CERT.at Downloads

(Summary) - Downloads

CERT.at — Thu, 24 Sep 2009 10:13:22 GMT

Downloads

In this area of our homepage we offer you material for free download. Please read the related licence agreements.

Downloads which are only available in German language will be shortly mentioned in the English area as well, but the full description and the download-link itself will only be found in the German area.

These are the available categories for downloads:

Data

Here you'll find files that contain information for the purpose of being read by machines (i.e.: configuration files).

Papers

This area contains all papers that have been published by CERT.at so far.

Press

This is the place for all material that are of typical use for the public press (i.e.: CERT.at's logo).

Software

"Open" software with its root in CERT.at's daily work will be found here, including descriptions.

(Papers) - The WOW-Effect

CERT.at — Wed, 30 Nov 2011 22:28:49 GMT

The WOW-Effect

2011/11/30

A paper about how Microsoft's WOW64 technology unintentionally fools IT-Security analysts.

Download

Publication Date

November, 30th 2011

Author

Christian Wojner

Language

English

History

You can download the full document in pdf format here.

Content

The 64-bit version of Microsoft Windows includes file-system virtualization features to run 32-bit programs. File access is transparently redirected to other directories in certain cases.

This feature can easily fool an analyst looking at a running system and can have a massive impact on infection-driven forensics, malware analysis and comparable investigations.

In the worst case this can lead to an entirely wrong interpretation of a case/situation.

While this issue is not entirely new, it is necessary to raise the IT-Security community's awareness, as some of the common tools and procedures in use need to be adapted in the presence of the files system redirector.

(Papers) - An Analysis of the Skype IMBot Logic and Functionality

CERT.at — Mon, 08 Mar 2010 13:12:20 GMT

An Analysis of the Skype IMBot Logic and Functionality

2010/03/08

An Analysis of the Skype IMBot Logic and Functionality.

Download

Publication Date

March, 08th 2010

Author

Christian Wojner, L. Aaron Kaplan

Language

English

History

You can download the full document in pdf format here.

Content

The following report analyzes the Skype Instant Messenger Bot ("Skype IMBot", a variation of the W32.Nytemare trojan) and reports our reverse engineering efforts. One peculiar aspect of Skype IMBot was the way it controlled Skype (and other Instant Messengers) - simulating user input and user keystrokes. This reminded us of a limited Turing Test: did the malware or a true user send the URL? The report covers the reverse engineering of the Skype IMbot, network logic and recommendations to CERTs, users and Skype. It closed with an outlook on further instant messenger bots.

(Papers) - Mass Malware Analysis: A Do-It-Yourself Kit

CERT.at — Wed, 14 Oct 2009 15:29:37 GMT

Mass Malware Analysis: A Do-It-Yourself Kit

2009/10/14

Theory, practice and a construction manual for an automated analysis station for malware using trivial and free instruments.

Download

Publication Date

October, 14th 2009

Author

Christian Wojner

Language

English

History

You can download the full document in pdf format here.

Content

This paper outlines the relevant steps to build up a customizable automated malware analysis station by using only freely available components with the exception of the target OS (Windows XP) itself. Further a special focus lies in handling a huge amount of malware samples and the actual implementation at CERT.at. As primary goal the reader of this paper should be able to build up her own specific installation and configuration while being free in her decision which components to use.

The first part of this document will cover all the theoretical, strategic and methodological aspects. The second part is focusing on the practical aspects by diving into CERT.at's automated malware analysis station closing with an easy to follow step-by-step tutorial, how to build up CERT.at's implementation for your own use. So feel free to skip parts.

(Papers) - Detecting Conficker in your Network

CERT.at — Thu, 17 Sep 2009 13:18:01 GMT

Detecting Conficker in your Network

2009/02/11

Description of a method to detect earlystate Conficker worm infections through blocklists fitting the needs of small and medium enterprises.

Download

Publication Date

2009/02/11

Author

Adi Kriegisch

Language

English

Download

You can download the full document in pdf format here.

Content

Conficker is a computer worm spreading on Windows operating system by mainly using a buffer overflow or the Windows Autorun feature. The worm itself does not contain malware functions but contains a routine to load such code after infection. The purpose of this article is to sketch a way to detect such a worm in a small to medium business network as early as possible so that the effects of the worm can be minimized.

