course of a sec504 class. Many people were involved in making it what it is now.
Bojan Zdrnja
Download
- iPhoneMap (opens in new window) - iPhoneTracker port to Linux
- Splunk for DShield (opens in new window) - The application retrieves DShield data (All Sources IPs) daily, removes leading zeroes from logs and indexes it into Splunk.
Lenny Zeltser
Online
- wascompanyhacked.com (opens in new window) - The site offers a simple way to query Twitter for search terms often associated with security incidents.
Richard Porter
Mobile
- ISC Reader (iPhone) - ISC Reader freely available in the Apple App Store
Guy Bruneau
Download
- DNS Sinkhole scripts - Contains all the necessary pre-configured files to get a BIND DNS Sinkhole setup.
Russ McRee
Download
- MIR-ROR - Motile Incident Response - Respond Objectively, Remediate (MIR-ROR) is a security incident response specialized, command-line script that calls specific Windows Sysinternals tools, as well as some other useful utilities, to provide live capture data for investigation.
