Skip navigation.
Home

blogs

You gotta be kidding!

The world doesn't need a blog from me...
Now go find something usefull to do.

I need help!!!!!!!!

I am very new to this and I feel very unsecure when I set down at my system. Is there anyone who might take a minuite to show me some quick tips besides the stuff microsoft already shows you online. I would really like to learn and see communication using an open port. I just dont understand .

For consideration

I suppose this is a question to everyone reading this blog. If you were to have a tool that could locate similar instruction sequences in some large database, say all of the binaries on an installation, what would you like to see it do?

Based on the work/analysis of valsmith and others, I'm going to start by seeing if Win32.Klez has anything in common with Ubuntu, SuSE, and Mandrake.*

As I don't expect that to return any results, does anyone have any good Linux malware w/ analysis?

* Yes, I do realize that I'm doing a cross-platform analysis. Unfortunately, the people funding my research will not let me assume the risk for analysis of Windows.

New Security Analysis Tool

As I don't know exactly where to begin, I will begin in medias res. I've been spending some time now on a number of techniques to automate portions of reverse engineering for security analysis most of which have been inspired by bioinformatics-type approaches. I don't have any succinct documentation to this point in time, but that will change in the next two-to-three weeks.

test

this is just a test - there is nothing more to see here.

It's not that I'm an uninteresting person, mind you. I just don't care about providing a level of entertainment for you, dear user. It's not that I don't like you, per se. It's just that I don't care.

BTW: You look great today. I've not seen a more attractive smile amongst the other humans.

rock on.

My First Blog

#!/usr/local/bin/perl
print "Hello, world!\n";

New to malware research...............

Hi All

I am new to malware research.
Can anyone suggest me form where i should start.
Wat are the common tools and from where i can download it with documents.

Please help me getting all these.
Thanks and regards,
Hooker

First to this site on special day for security...

want to know I can get from and offer to sites ....

Snort Rules for Detecting Dasher, sdbot, and bad netblocks

alert tcp $HOME_NET any -> $EXTERNAL_NET 6667 (content:"rain357"; nocase; msg:"[OFFENSIVE COMPUTING]Dasher variant phoning home to IRC server";sid:66600001;rev:1)

alert tcp $HOME_NET 5262 -> $EXTERNAL_NET any (flags:S;msg:"[OFFENSIVE COMPUTING]Dasher Variant SYN scanning home";sid:66600002;rev:1)

alert tcp $HOME_NET any -> 212.27.63.117 80 (msg:"[OFFENSIVE COMPUTING] HTTP connection to known malware provider for WMF exploit";sid:66600003;rev:1;)

alert tcp $HOME_NET any -> 212.27.63.117 80 (msg:"[OFFENSIVE COMPUTING] HTTP connection to known malware provider downloading sdbot05b.jpg for WMF exploit";content:"sdbot05b.jpg";nocase;sid:66600004;rev:1;)

Dasher Variant Traffic, Known WMF provider, and traffic to bad netblocks

alert tcp $HOME_NET any -> $EXTERNAL_NET 6667 (content:"rain357"; nocase; msg:"[OFFENSIVE COMPUTING]Dasher variant phoning home to IRC server";sid:66600001;rev:1)

alert tcp $HOME_NET 5262 -> $EXTERNAL_NET any (flags:S;msg:"[OFFENSIVE COMPUTING]Dasher Variant SYN scanning home";sid:66600002;rev:1)

alert tcp $HOME_NET any -> 212.27.63.117 80 (msg:"[OFFENSIVE COMPUTING] HTTP connection to known malware provider for WMF exploit";sid:66600003;rev:1;)

alert tcp $HOME_NET any -> 212.27.63.117 80 (msg:"[OFFENSIVE COMPUTING] HTTP connection to known malware provider downloading sdbot05b.jpg for WMF exploit";content:"sdbot05b.jpg";nocase;sid:66600004;rev:1;)

Syndicate content