TWITTER ACTIVATED Yes, from now on you can check out my security feeds via the twitter application. Just follow me at https://twitter.com/securityworld But for full blogposts, you should come back here!
CHEAT SHEETS Having limited storage myself in my head, I stumbled on these organized summaries made by experts on the net. They are a great way to refresh your skills. Mind you that the below cheat sheets are related to information security topics like incident response and Google hacking. Using your favorite search engine you should be able to find sheets on any topic.
Note: the below links are direct links, so the PDF files are fetched from the sources directly. You can safely trust these PDF files. In case you just came back from the moon, PDF files can be malicious as expert Didier Stevens explains on his blog.
SECURITY CONFERENCES Having attended the OWASP AppSec Europe 2008 conference in Gent mid May this year, I must say that some lectures gave me a lot of new ideas how all this is going to evolve. Not only was there a great mix between different nationalities, the conference was the first of its kind that was professionally organized and was all about the topic secure web application and secure software.
Take in count that web applications are only a subset of software so the insecure pieces of code don't only reside on web apps but definitely also on the underlying software components like the OS. For the presentations, you can check them out here. Those Americans (Mark Curphey, Gary McGraw) really knew how to get the right level of interaction with the audience.
The social dinner and the musical performance in the "Patershol" area of ancient Gent made the conference also a fun event where people could enjoy themselves without having the talk about XSS attacks and SQL injections ;-)
Last week I attended the yearly ArcSight use conference in Washington DC. It's a great conference organized by ArcSight for it's customers and provides lectures, social activities (the boat party was really cool!) and plenty of networking possibilities. Compared with 2006, this years connect the dots edition really aimed towards an information/business conference where more companies are using the deployed SIEM infrastructures to create new business models.
It's interesting to see companies nowadays establishing a service offering to help enterprise customers define and deploy use cases by solving real-world business challenges associated with: data loss, theft, incident remediation, and government and industry regulatory compliance.
I'm also planning to attend the yearly hack.lu conference. A three days conference in Luxembourg, for bridging ethics and security in computer science. Mark in your agendas: October 22, 2008 – October 24, 2008 @ the Parc Hotel Alvisse. Check out the presentations outline here.
ONLINE COURSE While skimming rootsecure.net, I stumbled on a course F-Secure organizes at the technology university of Helsinki that goes in detail on Malware Analysis and Antivirus Technologies.
If you are interested in knowing more about how to use the tools, to get the in and outs on this topic, go check it out here! The whole course material was made public..
And later this year, there is the known security research gathering on "Detection of Intrusions and Malware & Vulnerability Assessment"
It's sponsored by Google and some other big shots.
In case someone reads this and has intentions to go, drop me an e-mail/comment so we can meet on July 10-11th in Paris.
MALWARE With Storm and the recent Kraken botnet, there is a whole new dimension added to the threat landscape causing a lot of havoc to businesses. Not only is this malware activity difficult to detect by anti-virus software, it's a hard job for system administrators to keep their internal clients clean from this type of malicious code.
The Kraken code turns the infected host into a bot with an internal SMTP engine that it engages in sending out SPAM. At the moment the Kraken infection is only being used for spamming the usual scams... but for how long?
To elaborate a bit on the Kraken bot, I have to say that these pieces of code become very advanced! It uses stealthy mechanisms, obfuscates their payload and uses encrypted communication channels to receive instructions from the bot herder.
The malicious Kraken code is apparently evading detection by a combination of clever obfuscation techniques, including regularly updating its binary code and structuring the code in such a way that hinders any static analysis, says Paul Royal, principal researcher at Damballa.
Damballa is one of the security startups that help organizations fight these botarmies. They recently saw single Kraken bots sending out a wh00ping 500,000 pieces of spam in one day...
When further reading on the topic I found out that ThreatExpert is a great source on the net for people interested in malware analysis and fighting these ongoing threats. The company based in Ireland developed a smooth front-end on their virtualized infrastructure which "fingerprints" the malware from A-Z.
When uploading your malicious binary to ThreatExpert, the application spits out a detailed description and analysis of the behavioral effects. It records the changes that the code made to the OS once the infection takes place and throws everything into a nice report.
Classic anti-virus vendors have the disadvantage as the exposed window stays open until anti-virus software is updated. Until then there is a window where basically the company is blind to the havoc the infection is causing. Threats going from information leakage to taking up network resources (DoS) could potentially happen without funded understanding of what's really going on making the companies network out of control.
To survive the exposure window, the ThreatExpert report can help you out in better understanding what is going on. The report can be used to bridge this window as it gives insight information to security officers allowing them to start implementing ad-hoc countermeasures like blocking ports on border firewalls, isolate infected machines, safeguard detailed forensic evidence etc
Meanwhile the anti-virus companies work day and night to reverse engineering the new malware code. The infected company has to implement temporary countermeasures until the updated database signatures are pushed. Only then an organized, supported cleanup of the infection can start together with the security partner.
KEYLOGGER Keyloggers come in all kinds of different forms. When you launch your query on Google to download one, it spits out 9,820,000 search results.
The problem you may notice when playing around with software based keyloggers is that most of them come with ad-ware, malware and cost money.
