Bypassing Incomplete Outbound TCP Connection Limit (BIOT) is utility software for Windows XP SP2 and Windows Server 2003 SP1/SP2 which bypasses the incomplete outbound TCP connection limit. BIOT overwrites the TCP/IP connection limit in kernel memory, leaving the system file unmodified.
eEye BootRoot is a project presented at Black Hat USA 2005 by researchers Derek Soeder and Ryan Permeh, as an exploration of technology that custom boot sector code can use to subvert the Windows kernel as it loads. The eEye BootRootKit is a boot sector-based NDIS backdoor that demonstrates the implementation of this technology.
DLLInject is a simple command-line utility for loading a DLL into a target process's address space, by using the CreateRemoteThread API to execute LoadLibraryA. DLLInject can also list processes and their command lines, or the DLLs loaded in a particular process.
Duster is the Dead/Uninitialized Stack Eraser, an injectable DLL that causes uninitialized stack and heap memory in its host process to be wiped over with a specific value. It is intended as a crude tool to assist in the run-time discovery of uninitialized memory usage problems by increasing the chances that the host process will raise an exception when a value in uninitialized memory is used. The Duster DLL activates automatically upon being loaded into a process.
The eEye Emulating Return Address Purveyor is a project presented by eEye researchers Derek Soeder, Ryan Permeh, and Yuji Ukai at Black Hat USA 2004. It showcases advanced machine code emulation technology specially designed for discovering return addresses in volatile execution environments.
eEye Binary Diffing Suite (EBDS)
This suite contains two tools to help automate the binary diffing process. The suite comes in especially handy for patch analysis and program update dissection.
Radar is a PoC network analyzer that pinpoints encrypted communication across the wire using entropic analysis data modelling and network tuned capture sampling. Are there hidden, encrypted communication channels on your system phoning home? Would you like to see why using encryption alone might single you out of a crowd? Are your employees using encryption channels you do not know about? Requirements and usage notes found in the documentation.
Faultmon is a simple command-line utility that monitors exceptions within a process. Whereas a conventional debugger will display an alert and freeze execution when an exception occurs, Faultmon writes basic contextual information to stdout and allows execution to continue automatically (although it can be made to pause as well). Faultmon is useful for getting additional troubleshooting information from another user, and in conjunction with run-time vulnerability discovery.
The Sharebot application crawls the Share network, acting as a node. This allows Sharebot to collect IP addresses and file information in order to identify who is sharing data.
SysRq is a bootable CD image that allows a user to open a fully privileged (SYSTEM) command prompt on Windows 2000, Windows XP, and Windows Server 2003 systems by pressing Ctrl+Shift+SysRq at any time after startup. It was first demonstrated at Black Hat USA 2005 by researchers Derek Soeder and Ryan Permeh as an example of applied eEye BootRoot technology. Use the "create CD from ISO image" feature of your preferred CD burning software to create a bootable SysRq CD.
TagBruteForcer is a client-side security tool designed to find overflows in applications that can be opened by default within Internet Explorer. It also includes basic functionality for testing ActiveX objects or Internet Explorer itself.
UFuz3 is a binary file fuzzer focused on finding integer overflow vulnerabilities. This tool can audit any application which loads a binary file such as Windows Media player, Microsoft office, etc.