(Papers) - Patching Nameservers: Austria reacts to VU#800113

CERT.at — Thu, 24 Sep 2009 10:04:43 GMT

Patching Nameservers: Austria reacts to VU#800113

2008/07/24

A report on the patch-rate of Austrian nameservers following announcement of the DNS cache poisoning vulnerabilty.

Download Original

Download Update

Publication Date

July, 24th 2008

Authors

Otmar Lendl and L. Aaron Kaplan

Language

English

History

You can download the full document in pdf format here.

We also published a short update on July 28th.

Content

This paper analyses the impact of the coordinated efforts to patch Austria's recursive DNS server infrastructure following the revealings of Dan Kaminsky (US-CERT VU#800113) which showed that almost all DNS servers on the Internet are vulnerable to DNS cache poisoning. CERT.at -- being run by nic.at, the Austrian domain registry -- is in a special position to be able to assess the reaction of the Austrian nameserver operators to the discovered DNS vulnerability. We analyzed the rate at which DNS servers were patched from an insecure to more secure state. The paper discusses a methodology to measure the patch level "score" of a recursive DNS server. We believe that this score methodology can be applied to cleanly discern patched from unpatched DNS servers.

We describe a methodology how a TLD operator can use his query logs to check which operators have patched their DNS resolvers according to the published advisories.

The conclusions are rather grim so far -- more than two thirds of the Austrian Internet's recursive DNS servers are unpatched while at the same time the upgrade adoption rate seems rather slow. Our findings are matched by the observations of Alexander Klink of Cynops GmbH who analyzed the results of the online vulnerability test on Dan Kaminsky's doxpara site.

We hereby present the information to the concerned public in the hope that DNS -- a central and crucial part of the Internet -- remains secure.

Our recommendation to IT system administrators is to update their recursive DNS servers immediately and check that their upgrades were successful.

(Software) - Bytehist

CERT.at — Mon, 12 Oct 2009 10:22:43 GMT

Bytehist

A tool for generating byte-usage-histograms for all types of files with a special focus on binary executables in PE-format (Windows).

Download latest Windows version

Download latest Linux version

Author

Christian Wojner

Language

English

License

ISCL

Releases	Changes
1.0 beta 1	-			x

Features

Makes byte-usage-histograms of any file of any size
Histograms are generated as sorted and unsorted diagrams
Sub-histograms for each section of binary executables (PE)
Quick overview with GUI navigation in case of sub-histograms
Percentage for the share in the total filesize for sub-histograms
Sourcerelated names for sub-histograms (= section-names in case of PEs)
Results can be saved as .jpg, .bmp and .png files
Works as GUI and also as commandline tool (for scripting purposes)

Syntax

bytehist [options file]

Executing bytehist without any parameters activates full GUI-mode.

options:	-nogui	... don't bring up any GUI
	-save file	... save histogram to given file (bmp, png or jpg)
	-h	... show a short help

Description

Statistics can be a very good method if you want to detect encrypted or packed data. Data that has been manipulated in such a way usually comes up with a very even distribution of bytes being used. In contrast normal data typically has some bytes that are used constantly, which is caused by any kind of structures. So the byte-distribution of unencrypted and unpacked clear text, database-files, ... and even executable binaries differ massevily from the encrypted and/or packed ones. By putting this "phenomenon" into a picture this difference can be easily visualized by histograms.

Examples:

The first example shows an unpacked file. In fact the source of this histogram was a log-file - so that's human readable information.
The second example roots in an usual ZIP-archive.
So as formerly said, to see the difference between them is an easy one.

Let's take a closer look at these examples. Both of them have a green and a red section. In the green section every pixel-column complies to it's positional matching bytecode and visualizes the number of occurrences in a vertical bar. In other words, a tall green bar on the most left side tells us that the byte-code 0h had lots of occurrences. And on the most right side you'll find byte-code FFh.
The red section has the same roots like the green section but this time we got all the possible byte-codes in a descending order regarding their occurrences. This makes it much easier to see the evenness.
Besides that two sections you'll also find the filename being shown on the top right corner and a percentage.

