This week has been an interesting one for followers of the info-sec arena. On Tuesday Microsoft released a patch and security bulletin for MS12-020 for a critical flaw in remote desktop protocol, allowing for remote code execution without the need to authenticate to the target system first. Since the patch was released the good, the bad […]
Category archives: MS Windows
Direct Access at NEBytes
Tonight was the second NEBytes event, and after the launch event I was looking forward to it. The topic I was most interested in was a discussion of Microsoft’s Direct Access (DA), this was billed as an ‘evolution in remote access capabilities’. Being a security guy, obviously this piqued my interest.
AV killing with powershell
A colleague recently introduced me to scripting with Powershell. After seeing a couple of examples of it’s strength for handling legitimate administration tasks my devious side came into play and I started imaging havok in my head.
VMware, Win7 & VirtualXP
<update-20091129> Very grateful to Timmedin for pointing me in the direction of his recent work with the same issue. In usual form, Tim has even packaged up a powershell script to automate the workaround. Check his fix here, much cleaner and slicker than my own. If your still curious, read on for the backstory. </update> […]
Random Malware Analysis
Having recently been left with several hours to kill with nothing but a laptop and my virtual lab I thought I’d try my hand at some rudimentary malware analysis. For a random live sample I selected the most recent submission to my Nepenthes Server. $ tail -n1 /opt/nepenthes/var/log/logged_submissions[2009-05-21T19:10:59] 90.130.169.175 -> 195.97.252.143 creceive://90.130.169.175:2526 93715cfc2fbb07c0482c51e02809b937 To start […]
Sec610 Reverse Engineering Malware Demo
I spent a very interesting hour with Lenny Zeltser (and others) around a week ago with a live demo of part of Lenny’s Sec610 course. For those interested in taking the course, or malware in general, then I’d suggest that if the demo is a representative sample of the course then you’re likely to really […]
Windows Right-Click context menus
Whilst doing some research on reverse engineering I came across a useful tip on the Tipping Point MindshaRE blogs. The post details the (simple) steps required to add IDA Pro‘s disassembly to Window’s right-click context menu. This is definitely simpler than I had expected it to be,although admittedly not something I had investigated before. Judging […]