Tuesday, April 07, 2009

Fuzzer List

http://www.krakowlabs.com/lof.html

Tuesday, March 10, 2009

Passive DNS Replication

http://www.bfk.de/bfk_dnslogger_en.html

Wednesday, February 04, 2009

ZeroWine sanbox

I was excited when I read this blog last week.
Yesterday, I downloaded the required files, but was very busy with other tasks.
Today, I was able to make it work, and here's the screenshot:


Sweet :)

Note:
Some minor edit:

In the blog, the author mentioned about:
"vi /etc/udev/rules.d/z25_persistent-net.rules"

I just followed what other reader did:

"delete the previous line of generated entry, i.e. eth0 and rename eth1 to eth0"

Thursday, January 15, 2009

Dont mess with password stealer malware

When you're analyzing malware, make sure you're not connected online.
One time, I was analyzing a password-stealer malware, that (expectedly) collects cache passwords and other retrievable user accounts, before sending them to the presumably, hacker's server.

Gathered (read:hacked) credentials ranging from facebook, linkedin, banks, webmails, router and other accounts.
Take a look..you're user accounts might have been included:



Friday, January 02, 2009

How to clean virus infection?

Some "alternatives" on fighting malware infection:

> http://www.claymania.com/removal-trojan-adware.html
> http://www.malwarebytes.org/index.php
> http://www.pctipp.ch/index.cfm?pid=1411&pk=28470


VS2K8 toVS2K5

Not really into coding these days, so I dont know how to convert sln from VS2008 to VS2005, until I found this script from google code:

<----------------------
#! /bin/sh -e

# This script downgrades MSVC 2008 projects to MSVC 2005 projects, allowing
# people with MSVC 2005 to open them.  Otherwise, MSVC 2005 simply refuses to
# open projects created with 2008.  We run this as part of our release process.
# If you obtained the code direct from version control and you want to use
# MSVC 2005, you may have to run this manually.  (Hint:  Use Cygwin or MSYS.)

for file in *.sln; do
  echo "downgrading $file..."
  sed -i -re 's/Format Version 10.00/Format Version 9.00/g;
              s/Visual Studio 2008/Visual Studio 2005/g;' $file
done

for file in *.vcproj; do
  echo "downgrading $file..."
  sed -i -re 's/Version="9.00"/Version="8.00"/g;' $file
done

# Yes, really, that's it.

<----------------------

Of course, there could be other ways, but, as simple as this?!? :)

Tuesday, December 30, 2008

Koobface

I've traced and analyzed some variants of the infamous KoobFace worm, but I've seen this analysis from ThreatExpert pretty complete:

http://blog.threatexpert.com/2008/12/koobface-leaves-victims-black-spot.html

http://blog.threatexpert.com/2008/12/how-to-defeat-koobface.html