My personal recommendation goes to Sebek which is part of the Honeynet project. You can find this very stealth keylogger with more information and the software download instructions on the Sebek homepage.
Last week at the Amsterdam's BlackHat security conference there was the biologger presentation from Matt Lewis which explains a biometric keylogger that can capture biometric prints.
Once taken off-line there are ways to subvert the biometric system which ultimately could lead to information on the recreation of a user’s raw biometric image. A use case could be that an attacker replays this information in a spoofing attack for granting access to a secure room. By feeding this into the physical access control of the armored door the hacker successfully authenticates and is authorized to enter the room.
This points out once more, that blocking off not allowed physical access to an important asset is hard to defend against.
Want more information, check out Matt's presentation here
I didn't came across some free biometrics pentesting software suites, but it's going to be interesting to watch this space..
I have quickly uploaded a small video on some fireworks which I saw at the oude markt in leuven, Belgium on New years eve. Expect some more videos soon..
BAGAZOO.COM Recently one of my dear brothers developed a full e-commerce business and asked my to make some publicity ;-) Thomas wrote a small text, so give him your support and buy a lot! Here it goes...
Bagazoo brings you big brands in handbags, luggage, backpacks, laptop bags and more. Secure payment, fast delivery and unbeatable prices are guaranteed. Subscribe to the newsletter to benefit from the regular promotions and to be sure that you buy your bags at the best possible price. As an authorized dealer we guarantee origin and quality of the products you order.
Shop for yourself or for the dozens of perfect holiday gifts and save 15% on your first purchase until 24th of December!
We are constantly adding new brands and products to the website so be sure to come and visit us often! Current brands include Delsey, Hedgren, Camelbak, Marc O’Polo; brands coming soon are Kipling, Adidas, Diesel and many more.
HOW TO INSTALL BACKTRACK ON YOUR USB STICK A while ago I went to hack.lu and the night before I was installing Backtrack on my USB stick. I got some questions about how I did this so I wrote a work instruction. It explains every step in order to achieve a USB based linux pentesting environment with different modules pre-installed, read/write control and swap space benefits.
HACK.LU 2007 Last week there was the yearly gathering in Luxembourg (Kirchberg) bringing back together the people who breath IT security for a 3 day conference.
Just like last year, the agenda was very promising...
I arrived Wednesday evening in the Novotel at about 23h30 spending the rest of the evening partitioning my Sandisk Cruzer (4GB) and configuring the backtrack image.
I'm drafting up a small document explaining in easy steps how you can do this yourself. It's convenient if you want to prevent data leakage from your corporate windows image. By booting of a memory stick instead of a CD it's quicker and read/write access is no problem at all.
The rest of the 3 days I really enjoyed Saumil's workshop on Thursday morning teaching how to write exploits in the MetaSploit 3.0 framework. Lance Spitzner's (founder honeynet project) view on fast-flux service networks was very amusing also. By the way, great person to meet and drink a couple of beers with ;-)
Automated malware detection programs (botspy), e-passport and rfid snooping, exploiting SAP internals and wifi fuzzing (from the France Telecom R&D guys) were some of the topics that past the venue. Depending on how busy my tail -f /var/log/syslog was ;-) I spend most of the time listening, brainstorming on security related matters letting me understand that creativity is an important asset to have.
You can find some high level notes that I made here.
Some rich bookmarks will be posted in the next couple of days revealing more content in line with the hack.lu agenda.
Again I was very happy being able to attend the conference and once again I've met interesting people!! Hack.lu, cu next year!
CHAOS COMMUNICATION CAMP After the 2003 edition, exactly 4 years later, we left for Berlin again, entering the digital world... After a 12 hour drive we arrived at the camp. For the record, it was 5h30 Friday morning when we hooked up our electricity cable to the plug @ the Austrian village. We weren't exactly friends with the Austrians cause they needed so much space that we had to move everything, a location which after the rain shower was less flooded then their lounge area ehe :-)
Atmosphere was very good, some nice people from all over Europe attending the conference made it a success again. Although personally I found the lectures not from the same quality as @ WTH and HACK.LU
NEW YEAR 2007 Hello folks, securityworld.be is still a life!! Shooting pics lately was limited to some parties like the ones just uploaded on the new year eve party where we joined the celebrations in a night club somewhere in between Brussels and Antwerp.
I hope all of you are doing well in the first month of the new year. You need to keep coming back for more pics on securityworld.be, cause in less than a week we hit the French slopes for the famous wintersport... check out the teaser from last year @ ValThorens. # posted by Welcome @ 22:37
[0] comments
Monday, October 23, 2006
HACK.LU 3 day IT security conference in the financial area of Europe, Luxembourg. Listening to lectures from a chair with laptop on my knees, I truly enjoyed the experience and the variaty of people that attend such a conference, nice 0-day demos and chill atmosphere -well done to the peops who organised it.
Find my notes here and the link to hack.lu to check out the offcial conference website and all the presentations. # posted by Welcome @ 23:15
[2] comments
Monday, October 16, 2006
ANDALUSIA 2006 Been going over the 300+ photos we took on our summer holiday! Click on the lizzard to check out some of our moments:
