877.791.9571 |

Monthly Archives: March 2013

  • machine-learning03292013
    Permalink Gallery

    Machine Learning : Naïve Bayes Rule for Malware Detection and Classification

Machine Learning : Naïve Bayes Rule for Malware Detection and Classification

ABSTRACT: This paper presents statistics and machine learning principles as an exercise while analyzing malware. Conditional probability or Bayes’ probability is what we will use to gain insight into the data gleaned from a sample set and how you might use it to make your own poor man’s malware […]

The Sysenter Instruction and 0x2e Interrupt

In this article, we’ll present a couple of examples where we’ll be using the 0x2e int instruction to interrupt the kernel and call some interrupt service routine. We’ll also be using the sysenter instruction to do the same. The basic idea is presenting both methods of transferring the control […]

  • frictionless-sharing03292013
    Permalink Gallery

    “Frictionless Sharing”: Browser History Leaked into the Cloud

“Frictionless Sharing”: Browser History Leaked into the Cloud

I don’t want this article to be alarming, and its purpose is not to make you deactivate / delete your Facebook account or make you stop all your social online-activities. I just hope after reading it you will pay a bit more attention about your privacy, your cookies, and […]

Snort Rule Writing for the IT Professional: Part 2

Welcome back to my series on Snort rule writing.

In my first installment, we covered the basic syntax of a simple rule. We established the fundamental framework for all Snort rules by laying a simple template. This template breaks the rule into two basic components, (1) the rule header and […]

  • reverseShell-03282013
    Permalink Gallery

    Anatomy of an attack: Gaining Reverse Shell from SQL injection

Anatomy of an attack: Gaining Reverse Shell from SQL injection

SQL injection opens a lot of possibilties for an attacker like dumping the database, causing denial of service, or stealing sensitive information. But it becomes more interesting when it can be used to compromise a server. Different SQL databases, like MSSQL, MySQL, ORACLE, PLSQL pose different sets of challenges […]

By |March 28th, 2013|Hacking|1 Comment

Protected Mode and the IDT

Introduction

The MSDOS system uses IVT (Interrupt Vector Table) to hold the interrupt vectors that are called whenever some action occurs: like an interrupt is generated. But modern execution environments, like the protected mode, require more complex data structures. Therefore, the protected mode uses IDT, which is almost the same […]

InfoSec Institute Interview: Sumit Sharma

Sumit Sharma happens to be the co-founder of Ethical Hacking forum, Hackers Garage.

Sumit recently gave talk at NullCon Goa entitled “Capturing Zero-Day Information”, by leveraging on honeypots.

So Sumit how long you have been working on this stuff?

I have been into IT security for past 5+ years with 4 […]

By |March 27th, 2013|Hacking|0 Comments
  • SQLNukeSimp-03272013
    Permalink Gallery

    SQLNuke – Simple but Fast MySQL Injection load_file() Fuzzer

SQLNuke – Simple but Fast MySQL Injection load_file() Fuzzer

In SQL (Structured Query Language) Injection, there are many kinds of techniques that are partnered with UNION SELECT statements like LOAD_FILE(), INTO OUTFILE(), INFORMATION_SCHEMA, Char(), CAST(), and LIMIT. Most attackers usually take advantage of the union statements, information_schema, and the order by statements but neglecting some of the techniques […]

By |March 27th, 2013|Hacking|0 Comments

Windows Architecture and User/Kernel Mode

Introduction

Each process started on x86 version of Windows uses a flat memory model that ranges from 0×00000000 – 0xFFFFFFFF. The lower half of the memory, 0×00000000 – 0x7FFFFFFF, is reserved for user space code.While the upper half of the memory, 0×80000000 – 0xFFFFFFFF, is reserved for the kernel code. […]

  • CyberEspionage-03282013
    Permalink Gallery

    TeamSpy, Miniduke, Red October, and Flame: Analyzing Principal Cyber Espionage Campaigns

TeamSpy, Miniduke, Red October, and Flame: Analyzing Principal Cyber Espionage Campaigns

Even a layman would notice that cyberspace is in full storm; different entities are increasing malicious activities pursuing various purposes, and cyber espionage is considered one of the principal motivations behind majority of the attacks.

