• ZeuS Tracker – Tracks ZeuS Command&Control servers (hosts) around the world and provides you a domain- and a IP-blocklist.
• raw2vmdk | Download raw2vmdk software for free at SourceForge.net – Mount raw disk images (e.g. dd) on VMware, VirtualBox or other VM platform supporting the VMDK disk format. Cross-platform Java.
• Penetrating Intranets through Adobe Flex Applications – How to exploit Adobe Flex applications that use BlazeDS to access internal networks and other hosts behind the firewall.
• IDS/IPS Evasion – One way to fool most IPS into thinking a TCP session is closed (and thus no longer track it) when it’s actually still open on the host.

No related posts.

• LZH Compression vulnerability – “Most of anti-virus softwares can’t detect viruses embedded in LZH files with falsified header. And most archivers are capable to uncompress them, just as specified.”
• Google IPv6 Implementors Conference – Slides from the event held June 10 and 11 2010.

No related posts.

• AV bypass made stupid – Step-by-step example of how easy it can be to bypass antivirus detection. Demonstrates using a Windows resource editor to modify an executable so that (most) antivirus no longer detect it.
• Payment Systems Group End-To-End Encryption Guidelines (pdf) – Guidelines on the application of encryption to payment card data used for retail financial transactions.
• Nessus parsing tools – Parses Nessus NBE files into an sqlite database and provides scripts to generate various HTML reports. Windows only.
• fuu unpacker – Helps unpack, decompress and decrypt most of the programs packed, compressed or encrypted with well known utils like UPX, ASPack, FSG, ACProtect, etc. Windows only.
• Malzilla – Useful for exploring malicious web sites, including deobfuscating javascript.

Related posts:

• Little known features: Symmetric encryption with PGP/GPG

• Khobe – Defeating antivirus via kernel driver hooks – Describes an attack exploiting kernel driver hooks in Microsoft Windows XP to intercept and alter communication between components and AV applications.
• Rubberhose cryptographically deniable disk encryption – Claims to be more secure, portable, uses steganography / deniable cryptography, works with any file system and has source freely available. Alpha quality. Linux only with NetBSD and FreeBSD support coming soon.
• The Enemy Within – Long, detailed novice-level history of conficker worm and the implications. Good awareness material for the uninformed.

Related posts:

• Conficker detection and containment tools
• Detecting botnet infections for free

• Top Ten Tips for Auditors – Interesting advice from the SANS auditors blog.
• Namebench – Discovers the fastest DNS servers for your location via direct performance measurements. Windows and Mac executables, Unix source.
• A decade since the ILOVEYOU worm – Yes, it’s been ten years already.

No related posts.

• Pentesting Adobe Flex Applications (pdf) – Nice deck describing Adobe Flex / AIR , their communication protocols (eg. Adobe message format AMF), and how to assess and attack them. Also introduces Blazentoo exploit tool.
• Manual Verification of SSL/TLS Certificate Trust Chains using Openssl – Validating chained SSL server certificates. Helpful in determine whether an SSL error message is due to the browser not having an intermediary cert, or due to a man-in-the-middle attack.
• A Periodic Table of Visualization Methods – Nifty reference of visualization of information, data, concepts, strategy, and metaphors (!).
• Fun with N-gram Analysis – Neat idea: identifying malicious Internet domain names using n-gram analysis.
• FOCA – Extracts metadata from common file types.

No related posts.