To get an understanding for what this percentage is trying to tell, let's take a look at what more bytehist can do for us. bytehist can split up histograms in sub-histograms. At the moment the most senseful situation of providing sub-histograms is when you have to deal with binary executables. Binary executables are usually internally split up in a number of sections. There are sections for containing data, code, and so on. It is a common approach that executables are being packed or/and even encrypted before they get publicly rolled out. Especially in the malware-sector encryption and packing is massively used as a kind of hurdle to hinder deep analysis through reversing (i.e.). So, in the case of a binary executable in PE format - that's the one Microsoft Windows uses - bytehist will come up with an overall-histogram as well as providing one histogram per section it found and even one for possible rest behind the last section. Regarding the percentage the overall-histogram will still say "100%" but all the others will tell the percentage of their specific share in the total filesize.

Examples:

Both of the examples have a scrollarea on the right side showing thumbs of the relating (sub-)histogram. By clicking them with the left mouse-button they can be zoomed. Once again we have firstly an unpacked and secondly a packed file, but this time, binary executables.

This feature gives a reverser the possibility to instantly find out the section that's containing (if so) packed/encrypted data.

Full examples ...

Packed data behind sections:

An UPX packed executable:

bytehist itself - unpacked:

(Software) - Minibis

CERT.at — Wed, 01 Jun 2011 14:21:18 GMT

Minibis

Software and tips to easily build up an automated malware analysis station based on a concept introduced in the paper "Mass Malware Analysis: A Do-It-Yourself Kit".

Download latest release

Author

Christian Wojner

Language

English

License

ISCL

Releases	Changes	Download
2.1 (201106011616)	Newly compiled Researcher executables because of crashes caused by a massive bug in the latest compiler
2.1 (201104201820)	Final version 2.1, see readme-file for details
2.1 beta (20101203_1)	Second open beta of version 2.1, see readme.txt for changes
2.1 beta (20101029_1)	First open beta of version 2.1, see readme.txt for changes
2.0 (29/29)	Release 2.0
2.0 beta (28/29)	Forceable quit / Recovers from crashes
2.0 beta (27/29)	Check Internet connectivity / Exit only if analysis paused
2.0 beta (25/29)	-

Stay Informed

If you are interested in the actual state and the progress of upcoming features you might want to take a look at Minibis' Twitter channel: https://twitter.com/CERTat_Minibis.

Feedback

If you encounter any issues (that also includes this textfile) even if it's just some kind of misunderstanding we'd be glad if you contact us via wojner(at)cert.at.

Important News

We have been recently informed that some of Minibis' tools are generically detected as potentially bad software by some antivirus-solutions.
After a detailed analysis of the according executables in our lab we can assure you that these detections are just false positives.
Furthermore it's not so unlikely that specific tools focused on dealing with malicious code have some similarity with the latter and are sometimes interpreted as (potentially) malicious by generic detection-methods.

Compatibility Issues

Version 2.1 is not compatible to data of older versions (<=2.0) of Minibis!

Specific Terms

Researcher
According to the classical host/guest-concept of desktop-virtualization this is the host, and furthermore the so to say "save" place in Minibis.

Proband
According to the classical host/guest-concept of desktop-virtualization this is the guest, and furthermore the so to say "dirty" place in Minibis.

Changed Defaults

Keep in Mind! It might be possible that a new Minibis version comes up with (slightly) changed defaults for the scripts. Create a new configuration-file from the in "minibis-gui" integrated/stored default-configuration and compare it with the settings of your existing configurations. Adjust them if necessary.

Read the Readme

Any new version of Minibis comes along with a readme-file which has very detailed information regarding the changes that have been made.
Furthermore the older readmes are also provided as historical information.

Background
Installation Guide
Configuration Guide
One Loop-Cycle
Scripting of Common Tools and Tasks
Screenshots

Background

For detailed information on the underlying concept we recommend you read our paper "Mass Malware Analysis: A Do-It-Yourself Kit".

Installation Guide

As a Minibis installations includes commercial software it is not possible for us to provide a complete installation-package. The following step-by-step guide will lead you through the configuration of a typical Minibis environment.