Cyber espionage is not a practices limited to governments. Private business, cyber criminals and hacktivists […]

  • CODEPROOF-LOGO-03262013
    Permalink Gallery

    InfoSec Institute Interview: Satish Shetty of Codeproof Technologies

InfoSec Institute Interview: Satish Shetty of Codeproof Technologies

Satish Shetty is the founder and CEO at Codeproof Technologies Inc. – a company that delivers the first ever cloud-based software as a service security for mobile devices. Earlier, he worked with companies like McAfee, Microsoft etc. He currently holds 9 patents on software security and software anti-piracy hardening […]

By |March 26th, 2013|Hacking|1 Comment
  • unit61398-03262013
    Permalink Gallery

    Unit 61398: Chinese Cyber-Espionage and the Advanced Persistent Threat

Unit 61398: Chinese Cyber-Espionage and the Advanced Persistent Threat

In the world of computer security, the concept of an “Advanced Persistant Threat” has garnered a great deal of publicity recently. Commonly referred to by the abbreviation “APT,” the term denotes a specific type of information security risk with a much greater magnitude than the average “skr1pt kiddie.” The […]

Importance of security in mobile platforms

Introduction
In this period, security firms are publishing detailed reports on analysis conducted on principal cyber threats detected in 2012, the results proposed present a landscape dominated by explosion of menaces, especially for mobile and social media users.

Mobile technology has grown more than any other in the last few years […]

Handling Memory in Protected Mode

Introduction

In the past, systems such as MSDOS used the real mode, and it had no protections against accessing any memory address. Programs then were able to access even the system data that was stored in memory. We can imagine that how bad this was when some programs did something […]

Visual Studio 2010 Basics

Introduction

This article will demonstrate the development life cycle for various .NET framework applications,for instance, executables, console applications,Windows Forms, etc., and how to build them in C# using .NET framework compilation features. This chapter will also investigate the entry point of C# programs in depth and take a closer look […]

  • Physical-Address-03202013
    Permalink Gallery

    Translating Virtual to Physical Address on Windows: Physical Addresses

Translating Virtual to Physical Address on Windows: Physical Addresses

Getting the Physical Address Manually

So far we’ve figured that the virtual address is the same as linear address, so in the next part of the article we can use virtual addresses because they are the same as linear. Let’s take a look at the 0x0012ff60 virtual/linear address and try […]

The Cyber Exploitation Life Cycle

Introduction

For the purposes of this article, the term “cyber exploitation” will represent all the subversive activities that include interstate “breaking and entering” somebody else’s computer and network. For further explaination on the subject, read the first part of my previous work “Cyber Exploitation”.

The current contribution follows the progress of […]

  • Owasp-Zap-03222013
    Permalink Gallery

    Which weapon should I choose for Web Penetration Testing? 3.0

Which weapon should I choose for Web Penetration Testing? 3.0

Introduction

So here we are on the third edition of “Which weapon should I choose for Web Penetration Testing?” For this edition, I am going to take a walk through two interesting tools for pen-testing: OWASP ZAP and Netsparker – Community Edition. In the previous edition, I had a request […]

What is behind that QR code?

With the huge popularity in mobile devices like the smartphone and tablets, two dimensional barcodes, or the so-called QR codes are beloved by marketers. QR codes or Quick Response codes were designed for automotive industry in Japan. Now, QR codes have become popular outside the industry due to greater […]

“Working from Home” – The next insider threat?

Even with all the technical advances of current human society, there are unfortunately certain areas where we have not progressed as a people but instead –REGRESSED. The proliferation of educational material and the availability of these resources have not been able to remedy very basic human problems, among which […]