Projects @ SecLab

Projects and Software

AntiPhish and Antiphish IE
AntiPhish is a Mozilla [Firefox] browser extension that aims to protect users against spoofed web site-based phishing attacks. To this end, AntiPhish tracks the sensitive information of a user and generates warnings whenever the user attempts to give away this information to a web site that is considered untrusted. The idea has been also ported to the Internet Explorer.
Anubis: Analyzing Unknown Binaries
Anubis is TTAnalyze's sucessor. It shares the same code base but has been improved in all aspects. Moreover, we have built a web-interface around it and are providing an online malware analysis service. Submit your Windows executable and receive an analysis report telling you what it does.
Wepawet
WEPAWET is a service for detecting and analyzing web-based malware. It currently handles Flash and JavaScript files. WEPAWET runs various analyses on the URLs or files that you submit. At the end of the analysis phase, it tells you whether the resource is malicious or benign and provides you with information that helps you understand why it was classified in a way or the other.
Virtual 802.11 Fuzzing
Virtual 802.11 fuzzing enables to overcome many obstacles by providing a framework to test wireless communication software (typically a device driver) inside a virtual environment (our implementation is based on Qemu).
FastCookie
Fastcookie is a simple Mozilla browser extension that allows to quickly enable and disable cookies. Whenever cookies are deactivated, all cookies that are stored on your computer are all automatically deleted.
F-SPAN
F-SPAN is an utility which tries to extract the names, types, and sets of possible values for the parameters that are passed to a web application. F-SPAN analyzes PHP files, since PHP is arguably the most popular web programming language as of today. The gained knowledge can then be used during the training phase of a anomaly-based IDS.
NoForge
NoForge is a server-side proxy for the dynamic prevention of cross-site request forgery attacks (also known as XSRF, CSRF, or Session Riding). In contrast to manual protection techniques, NoForge is an automatic solution to the problem, and does not require extensive changes to the source code of the protected application.
NoMoXSS
NoMoXSS (no more XSS) is an extension to the Firefox web browser (and its JavaScript engine) to track the use of sensitive information such as cookies by JavaScript programs on the client. Cross-site scripting (XSS) attacks are prevented by blocking the transfer of sensitive information to third parties.
Noxes
Noxes is, to the best of our knowledge, the first client-side solution to mitigate cross-site scripting attacks. Noxes acts as a web proxy and uses both manual and automatically generated rules to mitigate possible cross-site scripting attempts. Noxes effectively protects against information leakage from the user's environment.
Pixy
Pixy is a static analyzer that scans PHP source code for cross-site scripting vulnerabilities. It can be used by Web developers for performing fast and automated security reviews of their applications.
SecuBat
SecuBat is a generic and modular web vulnerability scanner framework that, similar to a port scanner, automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities using a black-box approach. Through its framework character, SecuBat enables the development and execution of arbitrary new attack plugins.
TTAnalyze
TTAnalyze is a tool for analyzing the behavior of Windows PE-executables with special focus on the analysis of malware. To this end, the binary executable is run in an emulated environment and its (security-relevant) actions are monitored. This makes it the ideal tool for quickly getting an understanding of the purpose of an unknown binary.
TQAna
TQAna is an offline dynamic analysis tool to classify unknown BHOs (i.e., Internet Explorer plugins) according to their behavior as benign or malicious (i.e., Spyware). The focus on spyware that is implemented as BHOs is justified by the fact that the large majority of spyware has a component based on this technology.


Last Modified: Mon Apr 20 09:58:23 CEST 2015


Secure Systems Lab Vienna