Zero Wine is: an open source (GPL v2) research project to dynamically analyze the behavior of malware. Zero wine just runs the malware using WINE in a safe virtual sandbox (in an isolated environment) collecting information about the APIs called by the program. The output generated by wine (using the debug environment variable WINEDEBUG) are […]
Category archives: InfoSec
Starting out with physical security
Several months ago I was involved in a discussion focusing on steps taken to secure information systems, and came to the realisation that all the counter measures and protections where network and system based. As a joke I asked what was the point if someone could pick the building locks and walk out with the […]
Good night Milw0rm
Final Update: Crisis averted, Milw0rm is still up and functioning. Looks like Milw0rm is calling it a night. Haven’ t been able to get any official word as the site is unavailable. As the site is now unavailable it’s hard to tell what happened, but an ISC diary has this message from the site: Well, […]
BackTrack4 Pre-Release Released
The Remote-Exploit boys have done it again, pre-release version of BackTrack 4 is available for download here. As always there is a large amount documentation available on the Remote-Exploit wiki and forum, and the Offensive-Security blog. In case you’ve been living under a rock, BackTrack is now based on Ubuntu which makes the OS easier […]
Denial of Service with Slowloris
Earlier this week the ha.ckers.org blog posted the release of the Slowloris HTTP DoS tool primarily coded by Rsnake, discribed as The low bandwidth, yet greedy and poisonous HTTP client! The attack vector essentially works by initialising an HTTP request but never completes the request, causing the handling thread to wait for the end of […]
Lone Gunman & run books
Keeping with todays theme of working through a backlog, I’ve had two ISC diaries flagged for several months, Dealing with Security Challanges and Making the most of your runbooks. The first is more a question of how to handle security incidents and requirements with minimal resources. This seems to be a common theme, with lots […]
Full Scope Security's Client Side presentation
I’ve been meaning to post a quick review of this for a while, but better late than never… Recorded at Notacon ’09 CG and g0ne gave a great presentation on client side attacks, video here. The talk starts of with explaining what client side exploits are, and more importantly why we should care. And finished […]
Simple Web Honeytraps
Johannes Ullrich recently posted an article detailing quick and simple traps you can add to a web site or web app to flag up suspicious and malicious activity on the site. Johannes does a better job of explain than I could so I’d recommend a read of his post, but put simply the traps discussed […]
Securely wiping a drive with dd
Cleaning the harddrive of any machine, be it desktop, laptop or server, before either repurposing or selling (or even scrapping), should be a basic requirement of any organisation. But there is a seemingly unrelenting stream of reported incident, some of which coming from organisations that really should know better, MI6 and military contractors for example. […]
Cheat Sheets
OK, so we’d all like to be 1337 and know everything without missing a beat, but for mere mortals like myself I find that impossible so I’m a fan of the various cheat sheets that people and organisations put out for succinct, to the point memory joggers.