Interesting links – June 30
Potentially interesting links for June 30:
- ZeuS Tracker – Tracks ZeuS Command&Control servers (hosts) around the world and provides you a domain- and a IP-blocklist.
- raw2vmdk | Download raw2vmdk software for free at SourceForge.net – Mount raw disk images (e.g. dd) on VMware, VirtualBox or other VM platform supporting the VMDK disk format. Cross-platform Java.
- Penetrating Intranets through Adobe Flex Applications – How to exploit Adobe Flex applications that use BlazeDS to access internal networks and other hosts behind the firewall.
- IDS/IPS Evasion – One way to fool most IPS into thinking a TCP session is closed (and thus no longer track it) when it’s actually still open on the host.
Interesting links – June 14
Potentially interesting links for June 14:
- LZH Compression vulnerability – “Most of anti-virus softwares can’t detect viruses embedded in LZH files with falsified header. And most archivers are capable to uncompress them, just as specified.”
- Google IPv6 Implementors Conference – Slides from the event held June 10 and 11 2010.
Interesting links – June 3
Potentially interesting links for June 3:
- AV bypass made stupid – Step-by-step example of how easy it can be to bypass antivirus detection. Demonstrates using a Windows resource editor to modify an executable so that (most) antivirus no longer detect it.
- Payment Systems Group End-To-End Encryption Guidelines (pdf) – Guidelines on the application of encryption to payment card data used for retail financial transactions.
- Nessus parsing tools – Parses Nessus NBE files into an sqlite database and provides scripts to generate various HTML reports. Windows only.
- fuu unpacker – Helps unpack, decompress and decrypt most of the programs packed, compressed or encrypted with well known utils like UPX, ASPack, FSG, ACProtect, etc. Windows only.
- Malzilla – Useful for exploring malicious web sites, including deobfuscating javascript.
Interesting links – May 28
Potentially interesting links for May 28:
- Khobe – Defeating antivirus via kernel driver hooks – Describes an attack exploiting kernel driver hooks in Microsoft Windows XP to intercept and alter communication between components and AV applications.
- Rubberhose cryptographically deniable disk encryption – Claims to be more secure, portable, uses steganography / deniable cryptography, works with any file system and has source freely available. Alpha quality. Linux only with NetBSD and FreeBSD support coming soon.
- The Enemy Within – Long, detailed novice-level history of conficker worm and the implications. Good awareness material for the uninformed.
Interesting links – May 5
Potentially interesting links for May 5:
- Top Ten Tips for Auditors – Interesting advice from the SANS auditors blog.
- Namebench – Discovers the fastest DNS servers for your location via direct performance measurements. Windows and Mac executables, Unix source.
- A decade since the ILOVEYOU worm – Yes, it’s been ten years already.
Older articles »