0 Members and 1 Guest are viewing this topic.
Joebox 1.3.0 (released 07.03.2009)- Changed behaviour format from xml to easy parsable csv- Handle data is extracted seperatly, improves integrity- Added possiblity to hook gui function (for instance NtUserSetWindowsHookEx)- Number of hooked system calls increased from 15 to 166 - All parameters are extracted- Parameter data are hashed, leads to quick comparison possibilites- Added thread data to calls- Added paremeter meaning data (for instance FILEACCESSMASK ULONG IN 1)- Added new parameter to hooking config to influence side channel detection- Added an anti unhook techniques- Improved side channel (code injection) detection- Improved exception handling in kernelmode- Reimplemented the whole abstraction tool- Abstraction tool is now platfrom independ- Added mutant behaviour data to report- Added open process/threads behaviour data to report- Added possiblity to change static driver settings- Added antivirus labeling- Created a portable joebox version- Portable version is able to analyse automatically exe,pif,cmd,bat,scr,com,pdf,html,msi,url,cab files- Improved robustness of client-server communication by adding finate state machines- Added a simple ping-pong protocol for checking analysis machine status- Changed data transfer mechanism from ftp to samba- Fixed various performance problems (extraction and abstraction)- Fixed various deadlock problems- Added various configuration settings- Changed complete architecture from monolitic to controller based- Improved the whole design- Removed restore solution deep freeze- Added pxe imaging solution fog- Developped a secure ring0 hashmap- Developped a secure ring0 linkedlist- Reimplement whole diff tool- Improved diff tool performance
what is it?
Topic: JoeBox new release . (Read 5911 times)
