YARA is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts using the yara-python extension.
Project page: http://code.google.com/p/yara-project/
-CMM
Tuesday, January 13, 2009
Yara Malware Classification tool
A new Malware classification tool is on the block, YARA is a tool aimed at helping malware researchers to identify and classify malware samples.
Monday, January 12, 2009
Recruiting and Managing Geeks
Via CarnalOwnage i found a very interesting link about recruiting Geeks or technology savvy candidates. The article is called "Open letter from geeks to IT recruiters" and it gives tips to recruiters on how they have to evaluate a candidate for IT. There is also a part about managing Geeks, and that part is more interesting from my point of view.
Here are some tips they gave about managing Geeks:
- Try to measure productivity in output and not in hours. (article)
- Assign tasks to the geeks who are most interested in them, not the ones with the most experience.
- Segregate the corporate, compensatory hierarchy from the leadership hierarchy. Basically this mean that the Geeks will organize in a meritocracy, following the group guru. In my opinion not always will be this way, but a halfway option could be good.
I would like to add some others:
- Allow them to work remotely.
- Don't impose absurd procedures, that consume time.
- Listen to their opinions usually they have very good alternatives or ideas, they are problem solvers and like challenges.
- Don't impose online content control/management, they are the "online generation", if they are productive why to worry if they are chatting or browsing the net. Most of the times they will be reading information that will improve their work and knowledge, and this is good for you.
- Give recognition, most of the business today relay on their work, stop and think again how much of your business relay on their work. Management tend to know the work of the geeks when things goes bad, what about of recognize them when everything goes smooth ?
- Don't burn them, they will leave, they do not tend to stay as other kind of employees.
- Give them the correct equipment, why people don't understand that a 3 year old computer is not adequate for doing the job in conditions? It's true that they work but they performance is awful and that will demotivate the geek. They spend the whole day working with the computer, usually multitasking, go and buy them a good and powerful computer, with a big screen or multiple screen setup, productivity will boost... and remember 19" is not a big screen...
- Let them wear casual clothes in your company, they are not too friends of the tie. But they understand that if the need to go to customer office is necessary to wear the suit.
- Provide them with a creative environment.
- Give them training, they will take advantage of it.
Some of this are taken from the "How not to lead geeks".
Do you have other tips?
-CMM
Friday, January 9, 2009
Virustotal uploader
Here is a new handy tool for uploading files to virustotal.com, this program will add an entry for the contextual Windows menu to send the file to virustotal.com
For the ones who don't know, virustotal.com offer a service of online antivirus, using 39 antivirus engines. It's very useful when you need to check a downloaded file or a suspicious file during an investigation.
You can check it here
Info via lifehacker.com
-CMM
Thursday, January 8, 2009
Canvas + Nessus + D2 Bundle
It's good to see how products try to join forces and try to integrate them as much as possible to facilitate the tasks of the pentesters.
Now the guys at Tenable Networks Security, Immunity and Dsquare Security are offering a 20% discount if you buy the bundle, Nessus Professional Feed+ Canvas + D2 exploit pack
An example of integration is the plugin that D2 developed, that allow you to import the Nessus results in Canvas, and analyze them to show which exploits can be used on the detected vulnerabilities.
Here is a video where you can watch this feature
Another feature is that the hashes (LM/NTLM) retrieved with Canvas can be fed into Nessus to perform local checks.
You can have more info here
Wednesday, January 7, 2009
Cisco IOS emulator
Today a discover a great piece of software called Dynamips that will allow us to emulate the CISCO IOS, and run virtual routers and PIXes. You heard right "Emulate" not "simulate", the software actually runs the IOS and let you create interfaces, the software is command line but there is other interesting project called GNS3, which is a graphical network simulator that allows simulation of complex networks.
I'm starting to play with this thing, but seems pretty solid, there are people that are running in their homes as PIX firewalls, routers, ipsec vpns and QoS, with GNS3.
This is very interesting when you need to test something in a real IOS, and you don't have the necessary hardware.
Enjoy-CMM
I'm starting to play with this thing, but seems pretty solid, there are people that are running in their homes as PIX firewalls, routers, ipsec vpns and QoS, with GNS3.
This is very interesting when you need to test something in a real IOS, and you don't have the necessary hardware.
It's important to remark that you will need the CISCO IOS images.
Enjoy-CMM
25C3 Presentations
As usual the last 25C3 was held in Berlin, and the presentations are online (not all of them)
You can download check it here: CCC presentations
Enjoy!
-CMM
You can download check it here: CCC presentations
Enjoy!
-CMM
Thursday, January 1, 2009
IE7 0day
Hi we open the year with a guest post from Vicente Diaz, he will participate with guest posts during this new year 2009, Welcome Vicente!
Last vulnerability in Internet Explorer 7 was a bad one, affecting all previous versions and giving little time to patch it since malware started to take advantage of it. As explained in my post at S21sec´s blog (spanish), the vulnerability was used in a massive SQL injection campaign along many other vulnerabilities affecting Real Player, Adobe Acrobat and MS Office among others.
The discovery of the vulnerability seems to be in China, rounding the dark market by mid November, but the disclosure was after MS patching Tuesday during December. However, the question of HOW it was discovered has not an easy answer ... I was reading about this at Microsoft´s blog and it is not clear at all. Even using SDL this vulnerability is not easy to spot, much more difficult without having the code (as I assume). There is not much room for fuzzers (but they might be useful), and not likely to happen just by chance, so it seems someone really took bug finding in IE 7seriously.
You see these vulnerabilities appearing from time to time, but when you stop to think about this, is really amazing. As guys at MS say, bad guys have all time in the world to look for vulnerabilities but developers have tight deadlines and limited resources. This is true, and this makes necessary the use of several layers for security, but my final thought is that bad guys are going really professional, so we still have a lot of work to do to stop them.
Last vulnerability in Internet Explorer 7 was a bad one, affecting all previous versions and giving little time to patch it since malware started to take advantage of it. As explained in my post at S21sec´s blog (spanish), the vulnerability was used in a massive SQL injection campaign along many other vulnerabilities affecting Real Player, Adobe Acrobat and MS Office among others.
The discovery of the vulnerability seems to be in China, rounding the dark market by mid November, but the disclosure was after MS patching Tuesday during December. However, the question of HOW it was discovered has not an easy answer ... I was reading about this at Microsoft´s blog and it is not clear at all. Even using SDL this vulnerability is not easy to spot, much more difficult without having the code (as I assume). There is not much room for fuzzers (but they might be useful), and not likely to happen just by chance, so it seems someone really took bug finding in IE 7seriously.
You see these vulnerabilities appearing from time to time, but when you stop to think about this, is really amazing. As guys at MS say, bad guys have all time in the world to look for vulnerabilities but developers have tight deadlines and limited resources. This is true, and this makes necessary the use of several layers for security, but my final thought is that bad guys are going really professional, so we still have a lot of work to do to stop them.
-CMM
Subscribe to:
Posts (Atom)