|
~ साझा Techies ~
http://www.foxnews.com/scitech/201 ...[pyaradeshbasiharu]
09-23-10 [7:59 PM]
Walkahead,This is not someone who ...[pyaradeshbasiharu]
09-24-10 [7:43 PM]
One of the challenges InfoSec Profession ...[SAAJHA]
09-24-10 [10:02 PM]
How would You fend off 0 Days???&n ...[pyaradeshbasiharu]
09-25-10 [7:19 PM]
@pyara, Howdee'!!It's kinda off tangent, ...[SAAJHA]
09-25-10 [8:53 PM]
I don't mean to push your enthusiasm asi ...[SAAJHA]
09-27-10 [4:09 PM]
Saajha, I don't mean to push ...[pyaradeshbasiharu]
09-29-10 [1:58 PM]
Guys my talk would be completely o ...[walkahead]
09-29-10 [11:16 PM]
@ walkahead,- Check out the name K ...[black_panther]
09-29-10 [11:25 PM]
I once Wrote a Script to Analyze h ...[pyaradeshbasiharu]
09-30-10 [10:47 AM]
Folks, - If U have a webcam on you ...[black_panther]
10-03-10 [11:14 AM]
@pyara, keep up the good work! I&nb ...[saajha]
10-04-10 [9:29 PM]
Interesting Article
http://www.co ...[pyaradeshbasiharu]
10-20-10 [12:44 PM]
www.net-security.org/malware_news.php ...[SAAJHA]
10-27-10 [9:18 AM]
Yet another evil stuff:
www.computerwor ...[saajha]
10-27-10 [11:12 AM]
Wikileaks.com which has leaked thousands ...[ne0]
11-29-10 [12:18 PM]
visa.com and mastercard.com DDoS'd by Wi ...[SAAJHA]
12-08-10 [3:30 PM]
IE Blows Away Rivals in Browse ...[pyaradeshbasiharu]
12-15-10 [11:29 AM]
Some malwares are good at locking your c ...[ne0]
08-27-13 [10:35 AM]
Welcome to all Techies & Web Junkies; There are a lot of resourceful Nepali techies who are very good at what they do. There are many aspiring techies who are very quick to learn new things. Internet is a vast resource of knowledge and many times one small pointer makes or breaks someones jeal to learn, produce and benefit in some way. This resource is provided by sajha to everyone interested in technology, programming, designing, creating and learning. Please be sure to check a sub category of your posting so that it's easy to navigate for others who can benefit from it. In addition, this interest group has been created in the interest of helping out general computer users who have problems with their computers and have very little knowledge on how to tackle it. Walkahead, This is not someone who is sitting in ma's and pa's Basement and pawning a Bunch of servers. What we are seeing is a Next Generation of Sophisticated Cyberattack. Given the enormous Complexity to Own SCADA system and Utilising at least 4 Zero Days, it's definitely Involvement of Some State. Stuxnet Could Probably be the Most Sophisticated Malware Written in History.
and BTW Politics is Always involved in the Security industry whether u like it or not. That is atleast what I have seen in Last Couple of Years.
Excerpt from Wikipedia: Ksplice is an open source[1] extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system. Ksplice takes as input a unified diff and the original kernel source code, and it updates the running kernel in memory
How would You fend off 0 Days???
Baitnet Coming soon.. Last edited: 25-Sep-10 07:21 PM @pyara, Howdee'!! I don't mean to push your enthusiasm aside or to question your knowledge, but you've gotta get some terminologies straight, first:
cheers, ~@~ Saajha,
I don't mean to push your enthusiasm aside or to question your knowledge, but you've gotta get some terminologies straight, first:
-I have to admit that I was/is Never Good on the Terminologies and Explaining People what I meant. But I know What You are Talking ABT.
-Yes there are Hundreds of APPs/OSes Combo That can be exploited. Severity of the 0 Day Depends upon APP/Oses that is commonly deployed. I am not going to Waste my Time Writing Zero Day for Say Netscape which has 0 ROI. And talking abt Snapshotting the OS'es and Applications Against a Known Baseline and Measuring the Changes, This is What i am Exactly Doing. But there are Some Caveats to this Approach.For Validating this Approach i am reconstructing the Binary from Memory Dump+Watching the Process in target. The reason Being Exploits are Typically Memory resident and Run as Part of the Trusted Process(Say IE)and Normally don't hit the disk. Once You are able to reconstruct the Binary(Typical Shell Code) You can Validate it against Known Good V/s Known Bad.
