Discussion on Binwal and zBang Security tools

Binwalk and zBang are useful tools which provides comprehensive security features. The security is a big concern with the recent rise in use of IoT devices. Each of these devices use its own custom firmware. Binwalk is useful for scanning firmware, file extraction, entropy analysis and string search. It can also filter by CPU architecture, instructions and include and exclude filter. Binwalk is specifically designed to identify files and code embedded inside of firmware images. Binwalk helps in finding vulnerabilities of these firmware. Binwalk uses a custom magic signature file which holds signatures for files that are normally found in firmware images which include compressed files, Linux, kernels, firmware headers, filesystems, bootloaders, etc. Binwalk can also identify interesting sections of data by using entropy analysis and going deeper into the firmware. zBang is a risk assessment tool for improving the security of your network. It can be used for Privileged Account Threat Detection on a scanned network. It is useful for organizations and red teamers because they can use it to identify potential attack vectors thus improving their network security. zBang is specifically useful for identifying risks associated with privileged accounts. zBang comes with a Graphic User interface (GUI) for analysing the results. The tool uses multiple scanning modules which include ACLight scan, Skeleton Key scan, SID History scan, Risky SPNs scan and Mystique scan. zBang helps in identifying most privileged accounts. It also protects against Skeleton Key malware. It also helps in discovering hidden privileges in domain accounts. zBang also protects against credential theft of Domain admins and identifies risky Kerberos delegation configuration in the network. zBang is fast and easy to use and doesn’t require any special privileges over the network. zBang only requires the domain controller for executing LDAP queries. zBang will take seven minutes to execute a 1000 user account network. It is a useful tool for organizations to protect their privileged accounts.