2011年9月6日 星期二

Securitybyte CTF walkthrough

FireEye Advanced Threat Report 1H2011

 FireEye 2011 Q1~Q2 惡意程式趨勢分析報告

http://www.fireeye.com/resources/pdfs/FireEye_Advanced_Threat_Report_1H2011.pdf

2011年8月4日 星期四

YARA v1.6!

“YARA is a malware identification and classification tool. It is aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.
It is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python extension.”




This is the official change log:
  • Added support for bitwise operators
  • Added support for multi-line hex strings
  • Scan speed improvement for regular expressions (with PCRE)
  • Yara-python ported to Python 3.x
  • Yara-python support for 64-bits Python under Windows
  • BUGFIX: Buffer overflow in error printing
Download YARA v1.6 (yara-1.6-win32.zip/yara-1.6.tar.gz) here.

2011年8月1日 星期一

WordPress Security Plugin

Secure WordPress beefs up the security of your WordPress installation by removing error information on login pages, adds index.html to plugin directories, hides the WordPress version and much more.
  1. Removes error-information on login-page
  2. Adds index.php plugin-directory (virtual)
  3. Removes the wp-version, except in admin-area
  4. Removes Really Simple Discovery
  5. Removes Windows Live Writer
  6. Removes core update information for non-admins
  7. Removes plugin-update information for non-admins
  8. Removes theme-update information for non-admins (only WP 2.8 and higher)
  9. Hides wp-version in backend-dashboard for non-admins
  10. Removes version on URLs from scripts and stylesheets only on frontend
  11. Blocks any bad queries that could be harmful to your WordPress website


參考:https://wordpress.org/extend/plugins/secure-wordpress/

2011年7月4日 星期一

提醒 vsftpd-2.3.4 內含後門


在版本 vsftpd-2.3.4 同時存有後門,因官方網站先被入侵後,攻擊者在最新版下載點裡面的程式動了手腳,偷塞了後門程式進去!

相關細節
http://pastebin.com/AetT9sS5
http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html

Metasploit vsftpd backdoor demo
http://www.youtube.com/watch?v=WgXm0tgRMos&feature=player_embedded#at=39

2011年6月27日 星期一

Attacking Log Analysis tools

Attacking Log Analysis tools
http://www.ossec.net/main/attacking-log-analysis-tools

Log Parser 2.2
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24659

Log Parser Lizard GUI
http://www.lizard-labs.net/log_parser_lizard.aspx

Firewall Log Analysis
http://www.firemon.com/loganalysis.aspx?gclid=COf0xN7Y1akCFQfhbgod7Cp_NA