Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews


LINUX CATEGORIES:



GLOBAL PAGES >>
NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
WEEK'S BEST
  • Linux Kernel 3.9.3 / 3....
  • LibreOffice 3.6.6 / 4.0.3
  • MPlayer 1.1.1
  • systemd 204
  • Arch Linux 2013.05.01
  • Blender 2.67
  • KDE Software Compilatio...
  • CrunchBang Linux Stable...
  • Elementary OS 0.1 / 0.2...
  • SystemRescueCd 3.6.0
    		•
    Home > Linux > Programming > Debuggers

    Fakebust 0.02b
    Download button

    No screenshots available
    Downloads: 393  View global page NEW!  Tell us about an update
    User Rating:
    Rated by:    		 Good (3.4/5)
    18 user(s)
    Developer:

    License / Price:

    Last Updated:

    Category:         		Michal Zalewski | More programs
    LGPL / FREE
    March 1st, 2007, 03:05 GMT
    ROOT / Programming / Debuggers

     Read user reviews (0)  Refer to a friend  Subscribe

    Fakebust description

    Fakebust provides a malicious exploit discriminator.

    Fakebust provides a malicious exploit discriminator.

    Fakebust is a program that assists with the rapid assessment and supervised execution of potentially malicious programs such as exploits or utilities of unknown origin, programs recovered during OS forensics, or acquired from a honeypot.

    Fakebust is there to provide an ugly but viable compromise between extensive
    analysis and blind execution. It is an interactive "bounding box" debugger,
    under which the program is allowed to run for as long as certain boundary
    I/O conditions are not violated.

    Whenever the program attempts to gain access to a new, security-relevant resource, or tries to otherwise extend its permissions to a degree that would affect the system, the code is stopped, and the user is presented with an informative description and a choice what to do next. Typical choices are:

    - Deny the request and abort the program - typically picked as soon as
    you conclude it is malicious,

    - Permit the program to perform action once - picked once the request
    is deemed to be justified, and the resource does not yield any
    undesirable information,

    - Permit this and future access of this type to this resource - when
    accesses to a file or connections to a host are expected to recur,

    - Deny the request, but do not abort the program; the syscall will
    not execute, and a value closest to "success" will be passed back to
    the program as a simulated result. A good option whenever it is
    apparent that the program is misbehaving, but it is not clear yet what
    its goal is.

    In other words, under fakebust, you can finally run the elusive Apache 0-day
    exploit and be automatically warned if it attempts to execute shellcode
    locally rather than remotely, or attempts to dial a host in China with your
    /etc/passwd in hand; or attempts to write to /etc/ld.so.preload; fiddles
    with /dev/kmem, etc. You will be able to stop an undesirable action before
    it is carried out.

    What's New in This Release:

    · proper handling of sigreturn;
    · payload dumps on sendto/recvfrom.



    Product's homepage

      


    TAGS:

    		 assists assessment | supervised execution | malicious programs | Fakebust | assists | assessment

    Go to top

    WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

    SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
    © 2001 - 2013 Softpedia. All rights reserved.
    Softpedia® and the Softpedia® logo are
    registered trademarks of SoftNews NET SRL.    		 Copyright Information | Privacy Policy | Terms of Use