Google App which mirrors back the Http request received, great for debugging and testing. Supports GET, PUT and POST verbs, will display the URL parameters and the body received if present. Supports https as well.
Applet to remove Personally Identifiable Information from IE and Windows.
Applet to browse the sqllite cookies database used by Chrome.
Next generation Key Logging utility. See ReadMe.txt for details, here are some highlites:
- Uploads encrypted key logs to News Server and News Group of your choosing. - Allows one to peruse logs from anywhere NNTP postings can be read. - Easy to use decryption tool, allows copy and pasting of encrypted news posting to convert to plaintext. - Entirely configurable, you can set Google alerts to subject line of your choosing for near realtime notifications
Can be used as a COFEE (Computer Online Forensic Evidence Extractor) Add-on , or stand-alone. See page 22 of the "User Guide for COFEE v112.pdf" where how to Add a tool is described.
Much of COFEE's output is 'who-am-I' like data. Espresso on the other hand, allows an investigator to very quickly pick up potentially incriminating data from a computer, by pinpointing those file locations most susceptible to contain incriminating information.
If a PC cannot be brought back to a forensics lab, yet can be accessed for even a brief period of time, running Espresso may yield some high value information.
How come IE is the only app running in Low Integrity mode on Vista?
This tool allows you to run any application in a very restrictive environment.
I use a combination of low Integrity Level along with SAFER_LEVELID_CONSTRAINED to severely limit what an application can do on your PC.
Network Impact Tool
Network Impact Tool (NIT tool). Used to measure the added overhead of software on your PC's networking speed.
I do not know of any other tool which can measure the real impact of software, to this granularity.
This tool allows you to:
- Edit a text file with a list of domains the tool will use - Will eliminate the DNS lookup from thr equation - Use the real IE engine to actually load the web page
You can use this tool to measure differences:
- the overall response at different times of the week/day - the differences in response time when used from differing ISPs - or the differences in response time when used in different countries, etc..
Superconfigure, A Windows PC Hardening and Rejuvenating Application and SDK
Today's Anti-Virus and Anti-Spyware solutions do a good job of removing malware files, unfortunately this often leaves the machine in an unusable state (broken networking for example). That's why I wrote a small utility to re-configure Windows to a clean state, and prevent future infections by disabling common vulnerabilities.
I've designed my implementation such that the functionality is done through a Windows DLL which exports the C++ APIs, for example:
Disabling 3rd Party Tracking cookies (IE) Disabling Vulnerable ActiveX controls from running (IE, currently > 27) Disabling Malicious ActiveX controls from running (IE, currently > 863) Re-initializing the TCP/IP stack Re-initializing Winsock Catalog Disabling malicious IE Toolbars (currently > 149 known bad) Disabling malicious IE BHOs (currently > 1350 known bad) Resetting IE home page and search page Disabling automatically running applications from registry, startup folders, etc. Disabling common hooking locations for spyware (scheduled jobs, screen saver, etc.)
I have been writing Internet Security Software since 1993.
During this time I have used a number of anti malware solutions from numerous vendors, and have been exposed to most of the top Security Vendors SDKs in one form or another.