Wednesday, December 31, 2008

Flash movie analyzers

Here is an online tool that perform an analysis of a Flash movie, this is very interesting for analyzing potential malware movies:


Another tool is the WepaWet, this one handles Flash and Javascripts files:


Here we can find some interesting tools like the SWFdump and SWFstrings:


Also here is an interesting post, on analyzing Flash:


Thanks to Vicente for the links
Enjoy

-CMM

Secure deleting a Macbook (pro) with OSX

Yesterday i was preparing my old Macbook Pro for selling, and after doing a backup i wanted to do a secure delete of all the hard disk content. So i started to search for a software or a solution (before using a live CD) and i found that the OSX include the option to do a secure delete in the "disk utility", best of all is that the cupertino boys have 3 different kinds of secure delete, with different levels of security, to prevent the file recovery.

Zero Out Data:

This method writes zeros over all of the data on the drive. This provide a decent level of file security,there are forensics utilities that in theory could retrieve some data however they are extremely expensive and time consuming and there are no documented cases of this actually taking place.

7 pass erase:

This method will write data over the disk seven times, and will take 7 times longer than Zero Out Data. This method is compliant with the D0D 5220.22-M specification, meaning that it is virtually impossible to retrieve the information.

35 pass erase:

If you are paranoid or you really need to protect some files, you can use this method that writes the entire disk 35 times... It is said that this method is really impossible to recover. Also this option will take ages to finish.

Well after checking the options, i went with the 7 pass erase method, and for a 150GB partition it took 7 hours to complete, now i had to do the same for the 100GB partition :(

Reference: http://danbenjamin.com/articles/2008/05/secure-erase-osx
-CMM

Tuesday, December 30, 2008

25C3 Chaos Communication Congress videos

The 25C3 is finishing and the videos of the presentations are available here:


Enjoy

-CMM

Usename check!

After the presentation i gave at IV Spanish OWASP meeting, many people asked me about the website that checks if a username is registered at different websites (Social networks, web 2.0, etc).

The website that i use is: http://www.usernamecheck.com/

It has more than 70 sites for checking, this is very interesting when doing information gathering, or forensics investigations.

Next post i will show how can this site will help us.

Enjoy

-CMM


Friday, December 19, 2008

Netifera - Network security Analysis

A new framework is being cooked at Netifera.com, it is coded over Eclipse framework, so the application will be able to run in all platforms, right now there is only two packages Linux and OsX.

A description taken from their website:

"At netifera we are building a next generation platform for network security analysis.

Our architecture is a radically innovative approach to managing high volumes of network information.

Our free and open source platform provides the framework for creating and integrating security tools with a flexibility that has never been possible before."

The team is made of people who has worked in CORE, Sebastian Muñiz and Luciano Notarfrancesco, were the ones that presented the tool at XCON in china.

You can download the beta and get more information HERE

-CMM



Wednesday, December 17, 2008

Blackhat Japan 2008 Presentations


The presentations and the audio files are available to download,

You can get them HERE

Enjoy

-CMM

Malware Hash registry

Team Cymru has launched a look-up service that allows you to query their database of many millions of unique malware samples for a MD5 or SHA-1 hash of a file.

The service is free for non-commercial use.

The results of the query, will output the date the sample was first seen, and the detection rate of 30 AV engines.

Also you can cross check with the www.virustotal.com engine hash check option

More information HERE

-CMM

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...