Interesting links – August 31
Potentially interesting links for August 31:
- DLL hijacking vulnerabilities – Many (most?) Windows apps attempt to load DLLs that they don’t need and are in fact not there. Just stick your malicious DLL in the DLL search path, give it the right name and the app will load it. All versions of Windows are vulnerable.
- SANS Investigative Forensic Toolkit (SIFT) – VMware Linux image with some common file forensics tools.
- RANCID – Configuration monitoring and alerting tool. Pulls configs from routers (or potentially any device), stores in CVS, removes routinely variable content then diffs. Can email changes detected.
Interesting links – August 17
Potentially interesting links for August 17:
- OpenFISMA – Open, customizable application to reduce cost and complexity associated with FISMA compliance and risk management. Locally installed LAMP app.
- RSMangler – Keyword-based wordlist generator. Requires Ruby.
- jsunpack – Online only generic JavaScript unpacker. Provide URL, paste in JS or upload a PDF, pcap, HTML, or JavaScript file.
- Wepawet – Online only service for detecting and analyzing web-based malware. Currently handles Flash, JavaScript, and PDF files.
Interesting links – August 14
Potentially interesting links for August 14:
- A Taxonomy of Social Networking Data – Bruce Schneier attempts to define possible types of social network data.
- Cyberattacks raise e-banking security fears – From March 2010. Discusses growing trend of looting small business bank accounts.
- U.S. Office of Justice Programs: Research, Statistics, & Evaluation – collects, analyzes, publishes, and disseminates information on crime, criminal offenders, victims of crime, and the operation of justice systems at all levels of government. Lots of downloadable data, including some on cybercrime stats.
Interesting links – August 2
Potentially interesting links for August 2:
- DoD policies – Links the major U.S Department of Defense policy documents on Information Assurance.
- Canada Revenue Agency grappling with more unauthorized access – Insider apparently accessed tax records to further her business on the side.
- Verison 2010 Data Breach Report – Verizon’s breach stats and trends report for 2010.
- Suricata IDS/IPS – Open Source Intrusion Detection and Prevention Engine. Intends to replace Snort. Can use Snort rulesets unchanged.
- THC-IPV6 – “A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library.”
Interesting links – June 30
Potentially interesting links for June 30:
- ZeuS Tracker – Tracks ZeuS Command&Control servers (hosts) around the world and provides you a domain- and a IP-blocklist.
- raw2vmdk | Download raw2vmdk software for free at SourceForge.net – Mount raw disk images (e.g. dd) on VMware, VirtualBox or other VM platform supporting the VMDK disk format. Cross-platform Java.
- Penetrating Intranets through Adobe Flex Applications – How to exploit Adobe Flex applications that use BlazeDS to access internal networks and other hosts behind the firewall.
- IDS/IPS Evasion – One way to fool most IPS into thinking a TCP session is closed (and thus no longer track it) when it’s actually still open on the host.
Older articles »