eEye Digital Security
  • Login to the eEye Business Client Portal
  • Shop for eEye Products
  • Read the eEye Blog
  • Subscribe to eEye RSS Feeds
  • Follow eEye on Twitter
  • Follow eEye of Facebook
Resources

Research Tools

BIOT

Bypassing Incomplete Outbound TCP Connection Limit (BIOT) is utility software for Windows XP SP2 and Windows Server 2003 SP1/SP2 which bypasses the incomplete outbound TCP connection limit. BIOT overwrites the TCP/IP connection limit in kernel memory, leaving the system file unmodified.
More Information

 

BootRoot

eEye BootRoot is a project presented at Black Hat USA 2005 by researchers Derek Soeder and Ryan Permeh, as an exploration of technology that custom boot sector code can use to subvert the Windows kernel as it loads. The eEye BootRootKit is a boot sector-based NDIS backdoor that demonstrates the implementation of this technology.
More Information

 

DLLInject

DLLInject is a simple command-line utility for loading a DLL into a target process's address space, by using the CreateRemoteThread API to execute LoadLibraryA. DLLInject can also list processes and their command lines, or the DLLs loaded in a particular process.
More Information

 

Duster

Duster is the Dead/Uninitialized Stack Eraser, an injectable DLL that causes uninitialized stack and heap memory in its host process to be wiped over with a specific value. It is intended as a crude tool to assist in the run-time discovery of uninitialized memory usage problems by increasing the chances that the host process will raise an exception when a value in uninitialized memory is used. The Duster DLL activates automatically upon being loaded into a process.
More Information

 

EEREAP

The eEye Emulating Return Address Purveyor is a project presented by eEye researchers Derek Soeder, Ryan Permeh, and Yuji Ukai at Black Hat USA 2004. It showcases advanced machine code emulation technology specially designed for discovering return addresses in volatile execution environments.
More Information

 

eEye Binary Diffing Suite (EBDS)

This suite contains two tools to help automate the binary diffing process. The suite comes in especially handy for patch analysis and program update dissection.
More Information

 

eEye Radar

Radar is a PoC network analyzer that pinpoints encrypted communication across the wire using entropic analysis data modelling and network tuned capture sampling. Are there hidden, encrypted communication channels on your system phoning home? Would you like to see why using encryption alone might single you out of a crowd? Are your employees using encryption channels you do not know about? Requirements and usage notes found in the documentation.
More Information

 

Faultmon

Faultmon is a simple command-line utility that monitors exceptions within a process. Whereas a conventional debugger will display an alert and freeze execution when an exception occurs, Faultmon writes basic contextual information to stdout and allows execution to continue automatically (although it can be made to pause as well). Faultmon is useful for getting additional troubleshooting information from another user, and in conjunction with run-time vulnerability discovery.
More Information

 

Sharebot

The Sharebot application crawls the Share network, acting as a node. This allows Sharebot to collect IP addresses and file information in order to identify who is sharing data.
More Information

 

SysRQ2

SysRq is a bootable CD image that allows a user to open a fully privileged (SYSTEM) command prompt on Windows 2000, Windows XP, and Windows Server 2003 systems by pressing Ctrl+Shift+SysRq at any time after startup. It was first demonstrated at Black Hat USA 2005 by researchers Derek Soeder and Ryan Permeh as an example of applied eEye BootRoot technology. Use the "create CD from ISO image" feature of your preferred CD burning software to create a bootable SysRq CD.
More Information

 

TagBruteForcer

TagBruteForcer is a client-side security tool designed to find overflows in applications that can be opened by default within Internet Explorer. It also includes basic functionality for testing ActiveX objects or Internet Explorer itself.
More Information

 

UFuz3

UFuz3 is a binary file fuzzer focused on finding integer overflow vulnerabilities. This tool can audit any application which loads a binary file such as Windows Media player, Microsoft office, etc.
More Information

Next Steps

Free Trial
Test drive an eEye product
On-demand Demo
See an online product tour
One-on-one Demo
Schedule a personalized tour
Compare Products
See side-by-side features
Buy Now
Go to eEye product store
Contact | Site Map | Privacy | Website Feedback | 1.866.339.3732
© 1998 – 2012 eEye Digital Security. All rights reserved.