Security tools are out there to assist us, not to feed us with spoon. We pay vendors for their product and services that they offer, which must be customized and tweaked and re-customized and re-tweaked while maintaining vigilance all the time. --Saajha , I work at one of the Largest Security Product Testing facility and i have Tested Numerous IPS,FW's AV's, Browsers,UTM's. What was Shocking to see was the % they Missed. AV's are the worst for detecting Exploits/Malwares(Given that there are roughly 20-40,000 Malware Sample Released on the Wild Everyday). You Might Argue that AV's are not tailored to Detect Exploits but why the hell in this world do they Advertise that they have HIPS. Or am I missing Something.Average Pap and Mom Don't have the Luxury to Maintain Vigilance. They will Believe on the what they are told to Believe. - There are different tools that are Being Developed by the Community and they have different Approach on Detecting Exploits/Mitigating. Yes Source Fire missed 2004 CVE. The reason i am Making a Hoopla Out of this is Bad Guys Need Just one . They are one of Best and Talented People Working out there are and have Given Great Snort Rules but one Miss to Get Inside Extremely important Installation makes me Paranoid.
-Since this is a Targeted Attack , the Level of sophistication and resource required to Pull this out makes me think it's Sponsored by Gov or Enormously Large Corp. Social Engineering is a totally different beast. If you can get your way in through Social Engineering, you might not even need to look for any application specific vulnerabilities. Nothing much to say in this regard. -yes it's a Different Beast but day by day OS'es /APP's are Made More Secure , PPL rely on a Bit a Social Engineering to Pawn a System. Aurora was a Classic Example. 0 Day+Social Enginering.
cheers,
Last edited: 29-Sep-10 06:25 PM
Last edited: 29-Sep-10 06:27 PM Guys my talk would be completely out of track, but I had the speaker in my class.. and he is CIO from a very popular IT company. They had 9 of the security level employees, and when we asked what kind of people would they hire? Guess what was his answer, They would first look at the candidates that has FBI and CIA charges. That means the people who have the charges for the security break-in on the systems of other companies.. Weird.. Where would i Fall on that.. ??? Big Question @ walkahead, - Check out the name Kevin Mitnick .... - Once the most wanted man by the Feds ... - Now working as a security consultant ... - There are many others like him (just a google search away ....)
I once Wrote a Script to Analyze hashes on Virus-Total. It is Fully Automated and Outputs the result in CSV format for Further Analysis. It's Written in Perl and will require HTML extract Module for perl.If the Folks at VT decide to Change the Form Submission part it won't work at that point of time.
Feel Free to Modify and Reuse the Code
#!/usr/local/bin/perl # Description: Uses Virustotal.com to parse MD5 hashes of malware # Assumes hashes to be analyzed are in a text file "md5.txt" in the same directory as the script # RESULT.csv shows the md5 hash, AV engine, Scan result # ** Needs HTML Table Extract module ** use strict; use warnings; use IO::File; use Fcntl qw(SEEK_END); use LWP::UserAgent; use HTTP::Request::Common; use DB_File; use URI::Escape ('uri_escape'); use lib qw( ..); use HTML::TableExtract; use LWP::Simple; #use Data::Dumper; use FileHandle; use IO::File; use Getopt::Long; use vars qw (%options); # How many hashes are there? (count the lines in the file) my $totalhashes = `grep -cve '^\\s*\$' ./md5.txt`; chomp $totalhashes; print "$totalhashes hashes to process\n"; my $line_number = 0; for ($line_number = 0; $line_number < $totalhashes; $line_number++) { my $output = $line_number + 1; print "Processing hash $output of $totalhashes\n"; # Read the desired line number my @lines = ""; my $tie = ""; my $filename = "./md5.txt"; $tie = tie(@lines, "DB_File", $filename, O_RDWR, 0666, $DB_RECNO) or die "Cannot open file $filename: $!