Select the (physical) machine you like to be the home of your Minibis environment.
Install the latest version of Ubuntu (32 bit) on it.
Install proftpd (via "apt-get install proftpd" and choose servermode).
If not already installed install zip (via "apt-get install zip").
Create a user "minibis" and do not forget to give it a password.
Give your own user (the one you will start "minibis-cpr" from) full permissions to the home of "minibis" and verify that you can read, write, and delete in it (i.e. by adding your user to the group "minibis" and add writing-permission on /home/minibis to the latter).
Download Minibis and extract the content of the folder "Researcher" to your desired folder.
Install Oracle's VirtualBox (follow the instructions on their website).
Create a new virtual machine (VM) in it using Windows XP as operating-system with a (due to issues with VBox) bridged network-interface. The default settings for the machine and the OS are fine. Disable any autoupdate features, though, as they will add noise to the monitoring-log. Furthermore disconnect any (virtual) volumes (i.e.: CD, ISO, ...) as this is necessary to prevent eventual popups like autoplay, new hardware found etc.).
Install Acrobat Reader and Flash Player (for the according sample-types to be usable).
(Optional) Install further tools you'd like to use.
Transfer "minibis-cpp.exe" to the VM's Windows desktop (eventually by downloading it from our website).
Execute "minibis-cpp.exe" in the VM and answer an eventual firewall question to NOT BLOCK this application.
On the upcoming form configure FTP-server, -user, and -password.
Click "Setup Proband" and make sure that all lines are green. If not install the regarding tool by double-clicking the according line following the instructions.
Get back to the form with the FTP-configuration and hit "Check Proband's config". This checks if everything's running smoothly.
Finally - in case of the check was OK - hit "Prepare Proband ..."
Create a VM-snapshot of this state.
Close the VM, using the option to revert to the last taken snapshot.
Bring your samples into Linux's filesystem (i.e. by mounting a CD-Rom).
Set "minibis-cpr", "minibis-gui", "postminibis", "certatpmp", and "certat.pmp" as executable (chmod +x ...).

Minibis should now be ready for configuration.

Configuration Guide

Note #1! Do never alter an configuration-file directly in an editor, use Minibis for that by clicking on the "Config"-button in the main-window.

Note #2! Use (read) the tooltips Minibis provides for nearly any form-field.

Configuration files

Minibis is (now) based on configuration-files. They are so to say project-files similar to other softwares GUIs which you can open, save, save as, and so on via the according "File"-menu. Any configuration-file should stand for a specific configuration-scenario.

".."-buttons behind fields

As usual a click on such a button brings up a tiny wizard that provides support in finding the proper value.

The "check"-button

By clicking this button the actual configuration is going to be checked for consistency. Note that in case of multiple errors each click will always come up with just one error. So make sure to re-check if you solved a problem.

Samples

... regardless if just one or a whole directory (including its subdirectories) are selected on the main-form.

Scripting

When it comes to scripting we're just talking about Bash-scripts on the Linux side and Batch-scripts on the Windows side. Any of these scripts support replacement-tokens which can be used to include specifics of the actual focused sample. Read the tooltips for further information.

Tip: You can click on the "eye"-button to see an example representation of the regarding script with all replacement-tokens substituted. This is a very convenient way to proof your scripts. Furthermore this will also provide you with some extra-information (i.e. the filesystem-location where the script will run).

Tab "General Settings"

Area "Results"

"Directory" is the path where the log-files will be stored. With the checkbox to the right you can choose if all log-files will be stored directly in this directory or if you want to store these in a more organized way by automatically creating subfolders according to the timestamp the regarding scan started.

Area "Researcher-Proband-Communications"

"FTP-Directory" is the path where the log-files will be transferred to from Proband. "Samplename" is the name that will be used for the sample at the proband. Some malware reacts to specific names, so this is the place where you can change it. Regarding "Virtual Machine" you can switch between the actually supported solutions (currently only VirtualBox) and choose the right virtual machine instance.

Area "Bugfixes for Virtual Box Commandline Client"

These are settings that help to prevent processes of VirtualBox from getting stuck. If you already have other (VBox) virtual machines running you might want to uncheck those. The first checkbox addresses stopping and the second reverting the VM.

Area "Virtual Machine Management"

Here you can specify the commands that will be used for the corresponding VM activities. The id of the VM is addressed by the replacement token %vmid%. Besides that, any of them has a timeout for hangup-prevention.

Tab "Researcher Scripting"

To let you customize the researcher side there are three events (therefore three editor-fields) that can be scripted using shell-scripting (Linux). Replacement tokens can be used to include specifics of the actual sample.

For further details when those events exactly happen, see "One Loop-Cycle".
You'll find tutorials and examples regarding scripting under "Scripting of Common Tools and Tasks".

Tab "Proband Scripting"

To let you customize the Proband's side there are two events (the two lower editor-fields) that can be scripted using batch-scripting (Windows).
The actions scripted for these two events are tied to the two editor-fields above called "Tools to transfer" and "Results to transfer ([...] to ZIP)". The first ("Tools...") is used to define (name) the tools (files) that will be copied to the Proband for use in later activities. The second ("Results...") is used to define (name) the files that will be transferred back from the Proband. If the filename is enclosed in square brackets "[...]" the file will get ZIPped into an archive after it arrives on Researcher.

Note: Since version 2.1 we recommend you to have the used tools already at the Proband in its temp-folder. You can still use the tool-transfer-box but especially in situations of mass-malware-analysis it's highly recommended to save time where you can. Furthermore having all those tools in the "right" place will lead to a more cleaned up Minibis environment.

For further details when scripting-events exactly happen and how the "Tools..." and the "Results..." are handled see "One Loop-Cycle".
More Tutorials and examples regarding scripting can be found under "Scripting of Common Tools and Tasks".

Tab "Sample-Types"

As the execution of samples itself is (now) designed in a generic way any type of sample can be thrown into Minibis as long as it's scripted right. To do so we tried to keep this act as easy as possible. However, don't be scared about the complexity of this feature, in most cases you won't have to do any adjustments to this as Minibis by default is already bundled with scripts for a lot of wellknown sample-types.

Actually Minibis can work with the following sample-types:

.exe (Windows standard executable filetype)
.dll (Windows DLLs)
.swf (Flash movies)
.pdf (PDFs)
.js (Javascript code)
URLs (Websites, etc.)

More sample-types are about to come in the future as necessary or as asked.

Besides that it's necessary to mention that for each sample any activated (by checkmark) sample-type is checked against it if it matches to start a scan according to this type of sample. Furthermore, if you have more than one sample-type that matches the actual sample you'll get one scan-run for each match. The idea behind this is to be able to create multiple sample-type-configurations for example URLs to throw them into various browsers and compare the results afterwards.

All information you need to distinguish between such cases is right in the names of the returned results. Here's the convention:

md5_of_the_sample++internal_vmid+sample_type++resultfile

Example:
b09c357a419069ccd70342419641f812++00+URL++minibis.log2

One Loop-Cycle

Assuming that the sample can be executed, this is a chronological list of all actions that can (some of them are optional) happen. It is important to understand that in this list the two components of Minibis - CPR and CPP - are described as what they really are: one logical entity. The tags (R) and (P) specify the location ((R)esearcher or (P)roband) of the action:

(R) Copy sample to FTP-path (config) as samplename (config) with the apropriate suffix according to the result of Linux' "file"-command.
(R) Execute the actions tied to event "Actions BEFORE Proband gets started" (config).
(R) Execute the command declared under "VM Management Start" (config) and wait until the triggerfile "%md5%_start.rdy" exists or the timeout for "VM Management Start" occurs. In case of the latter do the steps 14, 15, 17, 19 and return to step 3.
(P) Fetch the preference file "minibis.pref" via FTP.
(P) Fetch all tools (files) according to "Tools to transfer" (config) via FTP.
(P) Transfer back the triggerfile "%md5%_start.rdy" via FTP.
(R) Wait until a triggerfile "%md5%_ready.rdy" exists or the timeout for "CPR" (config) occurs.
Meanwhile (optionally) execute the actions tied to event "Actions WHILE Proband runs" and optionally repeat this every N seconds (see config field "every").
If the timeout occurred then continue with step 14.
(P) Execute the actions tied to event "Actions BEFORE sample gets executed" (config).
(P) Execute the actions tied to "Execution-Script" and wait until it exits or the timeout for "CPP" (config) occurs. If the sample exited wait until the additional timeout ("+") occurs.
(P) Execute the actions tied to event "Actions AFTER sample exited or time's up" (config).
(P) Transfer back all files according to "Results to transfer ([...] to ZIP)" (config) via FTP.
(P) Transfer back the triggerfile "%md5%_ready.rdy" via FTP.
(P) Exit.
(R) Execute the command declared under "VM Management Stop" (config) and wait until it exits or the timeout for "VM Management Stop" occurs.
(R) Optionally execute "Solutions for VBox bugs" column 1 (config).
(R) Execute the actions tied to event "Actions AFTER Proband got stopped" (config).
(R) Execute the command declared under "VM Management Revert" (config) and wait until it exits or the timeout for "VM Management Revert" occurs.
(R) ZIP all files surrounded with [...] according to "Results to transfer ([...] to ZIP)" (config) into the archive "%md5%.zip".
(R) Optionally execute "Solutions for VBox bugs" column 2 (config).
(R) Delete "minibis.pref" and the sample from FTP-folder.
(R) Copy all results from FTP-folder to results-folder.

