Cloud. DNS. Forensics. Honeypot. SSL. Pentest. Using WinDbg to Begin Reverse Engineering Unknown Malware from Memory. June 13, 2011 3:03 am Gary Golomb Advanced Threats , code , forensics , malware , Malware Analysis , Network Forensics , network forensics , PE EXE files , Reverse Engineering , trojan Part Two in a multi-part series on holistic, multi-disciplinary analysis and reversing.
The last post, “ Mutex Analysis: The Canary in the Coal Mine ,” started off showing to use mutexes to discover malware that is difficult to locate using more traditional methods and tools.
PwnedList. Registry Decoder: Digital registry forensics. Posted on 03 November 2011.
Registry Decoder is a free and open source tool for the acquisition, analysis, and reporting of registry contents. It comes with an online acquisition component and an offline analysis component. All functionality contained within the two components is exposed to a graphical user interface, and the tool aims to provide even novice investigators with powerful analysis capabilities. Home Of PaulDotCom Security Podcast. Network Security Blog. Security Blogs. How to check if your details have been compromised. Ever wonder where the term "Pwned" came from?
Rumour has it that is started with the game World of Warcraft (WoW), where a map designer, intending to write "the player has been owned", mistyped it as "the player has been pwned". In any case, it is widely used today to mean you have been screwed in some way. Publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=%2Fliaai%2Fselinux%2Fliaaiselinuxstart.htm.
Using Debian/Hardened SELinux — Debian SELinux Handbook v0.1. Blog TechBiz Forense Digital. Livros para quem quer aprender sobre segurança da informação. Google is Your Friend - If You're a Lulzer. While the digital paparazzi were lined up waiting to snap photos of the Lulzboat crew getting vanned, some of us focused on how this collection of low tech script kiddies were able to knock over SONY, AT&T, the CIA, Arizona's DPS and numerous other sites and make off with highly confidential contents again and again.
It turns out that they had an accomplice, Google. Now before the good townspeople grab their torches and pitchforks and beat a hasty path to Mountain View, let it be known that Google's part in these massive hacks isn't actually Google's fault. Or perhaps it can be if the public still wants to blame them anyway and question why this information is there on Google for the taking in the first place. But that's not really the issue at all. The blame in my opinion lies once again with the administrators of the sites which were attacked. A Tcpdump Tutorial and Primer. Image from securitywizardry.com tcpdump is the premier network analysis tool for information security professionals.
Having a solid grasp of this über-powerful application is mandatory for anyone desiring a thorough understanding of TCP/IP. Many prefer to use higher level analysis tools such as Ethereal Wireshark, but I believe this to usually be a mistake. In a discipline so dependent on a true understanding of concepts vs. rote learning, it's important to stay fluent in the underlying mechanics of the TCP/IP suite. A thorough grasp of these protocols allows one to troubleshoot at a level far beyond the average analyst, but mastery of the protocols is only possible through continued exposure to them.
Coruja de TI Indica o Livro: The Art of Computer Virus Research and Defense [Paperback] SSHtrix - Multithreaded SSHv1 e SSH1v2 cracker. How To Set Up SSH Encrypted MySQL Replication - Network Computing - StumbleUpon.