I just realized that my Friday post said Thursday as the day of the week. Oops….QA is fired!
Here’s the list:
Detecting BBB/IRS/FTC/Proforma Trojan-Infected Users on Your Network – Here is a good example of where system and device logs are important.
If you keep logs of firewall/proxy or DNS server traffic, you may be able to spot infected users by traffic analysis. This activity has been going on since at least February, so it is prudent to go back in the logfiles at least until the beginning of 2007 when searching.
Trinity Rescue Kit – Free Recovery and Repair for Windows – Another good tool to keep in your back pocket.
Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.
A summary of the main features:
- easily reset windows passwords
- 4 different virusscan products integrated in a single uniform commandline with online update capability
- full ntfs write support thanks to ntfs-3g (all other drivers included as well)
- clone NTFS filesystems over the network
- wide range of hardware support (kernel 126.96.36.199 and recent kudzu hwdata)
- easy script to find all local filesystems
- self update capability to include and update all virusscanners
- full proxyserver support.
- run a samba fileserver (windows like filesharing)
- run a ssh server
- recovery and undeletion of files with utilities and procedures
- recovery of lost partitions
- evacuation of dying disks
- UTF-8 international character support
Heap Spraying vs. Heap Feng Shui – Good explanation of some proof of concept code.
The heap allocation code used in this exploit was quite advanced and completely different from the conventional Heap Spraying code used in the attacks that I’ve seen so many times. In this case, the exploit page (keyframe.html) used a special compact heap manipulation library named “heapLib.js” which after some investigations introduced me to the mystical world of the “Heap Feng Shui”.
How to create a computer-emergency response team – Although not a single source of information this article does get you started with important information on how to form a CERT.
Perhaps the most important thing needed for a successful recovery from a data breach is a prebuilt team of employees, pulled from different departments, who can lead the company out of crisis.
New Skillz Challenge! – For those of you with some free cycles.
Hello, Challenge fans! The Intelguardians crew is back this month with another challenge to tickle your fancy and bake your noodle. This month, Matthew Carpenter takes the helm, penning a challenge based on the movie Serenity. Shockingly, a recent SFX magazine poll found that Serenity had overcome Star Wars as the most popular Sci-Fi movie among its readers. It’s amazing what someone can accomplish with a bot-net voting in these on-line polls… Isn’t it, Matt? I hope you enjoy the challenge, as you help the Serenity crew thwart a nasty bot-net to escape the Reavers and the Alliance.
Netstat Revealed! – Another video to add to your collection.
Another video in 2-3 days… I think i this becoming like a mania for me… Anyway in this video i played around with netstat so that for those who do not play with it could see the possibilities it offers to us
Visually Assessing Possible Courses of Action for a Computer Network Incursion – New paper posted to the SANS Information Security Reading Room.