HBGary was a technology security company that made more of a name for itself in its demise than its successes. The company was founded by Greg Hoglund, a security researcher and author of books on rootkits, exploiting online games, and exploiting software, each of which I have previously read and reviewed. HBGary Federal was a subsidiary spun off to work with the government where security clearance might be needed with Aaron Barr as CEO. Barr’s tangle with Anonymous, which I recently read more details regarding in This Machine Kills Secrets, ultimately led to the company’s demise. HBGary was bought by ManTech International at the end of February, 2012 and HBGary Federal was reportedly closed.
Despite the company’s storied history, it was a technology security company first and foremost with many advanced security software tools. It provides a number of those tools for free to benefit other security researchers and students.
Inconveniently, you have to register an account with HBGary before gaining access to even the free tools. It takes about 15 minutes to receive your account information and authentication is validated with an SMS text message.
The Tools
After you receive your account details, you can sign in and download five free security tools from the company:
AcroScrub allows a network administrator to scan a network for old, vulnerable installations of Adobe Acrobat Reader. This tool requires .NET Framework 3.5.
Responder Community Edition is a free version of the company’s flagship forensic tool for in-depth RAM analysis.
FastDump is a forensically sound Windows memory dumping utility. It has a tiny footprint with forensic-minded development so its own impact on memory is as minimal as possible.
Flypaper is used for malware analysis, particularly chained malware that might string droppers, injectors, rootkits, and so on together. It prevents programs from closing and quarantines the computer from allowing network traffic so all of the malware components remain in memory for analysis. Flypaper is free for non-commercial use.
Fingerprint scans binaries to assist tracking malware’s origin based on compile time, programming language, compiler version, and other attributes. This will help a security researcher trace a developer or malware strain.
More information on all of these tools can be found at www.hbgary.com/free-tools
Once you receive your account, you can log into https://support.hbgary.com and download the files from under Product Downloads. Although many of the tools are old and haven’t been updated for a couple years, a number of them provide means to be updated or are open source. Being free, they still work well for students and others interested in learning and gaining first-hand experience with malware analysis software.