Friday, June 26, 2009

No more Mibbit on Freenode

Just find out that Freenode is not supported 0by Mibbit web irc client anymore,started from 19 June 2009. Mibbit usually is my web client to Freenode, and i really disapointed with this disabled access.

As mentioned by Jonathan David in :

"As of today we have disabled access to the freenode irc network via mibbit. While there are numerous reasons for this, it ultimately comes down to the ability to prevent abuse via this client. "

"...In response to this, we have implemented our own web gateway at ..."

The Freenode webchat is less features than Mibbit and the ugly interface yet to improve.

Anyway, i will stick on this Webchat for a while.

Friday, June 12, 2009

Pen-Test note


Some Pen-Test tools, almost all can find in BackTrack3

./ -t ip
./nikto -h ip -p 80
openssl s_client -connect | more

nmap (for OS detection, it needs at least 1 open and 1 closed)
unicorn scan (for OS detection, just need 1 open or 1 closed)

More to learn..

Thursday, June 11, 2009

Blue Pill PoC

This few days just attend a malware analysis training. This Blue Pill PoC really catch my eye as i think virtualised malware will be the spot for next coming years.

Note :

Virtualized Malware …
-Example: Joanna RutkowskasBlue Pill PoC
-Exploits AMD64 SVM extensions to move the operating system into the virtual machine (do it ‘on-the-fly’)
-Provides a thin hypervisor to control the OS
-Hypervisor is responsible for controlling “interesting” events inside the guest OS

Which means:
-Switches the real OS to the background and installs the virtual one on the fly –no rebooting or any other changes
-User thinks, that the virtual Environment is the real one
-There is no way to detect the change, because the original OS is not visible and the Rootkit hides all other tracks
-Some theories about higher Entropy in Memory –but this is real academic
-Very emotional discussion on “How to detect Blue Pill”