Binary 300 comic strip ruckus
Earlier today, this was making the rounds on twitter:
http://hackerschool.org/DefconCTF/17/B300.html
It’s a cute-looking manga-style comic about team Sapheads’ experiences with the “Binary 300″ challenge in the Defcon 17 CTF pre-quals. It’s kind of entertaining, and looks informative, if a bit engrish-y. I scrolled through it quickly, bookmarked it, and planned to give it a good read later.
At [...]
GhostExodus, the ETA, and a Control-Systems Incident at Carrell Clinic (Part 2)
If you haven’t read Part 1 of this story, then you really ought to take a look at it first. It serves as a good overview, and the criminal complaint filed by the FBI is a good read.
Yesterday afternoon was GhostExodus’ detention hearing. I’m not very familiar with the process one goes through after being [...]
Conficker.C Lecture Slides (and a couple of comments)
I guest-lectured the computer security class here today, and with it being the day Conficker.C starts looking for a payload, I figured it would be an excellent opportunity to deviate from the normal lesson plan. With the well-written Honeynet Project and SRI papers out there that describe the technical details of Conficker.C, it’s a great [...]
Script Kiddie Tactics (or the Lack Thereof)
When we describe the process an attacker goes through to compromise their target, we usually try to break it up into different phases with terms like reconnaissance, enumeration, probing, and exploitation. This varies when we talk about different kinds of attackers. Some, with no specific target in mind, will skip “casing the joint”, [...]
Tool Release: msramdmp – Image RAM after a cold boot
The Princeton guys that I mentioned in my last post have not released the tools that they used in their paper, yet. I wanted to play around with the way PC’s tend to retain memory, so I’ve written my own implementation of the RAM dumper they describe and show in their videos:
msramdmp – The [...]
Dissecting the crackmails.net Phishing-For-Hire Scheme
A week ago on the BinRev forums, a link was posted to a site that advertised the ability of the owners to hack any web-based email account. The link was to crackmails.net, however the same site was also available at yourhackers.net and hackpasswords.net (and perhaps more). The cost of this service was $100 [...]
Looking at Remote-File-Inclusion attempts
For some attackers, it’s just a matter of casting it out there to every possible target and hope something sticks. This sort of thing turns up fairly often in my logs, and probably yours too. This time, I’m going to use it to illustrate just how much intelligence you can gather about your [...]
Flash Redirects on Ebay
Last night, a friend pointed out an auction on Ebay Motors that would automatically redirect you to a phishing site. It turns out, the auction had a flash movie embedded that performed the redirect. Here’s the relevant bit of the auction’s code:
I haven’t bothered obfuscating the IP address, so don’t go poking around [...]
Published in Advances in Digital Forensics III
The paper that I presented at the IFIP WG 11.9 digital forensics conference, “Using Search Engines to Acquire Network Forensics Evidence” (using my tool GooSweep) has been published as a chapter of the new hardcover “Advances in Digital Forensics III” from IFIP and Springer. I just received my copy today, and I’m quite [...]
Tactical Exploitation at BlackHat 2007
HD Moore has placed the slides online for the talk he and Valsmith gave on “Tactical Exploitation” yesterday at Black Hat. I normally don’t like just reading through the slides for a talk, but until I can obtain some audio/video this’ll definitely do. One of the reasons I don’t like having only the [...]