\n"; unless ($line_number < $tie->length) { die "Didn't find line $line_number in $filename\n" } my $hashline = $lines[$line_number]; my $md5 = substr $hashline, 0, 32; # POST hashes to virustotal # URL to post to my $URL = "http://www.virustotal.com/search.html"; my $BrowserName = "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"; my $ua = new LWP::UserAgent; $ua->agent($BrowserName); push @{$ua->requests_redirectable}, 'POST'; my $response = $ua->post($URL, [ 'chain' => $md5 ], ); die "Error: ", $response->status_line unless $response->is_success; #open (RESPONSE, ">>./response.txt"); #print RESPONSE $response->content; #my $te = new HTML::TableExtract( depth =>0, count =>5, gridmap =>0); my $te = new HTML::TableExtract( headers => [qw(Antivirus Result)] ); $te->parse($response->content); my $finaloutput = new FileHandle (">> ./RESULT.csv"); my ($ts,$row); foreach $ts ($te->table_states) { foreach $row ($ts->rows) { unshift(@$row, $md5); $finaloutput->print ( join(',', @$row), "\n"); } } $finaloutput->close(); # die; } Folks, - If U have a webcam on your computer, U better cover it up ... - because hackers can access it & start recording ... - they can then post the footage on the internet ... - U might not know it, until its too late ... - This hacking program is downloadable and free ... (scary stuff)
Check this reporting from CNN: - Embedding disabled ... so click below and it will lead to U-Tube...Note: - I think video removed. None of the links below work ...
- Alternate is here: (maybe it might work) www.cnn.com/video/#/video/bestoftv/2010/10/03/nr.suicide.webcam.cnn
Last edited: 03-Oct-10 11:33 AM
Last edited: 04-Oct-10 03:11 PM
Last edited: 04-Oct-10 03:19 PM @pyara, keep up the good work! I like your zeal and aspiration. All, please continue sharing .. BTW, for those that aren't aware, and are interested; the site www.hakin9.org now allows users to download their monthly editions for free. This is one magazine that I've barely missed since the beginning of its publication, and purchased just about every edition. Local Barnes & Noble and Borders carry the printed copies that usually come bundled with a backtrack or similar Linux CD, and some bonus training videos @ times. Look out for this gem!
~@~
Yet another evil stuff: www.computerworld.com/s/article/9193201/How_to_protect_against_Firesheep_attacks Not that it really really makes a difference, but Sajha's vulnerable to this too.. San, TLS please?
~@~ Wikileaks.com which has leaked thousands of secret documents was taken down by a hacker who calls himself "the jester". I wonder if he is affiliated with some government body?? Read at CNN: http://edition.cnn.com/2010/US/11/29/wikileaks.hacker/index.html?hpt=C1 visa.com and mastercard.com DDoS'd by Wikileaks supporters: http://www.huffingtonpost.com/2010/12/08/visa-down-wikileaks-suppo_n_794039.html
http://www.pcworld.com/businesscenter/article/213589/ie_blows_away_rivals_in_browser_security.html
Some malwares are good at locking your computer so you cannot install/run any anti virus or anti malware.
If you have experienced any slowness, or unwanted behavior on your computer and you are unable to install any anti virus or anti malware then do the following: 1. Download Malwarebytes installation file to a USB flash drive *using a different computer* from this link: download Malwarebytes 2. Start the infected computer in "SAFE MODE" - See number 4 on how to start computer in SAFE MODE 3. After you start in Safe Mode, you can install Malwarebytes using the USB flash drive. Then run a full scan. After scan is complete it will give you option to delete all the malwares. Make sure you delete it. Also there should be a "Quarantine" tab, make sure you delete everything from the quarantine tab as well. 4. How to start in safe mode: Safe mode starts Windows with a limited set of files and drivers. Startup programs don't run in safe mode, and only the basic drivers needed to start Windows are installed. For more information, see What is safe mode? Safe mode is useful for troubleshooting problems with programs and drivers that might not start correctly or that might prevent Windows from starting correctly. If a problem doesn't reappear when you start in safe mode, you can eliminate the default settings and basic device drivers as possible causes. If a recently installed program, device, or driver prevents Windows from running correctly, you can start your computer in safe mode and then remove the program that's causing the problem. For more information about troubleshooting problems in safe mode, see Diagnostic tools to use in safe mode.
When your computer is in safe mode, you'll see the words Safe Mode in the corners of your monitor. To exit safe mode, restart your computer and let Windows start normally. Viewed 29483 times
| |||||||