Create an Account
username: password:
 
  MemeStreams Logo

Security Reads's MemeStream

search

Security Reads
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Security Reads's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Automating AV signature generation « blog.zynamics.com
Topic: Miscellaneous 11:13 am EST, Feb 23, 2010

Automating AV signature generation
By Thomas Dullien

Hey all,
I finally get around to writing about our automated byte signature generator. It’s going to be a bird’s eye view, so if you’re interested you’ll have to read Christian’s thesis (in German) or wait for our academic paper (in English) to be accepted somewhere.

First, some background: One of the things we’re always working on at zynamics is VxClass, our automated malware classification system. The underlying core that drives VxClass is the BinDiff 3 engine (about which I have written elsewhere). An important insight about BinDiff’s algorithms is the following:

The Zynamics guys always have a different way of thinking. Great work again!

Automating AV signature generation « blog.zynamics.com


Hex blog: An attempt to reconstruct the call stack
Topic: Miscellaneous 10:52 am EST, Feb 23, 2010

An attempt to reconstruct the call stack
Walking the stack and trying to reconstruct the call stack is a challenge (especially if no or little symbolic information is present) and there are many questions to be answered in order to have a correct call stack:

Hex blog: An attempt to reconstruct the call stack


Matasano Security LLC - Chargen - Exercises for a burgeoning Army of Ninjas
Topic: Miscellaneous 10:24 am EST, Feb 23, 2010

At SourceBoston 2009 fellow New Yorker Dan Guido did a talk entitled “So You Want to Train an Army of Ninjas”. Dan’s talk was on his experience organizing the CSAW competitions at NYU:Polytechnic. If you are unfamiliar with the annual awesomeness that the ISIS program at NYU:Poly puts together, you can read more about the whole event here. To quote someone on twitter “If all of school was like [the program at NYU:Poly] maybe I wouldn’t have dropped out.”

This is a good read. I still think teaching yourself these skills as opposed to 'learning' them is a vital step.

Matasano Security LLC - Chargen - Exercises for a burgeoning Army of Ninjas


Abusing WCF to Perform Remote Port Scans - Gotham Digital Science
Topic: Miscellaneous 10:48 am EST, Feb 22, 2010

Last weekend at Shmoocon, I demonstrated how an attacker can trick certain WCF web services into performing an unauthorized port scan of machines behind a firewall. For those that were not able to attend the talk, the slides are posted here. The part that covers the port scanning technique may not be clear in isolation, so I’ll try and explain it in detail. The problem is related to the WSDualHttpBinding, so in order to understand how the scanning technique works you must first understand some WSDualHttpBinding basics.

Abusing WCF to Perform Remote Port Scans - Gotham Digital Science


Dailydave: XSS in viewstate
Topic: Miscellaneous 10:07 am EST, Feb 22, 2010

http://www.hacking-lab.com/misc/downloads/ViewState_Afames.pdf This, on first glance, looks real to me. Does anyone have any comments on it? ViewState is pretty complex and fairly opaque. If I understand properly, MS does not publish the full specs to it? Maybe the Mono team found them somewhere?

Dailydave: XSS in viewstate


Adobe Reader and The Unspecified Vulnerability - Blog - Blog & News - Company
Topic: Miscellaneous 10:18 am EST, Feb 19, 2010

14:53 CET on the 19th February 2010. Entry written by Alin Rad Pop.

Adobe Reader has been recently updated to version 9.3.1, fixing a vulnerability for which no details were provided. Quoting the vendor: "In addition, a critical vulnerability (CVE-2010-0188) has been identified that could cause the application to crash and could potentially allow an attacker to take control of the affected system."

Adobe Reader and The Unspecified Vulnerability - Blog - Blog & News - Company


Microsoft Malware Protection Center : Restart issues on an Alureon infected machine after MS10-015 is applied
Topic: Miscellaneous 9:57 pm EST, Feb 18, 2010

The Win32/Alureon family of malware is a complex set of components which perform various functions. These include the modification of DNS settings, search hijacking, and click fraud. Alureon has existed for several years and has undergone a number of evolutionary changes. The ability to “infect” the miniport driver associated with the hard disk of the operating system is a recent notable change. This functionality first appeared around August 2009. For the most common system configuration (for machines using ATA hard disk drives) , the ATA miniport driver ‘atapi.sys’ is the file which is targeted.

Microsoft Malware Protection Center : Restart issues on an Alureon infected machine after MS10-015 is applied


Assured Exploitation training course at CanSecWest
Topic: Miscellaneous 9:53 pm EST, Feb 18, 2010

Feb 17, 2010

Dino Dai Zovi and I are going to teach a two day training course at the CanSecWest conference in March of this year. Our course is titled Assured Exploitation and will focus on the advanced exploitation techniques required for developing state of the art exploits for Vista and Windows 7 systems.

Assured Exploitation training course at CanSecWest


Hex blog: Scriptable Processor modules
Topic: Miscellaneous 3:23 pm EST, Feb 17, 2010

If you like this feature, make sure to apply for the beta testing of next version when we announce it!

Hex blog: Scriptable Processor modules


The Security Development Lifecycle : VC 2010 and memcpy
Topic: Miscellaneous 12:54 pm EST, Feb 17, 2010

A year ago, I wrote a short post about us banning memcpy in the SDL for new code. Well, I’m happy to announce that in VC++ 2010, we have made it much easier to remove potentially insecure calls to memcpy and replace them with more secure calls to memcpy_s; it’s automagic, just like we do did for other banned functions!

The Security Development Lifecycle : VC 2010 and memcpy


(Last) Newer << 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 >> Older (First)
 
 
Powered By Industrial Memetics
RSS2.0