This is an analysis of Mocbot from LURHQ. Especially interesting is the follow-up on the Spammer that this new variant downloads, as well as the graphic showing which antivirus companies properly detected the malware. I wonder if the only ones detecting are the heuristic scanners and not the signature-based scanners…?
Month: August 2006
xss information
Here is a story about a XSS pen test along with link to the actual story. Hopefully I can add more XSS resources here for the future.
secure usb drives
Just a quick listing of some secure USB drives that use hardware encryption and are recommended:
mtrust mdrive 500
kingston data traveler elite – privacy ediction
verbatim store’n go corporate – secure
more on cracking wep, etc
This link has a number of good pages and pieces of information on cracking WEP and other wireless fun.
rundown of switch features for security
Every now and then the SANS Handler Diary offers up some nice information. They just threw out this list of switch features that many people never know to use, and I thought it was a nice rundown to use at a later date, especially if my two switches include all of this stuff.
laptop encryption tips – windows, mac, and linux
While TrueCrypt is still a great tool for Windows, Security Monkey has a nice quick bit of information on using PointSec for Windows, filevault on Mac, and a link to a method of securing a Linux laptop. Nice quick read, almost like a hand-slap to anyone with a laptop followed by a quick, “do this, moron!”
using alternate non-printing characters in passwords
If one must absolutely use passwords with Windows (not sure why anymore) and not pass phrases, and the password needs to be highly secure, you don’t get much better than using non-printable characters. Both of these posts go into detail on using non-printable characters to thwart most password cracking tools.
Microsoft, of course, even weighs in on their password suggestions.
ntfs alternate data streams
Quite an ingenious simple little method to hide files on an ntfs disk: alternate data streams. This article on Security Focus makes it look a little more difficult than it is, due to the author going through the effort of describing breaking into a machine to set an ADS on a few hidden files. LNS and LADS are two tools to scan a disk for ADS…although they are certainly not swift in their scans.
Update: An ADS tutorial from STC
reverse engineering windows malware
Snagged a bunch of tools and links dealing with reverse engineering malware, particularly Windows, but also other stuff. This is an area I’d love to get into some day, perhaps when I get more into coding as well. Either way, it is always useful to exercise ones ability to figure out what malware is doing, whether you use a live box and lab network or examine the code straight-up.
IDA Pro – the universal first choice in malware analysis
Ollydbg
WinDbg
Import Rec
Ollydump
PaiMai and PyDbg
Pydasm and Pydot
ISA sync
office metadata and forensics
A post over at SecurityFocus went over Microsoft Office forensics and some things to do to enhance security, most notably privacy. Because Office is so universally used, I’ve found that many people, techie and non-techie both, want to put their heads in the sand about issues with Office. They just don’t want to hear about the issues, even as malicious persons have begun poking at the apps and more and more data is disclosed on the web and search engines.
I’ve long wanted a concise and listed set of items to check on and change when dealing with metadata in MS Office Word documents. Now I have it!
Update: Here is another link dealing with pesky lingering Office data that shouldn’t be there.
reverse engineering khallenge
The folks at F-Secure put up this series of exercises in reverse engineering and called it a khallenge. Sounds like a fun way to get into reverse engineering a bit, someday. If I get stumped, might be able to find some hints around this blog.
ftester – test your linux firewall
So, when I get around to testing my linux firewall, I can use ftester along with this “how to” guide.
surf at work
I certainly cannot condone evading firewalls and other protections in the workplace or otherwise, since I’m one of those guys trying to stop these people, but these techniques can be useful not only for times when you want it, but also for knowing what people might be doing so that I can stop it. In addition, some of these techniques have the side benefit of being more secure, such as when I am at a hotspot and wanting to make connections privately to public sites.
infosec training modules / presentations
Not sure on the quality of this content, but this site has some modules up about their training in infosec assurance and assessments. I’ll take this down if this proves to be useless fluff.
sans packet challenge
I need to check this out sometime. The packet challenge at SANS is not a regular thing, I think, but could still make for an interesting exercise for me. Bejtlich posted a couple links to answers here and here.