Thursday, April 30, 2009

No Wired Connection

Upon Ubuntu 8.04 successfully installed, i found that is no Wired Connection in Network Administration.

lspci :

03:00.0 Ethernet controller: Attansic Technology Corp. Unknown device 1026 (rev b0)

ifconfig only lo shown.

Solution :

1. download the linux driver from:
2. unpack the zip file.
3. cd into /LinuxDrivers/L1e_Lan/l1e-l2e-linux-v1.0.0.4/src
4. then i ran: sudo KBUILD_NOPEDANTIC=1 make
5. then i ran: sudo KBUILD_NOPEDANTIC=1 make install
6. put a driver in /lib/modules/2.6.24-16-generic/kernel/drivers/net/atl1e/at1le.ko
7. cd into that directory and i run: sudo insmod ./atl1e.ko

It worked! Connected.

*Tested on Acer Aspire one D150-1Bk model: KAV10

Wednesday, April 29, 2009

Acer PQSevice partition

Tonight, i spent some time to install Ubuntu in Acer Aspire One, Hardy Heron as i haven't download Jaunty.

When i reached the Partition table stage, it showed that first sda1 is ntfs format, volumn label is PQService. Really curios on what happen to this.

With google, i noticed that it is the Acer restoration partition that stored the factory default setting. I think this may made the restoration faster and easier if any Windows corrupt.

As i will dual boot the lappy, the partition table created as
sda1 PQService
sda2 Acer
sda3 ext3
sda4 ext3 for this moment.

What confused me is the original boot flag set to sda2 partition.I chose install bootloader at default hd0, hopefully this will work.

Installing system, 76%.....

Monday, April 27, 2009

Book : Virtual Honeypots

It was such a lucky moment that i found this book in my library rack. My first reaction was " OH MY GOSH! How come i never see this before here!". My next reaction was grab the book and ran to the borrowing machine. Too bad why this book appear in my final exam time. It was so tempting, woot!

This book entitled Virtual Honeypots : From Botnet Tracking to Intrusion Detection by Niels Provos and Thorsten Holz. 

Love chapter 12 that about CWSandbox. I just realise that CW is the author name Castem Willems as this is part of his thesis and Ph.D studies.

CWSandbox is a behavior-based malware dynamic analysis tool. By submit the sample to, we will receive the analysis report in a while. These report in XML format.

It involves :

1. API hooking which will redirect the execution back to the original path after the monitoring process

2. code Injection which copy the hook functios into the target app's adress space, such that these can be 

called from within the target.

A lot sandbox example awaiting, CWSandbox, Norman Sandbox, Trueman..

As stated in Malaysia Honeynet project proposed task, our own sandbox wish to be setup. I hope to be part of it. 

Wednesday, April 22, 2009


As GSOC 2009 accepted student proposal annouced yesterday, all my 3 proposals flunk. It was so so so so so so dissapointed when  i read the email from Lance, President of The Honeynet Project.

"...After much review and consideration with our mentors we are sorry to say that we were not able to select your application... " 

I expected at least one out of 3 will be accepted as i put all all efforts that i could, especially the Linux Sebek Stealth proposal. However,this is the reality. Now, i wondering, should i continue with what i propose? or should i work on other proposed issue?

Anyway, i gain more than i expected during the application process. Sebek, nepenthes, AMUN, sandbox, Anubis, CWSandbox, ThreatExpert..... this jargon not new to me anymore. 

Thank all mentors especially Lance, David, Eugune, Rob and Tholsten for your guidance.


Friday, April 17, 2009

com.mysql.jdbc.driver error

As continued my ELISSA project, the execution of project keep gave me an error message :

Error : com.mysql. jdbc.driver.....

It just a simple exception and the solution we just need to include mysql-connector-version.jar into the Build Path. 

This simple error kill me around 4

Wednesday, April 15, 2009

Book : Professional Rootkits

Recently i am reading a book titled " Professional Rootkits" by Ric Vieler. more to go for me in Win32 kernel exploring.

" ZwOpenFile is the kernel mode equinalent of the user mode platform SDK function OpenFile. If you havent already guessed, this rootkit is a kernel mode device driver, complete with all the privilleges and complexity of kernel mode programming. File functions begin with Zw, I/O functions begin with Io, synchronization functions begin with Ke, resource functions begin with Ex, mapping functions begin with Mm, and string function begi with Rtl. "

Zw, Io, Ke, Ex,Mm,Rtl......

Thursday, April 9, 2009

My Linux Sebek Stealth Project

Really glad that the Honeynet project,Linux Sebek mentor contacted me. Thank you Eugene for your feedback.

For Linux Sebek stealth project, I really wish that i will be selected for my idea.

Here attached the project timeline that i plan to work on :

Saturday, April 4, 2009

Heading to GSOC 2009

After long waiting for 1 year,this time i must participate Google Summer of Code 2009! As the student application started on 23 March,i will crack my head and submit my proposal. When i first know about GSOC 2008, it was too late for me to participate as its due date. No matter how hard to be, i must give all out to join this time!

Kick start

It's high time for me to create a blog that served as my scribble place. So i can put up whatever i have learn about computer security, reverse engineering, malware, honeynet, linux, and etc. Here i come!