Interesting links – June 14
Potentially interesting links for June 14:
- LZH Compression vulnerability – “Most of anti-virus softwares can’t detect viruses embedded in LZH files with falsified header. And most archivers are capable to uncompress them, just as specified.”
- Google IPv6 Implementors Conference – Slides from the event held June 10 and 11 2010.
Interesting links – June 3
Potentially interesting links for June 3:
- AV bypass made stupid – Step-by-step example of how easy it can be to bypass antivirus detection. Demonstrates using a Windows resource editor to modify an executable so that (most) antivirus no longer detect it.
- Payment Systems Group End-To-End Encryption Guidelines (pdf) – Guidelines on the application of encryption to payment card data used for retail financial transactions.
- Nessus parsing tools – Parses Nessus NBE files into an sqlite database and provides scripts to generate various HTML reports. Windows only.
- fuu unpacker – Helps unpack, decompress and decrypt most of the programs packed, compressed or encrypted with well known utils like UPX, ASPack, FSG, ACProtect, etc. Windows only.
- Malzilla – Useful for exploring malicious web sites, including deobfuscating javascript.
Interesting links – May 28
Potentially interesting links for May 28:
- Khobe – Defeating antivirus via kernel driver hooks – Describes an attack exploiting kernel driver hooks in Microsoft Windows XP to intercept and alter communication between components and AV applications.
- Rubberhose cryptographically deniable disk encryption – Claims to be more secure, portable, uses steganography / deniable cryptography, works with any file system and has source freely available. Alpha quality. Linux only with NetBSD and FreeBSD support coming soon.
- The Enemy Within – Long, detailed novice-level history of conficker worm and the implications. Good awareness material for the uninformed.
Interesting links – May 5
Potentially interesting links for May 5:
- Top Ten Tips for Auditors – Interesting advice from the SANS auditors blog.
- Namebench – Discovers the fastest DNS servers for your location via direct performance measurements. Windows and Mac executables, Unix source.
- A decade since the ILOVEYOU worm – Yes, it’s been ten years already.
Interesting links – April 26
Potentially interesting links for April 26:
- Pentesting Adobe Flex Applications (pdf) – Nice deck describing Adobe Flex / AIR , their communication protocols (eg. Adobe message format AMF), and how to assess and attack them. Also introduces Blazentoo exploit tool.
- Manual Verification of SSL/TLS Certificate Trust Chains using Openssl – Validating chained SSL server certificates. Helpful in determine whether an SSL error message is due to the browser not having an intermediary cert, or due to a man-in-the-middle attack.
- A Periodic Table of Visualization Methods – Nifty reference of visualization of information, data, concepts, strategy, and metaphors (!).
- Fun with N-gram Analysis – Neat idea: identifying malicious Internet domain names using n-gram analysis.
- FOCA – Extracts metadata from common file types.
« Newer articles — Older articles »