Drosera - D2 Live Forensics pack
We are pleased to announce Drosera, the new Live Forensic pack from DSquare Security.
Drosera is the new pack of tools from DSquare Security. After spending a lot of our efforts on exploit and rootkit technologies, we decided to create a new kind of live forensics framework.
All our offensive knowledge is now also used to capture and digest hidden activities on your IT. The first release provides about 40 modules for Windows based rootkits, from hidden processes to advanced kernel modifications detection :
- Standalone, requires no installation at all (made to be used from a USB key or from a network share). [See a sample video]
- Basic checks for hidden processes, registry entries, connections, drivers. Based on top of the modules, they provide something really easy and fast to run.
- Optional interactive shell
- Most modules run on all versions of Windows (XP, 2003, Vista) both 32 and 64 bits
- Kernel detection modules are limited to XP/2003 32 bits (we are working on 64 bits compatibility)
- Generates HTML reports [See a sample report]
- Live forensics (no reboot or memory dumps)
- Does not modify anything on the system (no new files, no hooks, no registry entries, ...)
- All modules are provided with documentation
Unlike public anti-rootkit software, our framework is actively maintained based on rootkit evolution. For customized modules, please contact us at info@d2sec.com.
Cost
- One year access to Drosera - D2 Live forensics pack updates for a single user license: $4,900
Order
D2 Exploitation Pack
The D2 Exploitation Pack is a bundle of more than 220 security modules, most of which are designed
to be used with Immunity
CANVAS software. The pack is composed of tools and reliable exploits which can be used in all the
steps of a security audit:
- Recon (HTTP and WAF fingerprinting, Lotus Domino Scanner, RPC scanner, Nessus and Qualys report analyzer, ...)
- Weakness exploitation (URL and web authentication bruteforcer, weak SMB, SSH and RSH passwords exploitation, ...)
- Client side exploitation (client side exploitation automation with Client Insider, generic exploits for PDF, Java Applet, ActiveX, ...)
- Server side exploitation (0 days, exploits for multi OS - Windows, AIX, Linux, Solaris, BSD, exploits for enterprise software - Citrix, Lotus, EMC, CA, IBM, Microsoft, Cisco, ...)
- Privilege escalation (exploits for multi OS, automation for Linux kernel vulnerability exploitation, dedicated tools to easily exploit file permission weakness, ...)
- Post-intrusion (backdoors for SSH and Apache, password recovery, Citrix/TS client session compromission tool, Lotus Notes client and server compromission tool, ...)
D2 Exploitation Pack is updated each month with 5 to 10 new security modules. They are created and tuned to help security professionals during their penetration tests.
For customized exploits or tools please contact us at info@d2sec.com.
Cost
- One quarter (3 months) access to D2 Exploitation pack updates for a single CANVAS license: $2,250
- One year (4 quarters) access to D2 Exploitation pack updates for a single CANVAS license: $5,400
Order
Demo
Several video demonstrations of some tools are available here:
- D2 SQL Injection Library- [demo 1]
- D2 Qualys Report Analyzer - [demo 1]
- D2Lotus - [demo 1] [demo 2]
- D2CiTerm - [demo 1] [demo 2]
- D2 Nessus Report Analyzer - [demo 1]
- D2 Client Insider - [demo 1]
- D2 SMB MOSDEF - [demo 1]
- D2 SSH MOSDEF - [demo 1]
- D2 CMDLINE - [demo 1]