Cloud. DNS. Forensics. Honeypot. SSL. Pentest. Using WinDbg to Begin Reverse Engineering Unknown Malware from Memory. June 13, 2011 3:03 am Gary Golomb Advanced Threats , code , forensics , malware , Malware Analysis , Network Forensics , network forensics , PE EXE files , Reverse Engineering , trojan Part Two in a multi-part series on holistic, multi-disciplinary analysis and reversing.
The last post, “ Mutex Analysis: The Canary in the Coal Mine ,” started off showing to use mutexes to discover malware that is difficult to locate using more traditional methods and tools.
PwnedList. Registry Decoder: Digital registry forensics. Posted on 03 November 2011.
Registry Decoder is a free and open source tool for the acquisition, analysis, and reporting of registry contents. It comes with an online acquisition component and an offline analysis component. All functionality contained within the two components is exposed to a graphical user interface, and the tool aims to provide even novice investigators with powerful analysis capabilities. Another goal of Registry Decoder is to become the project in which all future registry-related research is performed in and developed for. New features in version 1.1 include: Home Of PaulDotCom Security Podcast. Network Security Blog. Security Blogs. How to check if your details have been compromised. Ever wonder where the term "Pwned" came from? Rumour has it that is started with the game World of Warcraft (WoW), where a map designer, intending to write "the player has been owned", mistyped it as "the player has been pwned".
In any case, it is widely used today to mean you have been screwed in some way. So there I was, perusing the web, and I found this rather interesting piece on Brian Krebs' blog called Are you on the Pnwedlist? Publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=%2Fliaai%2Fselinux%2Fliaaiselinuxstart.htm. Using Debian/Hardened SELinux — Debian SELinux Handbook v0.1. Blog TechBiz Forense Digital. Livros para quem quer aprender sobre segurança da informação. Por Gustavo Lima+ em 14/09/11 às 3:29 pm A editora Jonas & Bertlett lançou um conjunto de 12 livros focados em segurança da informação e altamente recomendados.
Estes livros compõem a série Information Systems Security & Assurance Series, ISSA. Eu acabei adquirindo na minha última compra o Security Strategies in Linux Platforms and Applications que por sinal é excelente. Esta série de livros tem como objetivo ensinar/treinar o leitor nos principais temas que envolvem segurança da informação, para isso, a editora criou um método bem interessante, no final de cada capítulo há um questionário sobre aquilo que foi explicado. Excelente para os preguiçoso. Para o pessoal que deseja seguir a carreira técnica ou aprender como as coisas funcionam, eu recomendo os seguintes títulos: Google is Your Friend - If You're a Lulzer. While the digital paparazzi were lined up waiting to snap photos of the Lulzboat crew getting vanned, some of us focused on how this collection of low tech script kiddies were able to knock over SONY, AT&T, the CIA, Arizona's DPS and numerous other sites and make off with highly confidential contents again and again.
It turns out that they had an accomplice, Google. Now before the good townspeople grab their torches and pitchforks and beat a hasty path to Mountain View, let it be known that Google's part in these massive hacks isn't actually Google's fault. Or perhaps it can be if the public still wants to blame them anyway and question why this information is there on Google for the taking in the first place. But that's not really the issue at all. The blame in my opinion lies once again with the administrators of the sites which were attacked.
After all, page crawls weren't considered privileged information - they're all part of the "public internet" available to anyone who drops by. A Tcpdump Tutorial and Primer. Image from securitywizardry.com tcpdump is the premier network analysis tool for information security professionals.
Having a solid grasp of this über-powerful application is mandatory for anyone desiring a thorough understanding of TCP/IP. Many prefer to use higher level analysis tools such as Ethereal Wireshark, but I believe this to usually be a mistake. In a discipline so dependent on a true understanding of concepts vs. rote learning, it's important to stay fluent in the underlying mechanics of the TCP/IP suite. A thorough grasp of these protocols allows one to troubleshoot at a level far beyond the average analyst, but mastery of the protocols is only possible through continued exposure to them. Coruja de TI Indica o Livro: The Art of Computer Virus Research and Defense [Paperback]
SSHtrix - Multithreaded SSHv1 e SSH1v2 cracker. Por Gustavo Lima+ em 17/09/11 às 9:54 pm SSHtrix é uma daquelas ferramentas que precisam constar no seu cinto de utilidades de pentest, eles simplesmente consegue realizar login cracker multithreaded em SSHv1 e SSHv2.
Simples, rápido e fantástico, essa ferramenta é muito útil na hora de realizar um teste para saber se a password utilizada para o usuário X via ssh está forte ou não. A instalação do SSHtrix não é uma das coisas mais simples, porém, eu consegui fazer um guia depois de passar alguns minutos debugando o carinha. Vejam que este tutorial foi feito para instalação no BackTrack 5 R1, vamos lá: How To Set Up SSH Encrypted MySQL Replication - Network Computing - StumbleUpon.