Security stuff - things that you need to learn, cause the other guys know.

Security it is a very important thing when it comes to digital systems. Software is easy to break and unbreakable software hard to write. If not impossible.
Microsoft Office team deploys botnet for security research - Larry Osterman's WebLog - Site Home - MSDN Blogs

SANS Institute - CIS Critical Security Controls

CVE - Common Vulnerabilities and Exposures

CVE - Common Vulnerabilities and Exposures (CVE)
CVE security vulnerability database. Security vulnerabilities, exploits, references and more


SpiderLabs Anterior
Root25.com
Errata Security
Exploit Monday - Security Research and Esoteric PowerShell Knowledge
Dan Kaminsky's Blog | (Or: The Blog Formerly Known As DoxPara Research)
sla.ckers.org web application security forum
Links « Ascii for Breakfast
th3mast3r | pentest , Linux , hacking tools , IT security
Trike: Trike
Irongeek.com - Adrian Crenshaw's site on security,pentesting,weight lifting. MS Security Informatics.
Darknet - The Darkside - Ethical Hacking, Penetration Testing & Computer Security
Heid Security Blog | OSINT, Malware, Exploits, Vulns, and other interesting things I find on the Internet.

Mitigation - dedicated machine, use live CD || does your bank work with my lynx browser?

Alexander Heid. Modern CrimeWare Tools and Techniques - An Analysis of Underground Resources on Vimeo



MSRC - Site Home - TechNet Blogs - Security Response Center Blog.

Debugging / monitoring Tools

DebugView for Windows v4.74
RegMon for Windows v7.04
Microsoft TechNet: Windows Sysinternals
radare - Radare2 is an open-source reverse engineering toolkit, consisting of a disassembler, debugger and hex editor. radare examples
Overview - Bokken - Nexo - a GUI for the Pyew malware analysis tool and Radare the reverse engineering framework.


pyew - A Python tool for static malware analysis - Google Project Hosting

Rootkit detection

RootkitRevealer v1.71
DiamondCS ProcessGuard rootkit prevention
InfoProcess - Host Intrusion Prevention Systems
F-Secure BlackLight
The Strider GhostBuster Project
Resplendence Software - RootKit Hook Analyzer
Anti Rootkit Software - IceSword
Anti Rootkit Software - RootKit Unhooker

Hardening

Samurai - A Host-based Intrusion Prevention System

ARP Poisoning

Anatomy of an ARP Poisoning Attack | WatchGuard
Cain & Abel User Manual
oxid.it - Cain & Abel


Fixing the DLL loading vulnerability – Unhandled expression


Diego Benna's Blog: How to secure an Ubuntu 12.04 LTS server - The Basics
How to install PSAD Intrusion Detection on Ubuntu 12.04 LTS server | How To | The Fan Club | dynamic design solutions
psad - Intrusion Detection with iptables, iptables Log Analysis, iptables Policy Analysis
cipherdyne.org | System and Network Security
OWASP

Stenography

Malware Hidden Inside JPG EXIF Headers | Sucuri Blog - yes, those bay guys will hide data anywhere, even in your exif.
spread project
Embedding and Hiding Files in PDF Documents | Didier Stevens
exe2bat.py

##########################################################################
#
#   EXE to BAT converter Version 1.0                                     #
#   This will use the classic DEBUG method to HEX-encode an executable   #
#   into a batch script file. Enjoy.                                     #
#                                                                        #
#                                          rattle | awarenetwork | org   #
                                                                         #
##########################################################################
   
from sys import argv as a, exit, stdout
die = lambda x,n: stdout.write(x+'\n') or exit(n)

try: f,b = open(a[1],'rb'),open(a[2],'w')
except: die('[!] usage: exe2bat.py <exefile> <batchfile>',1);

FOOTER  = ''.join(map(lambda x:"%%E%% "+x+">>T\n",
 ["RCX","%X ","N T.BIN","WDS:0","Q"])) 
FOOTER += 'DEBUG<T 1>NUL\nMOVE T.BIN T.EXE 1>NUL 2>NUL\nT.EXE'

