It’s a while since I’ve found time to add a new tool to my malware environment, so when a ISC post highlighted a new update to Cuckoo sandbox it served as a good reminder that I hadn’t got around to trying Cuckoo, something that has now changed. For those that don’t know, from it’s own site:
[…] Cuckoo Sandbox is a malware analysis system.
Written by journalist Kevin Poulsen, KingPin spans the hacking, cracking and carding underworld spread over several decades. The narrative covers the life and activities of Max Vision, a computer consultant, key member of the carding underworld and ultimately convicted criminal.
If you’ve got any interest in information security, computer/network administration to just good sci-fi I’d strongly recommend picking up a copy of Zero Day, it may be shorter that I would have liked but I thoroughly enjoyed the time spent in its created scenario
Like most techies I get the job of fixing and maintaining relatives’ PCs. As part of this after fixing whatever is broken I have some common clean-up and install routines that I go through to both help the system run faster and to extend the period before I’m called back, and I’ve used AVG free […]
After a few weeks running my daily Kippo review script I’ve noticed that whilst I’m still mostly receiving several logins per day, it’s rare for a connection to actually interact with my emulated system. So I started trying to investigate what was causing the trend.
A fairly common setup; you’ve got an internal resource (for example an intranet wiki for documentation), this is in turn protected by a firewall that only allows access from trusted location. Under normal circumstances all staff can access the resource without problems, and any malicious sources (human or automated) can’t access the service.
Solution?: SSH tunnels
Tuesday started fine, train down the capital a chance to meet up with the London work team. So far so good, until a colleague suggested a ‘quiet’ drink after work. Ended up not being too quiet after all. With Wednesday starting off with ‘why?….’, I found some energy and headed for Security BSides London. As […]
For those that don’t already know, John the Ripper is: a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM […]
As a security guy I find my paranoia levels are slightly high than most, a little something inside me picks up on things that general users miss that indicate that something isn’t right. This morning was no exception….
Running through my morning routine of catching up with email, twitter, etc. I came across this post showing Sequal7’s first hits on a Kippo installation. In addition to making amusing reading, it gave me a nudge to check back on the InfoSanity Kippo sensor.