Elusive Thoughts

Intro Nowadays the only people that can actually do a decent Mal-ware analysis are ONLY antivirus research vendors such as Symantec and McAfee. The only thing a Security administrator or an Information Security Consultant can do is Mal-ware behavior analysis. That it is the initial stage of lets say a high profile Mal-ware analysis, but that might not be enough. There are no more than 1000 human beings in this planet that can properly reverse engineer a worm such as Confliker and start writing disinfection tools from scratch (or maybe there are, who knows) or they cannot do it in a reasonable amount if time. So the next best think from fully reverse engineering a Trojan horse is to do a behavioral analysis and try to confine or mitigate the malicious software. But to me it seems that it is not clear to many people on how to do that or what disinfection really means. For me disinfection means to completely identify how a virus behaves and use proprietary tools to restrain it in s...

Intro This post is the next part of my previous article called Over The Flow (Part 1).  In this post I will reproduce the server crush and try to identify how to position the shellcode meaning identify the EIP register position using Olly Debugger v1.0 . In the previous post I found out the server crushed when I inserted 126 end brackets (meaning this character }, translating to 7D in Hexadecimal) in the command LIST. So lets not lose any time. But before I do that I will explain some preliminaries first about the stack and the CPU registers. A little about the assembly x86 assembly language is a family of backward-compatible assembly languages, which provides some level of compatibility all the way back to the Intel 8008. x86. Assembly languages are used to produce object code for the x86 class of processors, which includes Intel's Core series and AMD's Phenom and Phenom II series. Like all assembly languages, it uses short mnemonics to represent the fundamental operat...

Intro This tutorial is created to show how simple penetration can become and promote constructive hacking/pen-testing (putting things together and combining knowledge to hack). Hacking/Pen-testing without the need to know how to program (at least not good programming skills :) ). I also got bored (one that is wearingly dull, repetitive, or tedious) not being able to find a decent buffer overflow tutorial to start learning what a want. Any way this article is going to show you how to identify buffer overflow the easiest way, after all you know (if you read my post that fuzzing is what I love doing). Fuzzing can help you to generically approach a wide variety of technologies, from Web Applications to C compiled programs. In order to be able to follow through this tutorial you have to understand basic assembly, Python (again I will write basic Python scripts) and a few stuff about buffer overflows. Why IMAP (Internet Message Access Protocol)? Text based protocols are the simplest ...

Intro This article refers basically to a very well known but also a very misunderstood Web Application vulnerability the Cross Site Scripting attack. What most of my clients do not understand is how an XSS attack can be used to compromise their Web Application Infrastructure. And it is logical since even the name of the attack is misleading, it should not be called Cross Site Scripting Attack, it should be called Script Injection attack. That is because when you manage to inject or else bounce a script to a web site then it will eventually end up to the users laptop and do damage. In this article it is implied that you already have a running Metasploit or know how to install and run Metasploit.  Exploiting XSS or else Script Injection attacks Stealing the session cookie is not the only way to take advantage of an XSS attack, so with an XSS attack someone under certain conditions can: Hijack the user session and cause user identity theft (which by the way is none traceable...