Scripting of Common Tools and Tasks

This section gives you example configurations for the integration of widely used monitoring tools into Minibis.

Sysinternals Process Monitor

You can download/install the latest version of Procmon via "minibis-cpp.exe" by entering its setup (by clicking the according button) and doubleclicking on the regarding line (follow the instructions).
Extract "Procmon.exe" to the temp-folder.

Proband Scripting

Results to transfer ([...] to ZIP):

[procmon.pml]
procmon.csv
Actions BEFORE sample gets executed:

start Procmon.exe /AcceptEula /quiet /minimized /Backingfile procmon.pml
Procmon.exe /AcceptEula /WaitForIdle
Actions AFTER sample exited or time's up:

Procmon.exe /AcceptEula /terminate
Procmon.exe /AcceptEula /saveas procmon.csv /openlog procmon.pml

WinDump: tcpdump for Windows

You can download/install the latest versions of WinDump and WinPcap via "minibis-cpp.exe" by entering its setup (by clicking the according button) and doubleclicking on the regarding line (follow the instructions).
Install WinPcap and copy "WinDump.exe" to the temp-folder.

Proband Scripting

Results to transfer ([...] to ZIP):

[windump.pcap]
Actions BEFORE sample gets executed:

start WinDump.exe -i 1 -w windump.pcap -U -s 0
sleep.exe 1
Actions AFTER sample exited or time's up:

taskkill /f /im WinDump.exe
sleep.exe 1
Actions AFTER Proband got stopped:

tcpdump -n -p -r - < %sample%++windump.pcap > %sample%++windump.txt

Uncheck "After zipping"!

Creating a Screenshot

Proband Scripting

Results to transfer ([...] to ZIP):

screenshot.png
Actions AFTER sample exited or time's up:

screenshot.exe screenshot.png

Screenshots

(Data) - Conficker Worm

CERT.at — Mon, 12 Oct 2009 10:19:30 GMT

Conficker Worm

2009/02/09

Various files regarding the worm "Conficker".

all domains	... suitable for block lists (in proxies etc)
DNS named.conf file	... Bind named.conf file with all conficker domain names
sample bind zone file	... suitable for the named.conf file above.

(Press material) - CERT.at Logo

CERT.at — Wed, 22 Sep 2010 16:24:29 GMT

CERT.at Logo

CERT.at-Logo PNG-File small

CERT.at-Logo PNG-File medium

CERT.at-Logo PNG-File big

CERT.at-Logo PNG-File transparent

(Press material) - HiRes Teamphotos

CERT.at — Mon, 12 Oct 2009 10:21:10 GMT

HiRes Teamphotos

High resolution photographs of the CERT.at teammembers.

CERT.at Downloads

(Summary) - Downloads

Downloads

Data

Papers

Press

Software

(Papers) - The WOW-Effect

The WOW-Effect

Publication Date

Author

Language

History

Content

(Papers) - An Analysis of the Skype IMBot Logic and Functionality

An Analysis of the Skype IMBot Logic and Functionality

Publication Date

Author

Language

History

Content

(Papers) - Mass Malware Analysis: A Do-It-Yourself Kit

Mass Malware Analysis: A Do-It-Yourself Kit

Publication Date

Author

Language

History

Content

(Papers) - Detecting Conficker in your Network

Detecting Conficker in your Network

Publication Date

Author

Language

Download

Content

(Papers) - Patching Nameservers: Austria reacts to VU#800113

Patching Nameservers: Austria reacts to VU#800113

Publication Date

Authors

Language

History

Content

(Software) - Bytehist

Bytehist

Author

Language

License

Releases

Changes

Features

Syntax

Description

(Software) - Minibis

Minibis

Author

Language

License

Releases

Changes

Download

Stay Informed

Feedback

Important News

Compatibility Issues

Specific Terms

Changed Defaults

Read the Readme

Table of Contents

Background

Installation Guide

Configuration Guide

Configuration files

".."-buttons behind fields

The "check"-button

Samples

Scripting

Tab "General Settings"

Area "Results"

Area "Researcher-Proband-Communications"

Area "Bugfixes for Virtual Box Commandline Client"