Facebook Twitter







Using WinDbg to Begin Reverse Engineering Unknown Malware from Memory June 13, 2011 3:03 am Gary Golomb Advanced Threats , code , forensics , malware , Malware Analysis , Network Forensics , network forensics , PE EXE files , Reverse Engineering , trojan Part Two in a multi-part series on holistic, multi-disciplinary analysis and reversing. The last post, “ Mutex Analysis: The Canary in the Coal Mine ,” started off showing to use mutexes to discover malware that is difficult to locate using more traditional methods and tools. Using WinDbg to Begin Reverse Engineering Unknown Malware from Memory


PwnedList About Us At PwnedList, your data is our highest priority. We use the best tools and engineering practices to build and maintain our unique approach to credential security. Our team is dedicated to protecting your identity and thwarting attempts to steal the invaluable credentials of your valued employees as well as customers.
Posted on 03 November 2011. Registry Decoder is a free and open source tool for the acquisition, analysis, and reporting of registry contents. It comes with an online acquisition component and an offline analysis component. All functionality contained within the two components is exposed to a graphical user interface, and the tool aims to provide even novice investigators with powerful analysis capabilities. Registry Decoder: Digital registry forensics Registry Decoder: Digital registry forensics
Network Security Blog Network Security Blog In the last couple of weeks Mikko Hyponnen from anti-virus company F-Secure announced that he won’t be speaking at the RSA Conference in San Francisco at the end of February. His reasoning is that the company, RSA, colluded with the NSA for a fee of $10 million in order to get a weakened version of a random number generator included in the public standards, a move that makes the whole suite of encryption standards easier to crack. As Mikko points out, RSA has not admitted to this accusation, but they haven’t denied it either.
Security Blogs
How to check if your details have been compromised How to check if your details have been compromised Ever wonder where the term "Pwned" came from? Rumour has it that is started with the game World of Warcraft (WoW), where a map designer, intending to write "the player has been owned", mistyped it as "the player has been pwned". In any case, it is widely used today to mean you have been screwed in some way.
Using Debian/Hardened SELinux — Debian SELinux Handbook v0.1
No ano que passou, os ataques cibernéticos cresceram e evoluíram. Em 2013, não vai ser diferente, segundo dizem os especialistas. A consumerização (BYOD), a cloud computing e as ameaças avançadas e persistentes provocam grandes vulnerabilidades. Mas, acredita-se que os malwares para celulares serão os grandes vilões de 2013. Blog TechBiz Forense Digital Blog TechBiz Forense Digital
Livros para quem quer aprender sobre segurança da informação Livros para quem quer aprender sobre segurança da informação por Gustavo Lima+ em 14/09/11 às 3:29 pm A editora Jonas & Bertlett lançou um conjunto de 12 livros focados em segurança da informação e altamente recomendados. Estes livros compõem a série Information Systems Security & Assurance Series, ISSA. Eu acabei adquirindo na minha última compra o Security Strategies in Linux Platforms and Applications que por sinal é excelente. Esta série de livros tem como objetivo ensinar/treinar o leitor nos principais temas que envolvem segurança da informação, para isso, a editora criou um método bem interessante, no final de cada capítulo há um questionário sobre aquilo que foi explicado. Excelente para os preguiçoso.
Google is Your Friend - If You're a Lulzer Google is Your Friend - If You're a Lulzer While the digital paparazzi were lined up waiting to snap photos of the Lulzboat crew getting vanned, some of us focused on how this collection of low tech script kiddies were able to knock over SONY, AT&T, the CIA, Arizona's DPS and numerous other sites and make off with highly confidential contents again and again. It turns out that they had an accomplice, Google. Now before the good townspeople grab their torches and pitchforks and beat a hasty path to Mountain View, let it be known that Google's part in these massive hacks isn't actually Google's fault. Or perhaps it can be if the public still wants to blame them anyway and question why this information is there on Google for the taking in the first place. But that's not really the issue at all. The blame in my opinion lies once again with the administrators of the sites which were attacked.
A Tcpdump Tutorial and Primer

A Tcpdump Tutorial and Primer

Image from tcpdump is the premier network analysis tool for information security professionals. Having a solid grasp of this über-powerful application is mandatory for anyone desiring a thorough understanding of TCP/IP. Many prefer to use higher level analysis tools such as Ethereal Wireshark, but I believe this to usually be a mistake. In a discipline so dependent on a true understanding of concepts vs. rote learning, it's important to stay fluent in the underlying mechanics of the TCP/IP suite. A thorough grasp of these protocols allows one to troubleshoot at a level far beyond the average analyst, but mastery of the protocols is only possible through continued exposure to them.
Coruja de TI Indica o Livro: The Art of Computer Virus Research and Defense [Paperback] Coruja de TI Indica o Livro: The Art of Computer Virus Research and Defense [Paperback] por Gustavo Lima+ em 29/09/11 às 8:16 am Rafael, um profissional que já trabalhou na pesquisa e no desenvolvimento de vacinas e antivírus, indicou o livro, The Art of Computer Virus Research and Defense, o qual foi base para o seu curso de pós-graduação focado na análise de Malware. Acabei encontrando-o para consulta no 4shared e dei uma boa folhada. O livro é realmente uma das melhores obras, se não for a única, que explica e ensina como analisar e criar vacinas para vírus.
por Gustavo Lima+ em 17/09/11 às 9:54 pm SSHtrix é uma daquelas ferramentas que precisam constar no seu cinto de utilidades de pentest, eles simplesmente consegue realizar login cracker multithreaded em SSHv1 e SSHv2. Simples, rápido e fantástico, essa ferramenta é muito útil na hora de realizar um teste para saber se a password utilizada para o usuário X via ssh está forte ou não. A instalação do SSHtrix não é uma das coisas mais simples, porém, eu consegui fazer um guia depois de passar alguns minutos debugando o carinha. SSHtrix - Multithreaded SSHv1 e SSH1v2 cracker