Life is so damn short..guess that was 1 of the reason I made this website, welcome to my world!

Who
stijn@securityworld.be

Search

-->
Teaser


Xtra
LINKS
SECURITY

Streaming
DJ Mix 01
DJ Mix 02
Live Tech Talks

Archives
10/03
11/03
12/03
01/04
02/04
03/04
04/04
05/04
06/04
07/04
08/04
09/04
10/04
11/04
12/04
01/05
02/05
03/05
05/05
06/05
07/05
08/05
09/05
11/05
12/05
01/06
02/06
03/06
04/06
05/06
06/06
07/06
08/06
09/06
10/06
01/07
04/07
08/07
10/07
11/07
12/07
01/08
04/08
05/08
11/08
06/09


SecurityWorld.be ©
2001-2008
Wednesday, November 26, 2008
CHEAT SHEETS
Having limited storage myself in my head, I stumbled on these organized summaries made by experts on the net. They are a great way to refresh your skills. Mind you that the below cheat sheets are related to information security topics like incident response and Google hacking. Using your favorite search engine you should be able to find sheets on any topic.



Note: the below links are direct links, so the PDF files are fetched from the sources directly. You can safely trust these PDF files. In case you just came back from the moon, PDF files can be malicious as expert Didier Stevens explains on his blog.

Check them out;

The initial security incident questionnaire for responders (from Lenny Zeltser)

Security incident survey cheat sheet for server administrators (from Lenny Zeltser)

Google hacking and defense cheat sheet (from SANS)

If you as a reader has some more sheets to share, feel free to post them in the comments area of this blog post.

Labels:


# posted by Welcome @ 20:31 [0] comments

Thursday, April 17, 2008
ONLINE COURSE
While skimming rootsecure.net, I stumbled on a course F-Secure organizes at the technology university of Helsinki that goes in detail on Malware Analysis and Antivirus Technologies.

If you are interested in knowing more about how to use the tools, to get the in and outs on this topic, go check it out here!
The whole course material was made public..

And later this year, there is the known security research gathering on
"Detection of Intrusions and Malware & Vulnerability Assessment"

DIMVA

It's sponsored by Google and some other big shots.

In case someone reads this and has intentions to go, drop me an e-mail/comment so we can meet on July 10-11th in Paris.

Labels: , , ,


# posted by Welcome @ 15:20 [1] comments

Wednesday, April 09, 2008
MALWARE
With Storm and the recent Kraken botnet, there is a whole new dimension added to the threat landscape causing a lot of havoc to businesses. Not only is this malware activity difficult to detect by anti-virus software, it's a hard job for system administrators to keep their internal clients clean from this type of malicious code.

The Kraken code turns the infected host into a bot with an internal SMTP engine that it engages in sending out SPAM.
At the moment the Kraken infection is only being used for spamming the usual scams... but for how long?

To elaborate a bit on the Kraken bot, I have to say that these pieces of code become very advanced! It uses stealthy mechanisms, obfuscates their payload and uses encrypted communication channels to receive instructions from the bot herder.

The malicious Kraken code is apparently evading detection by a combination of clever obfuscation techniques, including regularly updating its binary code and structuring the code in such a way that hinders any static analysis, says Paul Royal, principal researcher at Damballa.

Damballa is one of the security startups that help organizations fight these botarmies. They recently saw single Kraken bots sending out a wh00ping 500,000 pieces of spam in one day...

When further reading on the topic I found out that ThreatExpert is a great source on the net for people interested in malware analysis and fighting these ongoing threats.
The company based in Ireland developed a smooth front-end on their virtualized infrastructure which "fingerprints" the malware from A-Z.

copyright threatexpert

When uploading your malicious binary to ThreatExpert, the application spits out a detailed description and analysis of the behavioral effects.
It records the changes that the code made to the OS once the infection takes place and throws everything into a nice report.

Classic anti-virus vendors have the disadvantage as the exposed window stays open until anti-virus software is updated. Until then there is a window where basically the company is blind to the havoc the infection is causing. Threats going from information leakage to taking up network resources (DoS) could potentially happen without funded understanding of what's really going on making the companies network out of control.

To survive the exposure window, the ThreatExpert report can help you out in better understanding what is going on. The report can be used to bridge this window as it gives insight information to security officers allowing them to start implementing ad-hoc countermeasures like blocking ports on border firewalls, isolate infected machines, safeguard detailed forensic evidence etc

Meanwhile the anti-virus companies work day and night to reverse engineering the new malware code. The infected company has to implement temporary countermeasures until the updated database signatures are pushed. Only then an organized, supported cleanup of the infection can start together with the security partner.

Labels: , ,


# posted by Welcome @ 16:11 [0] comments

Saturday, November 24, 2007
HOW TO INSTALL BACKTRACK ON YOUR USB STICK
A while ago I went to hack.lu and the night before I was installing Backtrack on my USB stick. I got some questions about how I did this so I wrote a work instruction.
It explains every step in order to achieve a USB based linux pentesting environment with different modules pre-installed, read/write control and swap space benefits.

You can view it here.



In any case feel free to let me know if there are any mistakes or updates I should include.

Labels:


# posted by Welcome @ 19:37 [0] comments