FC,CX = 0, f.seek(0,2) or f.tell()

if (CX > 0xFFFF): 
  f.close(); b.close()
  die('[!] filesize exceeds 64kb, quitting.',1);

f.seek(0,0)
b.write('@ECHO OFF\nSET E=ECHO\nDEL T 1>NUL 2>NUL\n')

for chunk in xrange(0x1000):
  t = f.read(16) or b.write(FOOTER%CX) or die("",0)
  if t.count('\0')==0x10: FC += 1
  else:
    if FC > 0:
      b.write('%%E%% FDS:%X L %X 00>>T\n'%((chunk-FC)*0x10,FC*0x10))
      FC = 0
    b.write('%%E%% EDS:%X '%(chunk*0x10))
    b.write(' '.join(map(lambda x:"%02X"%ord(x),t))+'>>T\n')

Random versus Encrypted Data | opensource.dyc.edu

using prefetch to find secret files.

8 bits: Live forensics: prefetch and powershell - cool, isn't it?, how about scary?

Programs built to crash

Exploits Database by Offensive Security
Embedded in Academia : 57 Small Programs that Crash Compilers
Crashing the Visual C++ compiler
c++ - Why does VC++ 2010 compiler crash when compiling simple code? - Stack Overflow
DVWA - Damn Vulnerable Web Application - PHP/MySQL web application that is damn vulnerable.

Black electrical tape

iSeeYou: Disabling the MacBook Webcam Indicator LED - enables video to be captured without any visual indication to the user and can be accomplished entirely in user space by an unprivileged (non- root) application. (a.k.a. No thought to security was given,geez.)

inaudible ultrasonic sounds slinging your data - unplug all your speakers...

Katee/quietnet - Simple chat program using near ultrasonic frequencies. near-ultrasonic chirps that can be received and interpreted by other, nearby computers. Quietnet is dependent on pyaudio and Numpy. Warning: May annoy some animals.

oh, and using your monitor to broadcast in the AM band - better disconnect that monitor too.

Tempest for Eliza - Tempest for Eliza is a Program that uses your computer monitor to send out AM radio signals. You can then hear computer generated music in your radio.

Heartbleed - oh my.

So, that secure software that you rely on uses OpenSSL. What year what that installed again? Oh man, you mean I have to touch the box again?
Yes, you should patch it..... or decommission it.


OpenBSD forks, prunes, fixes OpenSSL | ZDNet
OpenSSL Valhalla Rampage
?42: Is a strong caution about Heartbleed worth the disruption to distributions with a declared dependency on Crypt::SSLeay? - its not just the server that is vulnerable, the client is vulnerable to a remote attacking ssh server.
A Few Thoughts on Cryptographic Engineering: Attack of the Week: Triple Handshakes (3Shake)
A Few Thoughts on Cryptographic Engineering: Useful Cryptography Resources


The Mouse Trap: Raising Lazarus - The 20 Year Old Bug that Went to Mars - the integer overflow is evident.


How did they do that? | Richard Bucker - ** So how do we remain secure? Good question:

- know your hardware
- know your network
- know your infrastructure
- know your physical security
- know your operating system
- know your tools
- know your employees
- know your programmers, testers, etc
- know your process
- know all your 3rd parties

It comes down to full stack awareness... the stack happens to be much bigger than once thought.

Perl Cryto && random

A Gentle TLS Intro for Perlers - IO::Socket::SSL, IO::Async::SSLStream, openssl incantations.
What is wrong with perl's antique random number generator
?42: Don't leave randomness to chance (or, avoid using rand if it matters)
?42: Perl 5.20.0 brings a "better" PRNG to Windows
Perl 5.20 uses its own random number generator | The Effective Perler - rand() for Windows had a max of 32,768 (15 bits), while POSIX has drand48 (48 bits).
Math::Random::Secure - Cryptographically-secure, cross-platform replacement for rand() - metacpan.org - this one goes to eleven.

hardware hackers

Travis Goodspeed's Blog - GoodFET -- Home
samy kamkar - home
remote-exploit.org KeyKeriki v2.0 – 2.4GHz | remote-exploit.org


Open Source Software Management | Black Duck - tool helps identify open source code within your internal codebases.

---

< Prev  Next >