Infosanity's Blog

After having this on my shelf and desk for what seems to be an eternity, I have finally managed to finish Virtualization for Security: Including Sandboxing, Disaster Recovery, High Availability, Forensic Analysis and Honeypotting. Despite having one of the longest titles in the history of publishing, it is justified as the book covers a lot of topics and subject matter. The chapters are:

1. An Introduction to Virtualization
2. Choosing the right solution for the task
3. Building a sandbox
4. Configuring the virtual machine
5. Honeypotting
6. Malware analysis
7. Application testing
8. Fuzzing
9. Forensic analysis
10. Disaster recovery
11. High availability: reset to good
12. Best of both worlds: Dual booting
13. Protection in untrusted environments
14. Training

Firstly, if you’re not security focused don’t let the title put you off picking this up. While some of the chapters are infosec specific a lot of the material is more general and could be applied to any IT system, the chapters on DR, HA and dual booting are good examples of this.

Undoubtedly the range of content in the book is one of it’s biggest draws, I felt like a kid in a sweet shop when I first read the contents and had a quick flick through, I just couldn’t decide where to start. This feeling continued as I read through each chapter, different ideas and options that I hadn’t tried were mentioned and discussed, resulting in me scribbling another note to my to-do list or putting the book down entirely while I turned my lab on to try something.

The real gem of information that I found in the book was under the sandboxing chapter, which was one of the topics that persuaded me to purchase the book in the first place. Considering that one of the books authors is Cartsten Willems, the creator of CWSandbox it shouldn’t be too surprising that this chapter covers sandboxing well. The chapter also covers creating a LiveCD for sandbox testing, while very useful for the context it was explained in, it was one of several parts to the book where by brain started to hurt from an overload of possible uses.

As you might have already guessed, the range of topics is also one of the books biggest weaknesses. There just isn’t enough space to cover each topic in sufficient depth. I felt this most in the topics that I’m more proficient with, while the Honeypotting chapter does a great job of explaining the technology and methodology but I was left wanting more. The disappointment from this was lessened on topics that I have less (or no) experience with as all the material was new.

Overall I really liked the book, it provides an excellent foundation to the major uses of virtualisation within the infosec field, and perhaps more importantly leaves the reader (at least it did with me) enthusiastic to research and test beyond the contents of the book as well. The material won’t help you become an expert, but if you want to extend your range of skills there are definitely worse options available.

–Andrew Waite

I was recently asked by Don over at EH-Net if I would be interested in reviewing a new book by Thomas Wilhelm of Heorot.net: ‘Professional Penetration Testing: Creating and operating a formal hacking lab’. Naturally I jumped at the opportunity.

I don’t want to discuss the book in too much detail here, as you can read the full review at Ethical Hacker here, but the book is a great addition to my home library. Don also worked his magic to convince the publisher to release a chapter from the book free of charge, chapter four covers the initial setup and configuration of hack lab environment, and can be downloaded from the review.

Hope the review is of use to someone out there, thanks to Thomas for writing the book in the first place and to Don for hooking me up with the review.

– Andrew Waite

Final Update: Crisis averted, Milw0rm is still up and functioning.

Looks like Milw0rm is calling it a night. Haven’ t been able to get any official word as the site is unavailable. As the site is now unavailable it’s hard to tell what happened, but an ISC diary has this message from the site:

Well, this is my goodbye header for milw0rm. I wish I had the time I did in the past to post exploits, I just don’t . For the past 3 months I have actually done a pretty crappy job of getting peoples work out fast enough to be proud of, 0 to 72 hours (taking off weekends) isn’t fair to the authors on this site. I appreciate and thank everyone for their support in the past.
Be safe, /str0ke

Always a shame when a big player in the infosec community closes it’s doors. My thanks to all those how contributed and ran the site when it was a going concern; and if anyone has a recent mirror, I’d appreciate a copy, mines a little dated :’(

– Andrew Waite

Update:
Looks like the fat lady may not be singing for Milw0rm just yet, Str0ke post this on Twitter:

I have talked with a few friends and I’ll be handing the site over so a group of people can add exploits / other things to the site. Hopefully it will be a new good start

Plus Dale Pearson of Security Active pointed me in the direction of splo.it, which is currently posting nothing but a farewell to Milw0rm. Given the (rather cool) URL it may become Milw0rm’s spiritual successor.

Update 2:
This keeps on going, Milworm came back and then died under the load of people trying to grab an upto date archive (ISC Diary). Until/if Milw0rm comes back for good you can get a copy of the July archive via Security Database Tools Watch

I’m a fan of ‘case study’ type research and analysis, so I think I hit pay-dirt when I found this book. I’ve had the book on my shelf for a couple of years now and keep coming back to it and re-reading whenever I’m looking for inspiration (or just a good read).

The basis of the book is explained in part two of the book, basically methods and techniques for the ‘good guys’ to fight back against the ‘bad guys’. The line is far too blurred and ambiguous in these cases for me to recommend anyone trying these techniques in the real world, at least not without a very good understanding of all of the relevant laws.

In real-world examples so far I’ve seen researches err on the side of caution and not fight back. A real world example and debate of the possibility can be read with Tipping Point’s blogs regarding the research of Kraken, article in question can be found here although I’d recommend reading all of their posts regarding the Kraken research as it is still interesting, even after nearly twelve months.

In the first part of the book each chapter (8 in part one) focuses on a different topic and scenario, and is written by a different author (including Johnny Long and Dan Kaminsky, with all authors being recognisable from their own fields). Topics range from modifying network games to trap and identify a system intruder, to a blow by blow account of an intruder and sys admin fighting to gain/maintain control of the corporate net.

The book doesn’t go into enough depth regarding any of the attacks, exploits or techniques to allow you to replicate what you read, however it does instil a desire to go out to learn and play with new ideas, the only problem I found was deciding where to start…

– Andrew Waite