본문 바로가기

security_downloads

Autoruns and VirusTotal Continuing my diary entries on Sysinternals tools with VirusTotal support, I'm taking a look at autoruns.Autoruns is another fine Sysinternals tool that comes with VirusTotal integration. If you are not familiar with autoruns, it scans all auto-starting locations in Windows and provides a comprehensive report. This gives you an overview of all programs that start automatically on the scanned Win.. 더보기
Process Explorer and VirusTotal About a year ago, Rob had a diary entry about checking a file from Process Explorer with VirusTotal.Did you know you can have all EXEs of running processes scanned with VirusTotal?In Process Explorer, add column VirusTotal:Enable VirusTotal checks:And accept the VirusTotal terms:(update: as you can see, by default Process Explorer only submits hashes to VirusTotal, not files, unless you explicit.. 더보기
RFC 7540 - HTTP/2 protocol RFC 7540 has been out for a month now. What should we expect with this new version?1. New frame: HTTP/2 implements a binary protocol with the following frame structure:Length: The length of the frame payload expressed as an unsigned 24-bit integer. Values greater than 2^14 must not be sent unless the receiver has set a larger value for SETTINGS_MAX_FRAME_SIZE parameter.Type: The 8-bit type of th.. 더보기
POODLE is the brown M&Ms of security There is a famous story about the rock band Van Halen whose lists of requirements when performing a show included some M&Ms — but "absolutely no brown ones".The story is true and has little to do with childish rock star behaviour. The band's technical requirements were so complicated that they were worried the concert organisers wouldn't read them all. The M&Ms requirement, stuck in the middle o.. 더보기
Loading A Weaponised Interactive PowerShell Session With Metasploit PowerShell is rapidly becoming the go to post exploitation method for hackers, with a plethora of awesome PowerShell tools such as PowerSploit, PowerUp, PowerView and Nishang, to name a few. The standard PowerShell environment can be quickly extended into a hacker’s delight.These ‘tools’ are written entirely in PowerShell and do not touch disk (largely) – therefore they are anti-virus (AV) frien.. 더보기
Exploiting ezhp (pwn200) from PlaidCTF 2014 with radare2 Usual disclaimer: This article is more about radare2 than some 1337-heap-related super-efficient pwnage. If you're looking for the later, checkgeohot's elegant ROP-powered writup instead.I like to play CTF, but it seems that I prefer to take my time for pwning; playing around with the debugger, trying multiple payloads and methods. Another benefit of doing challenges after ctf is that you can as.. 더보기
Quantum Insert Attack The Dutch company Fox-IT has revealed a detailed information about Quantum Insert Attack. "‘HTML Redirection’ attack by injecting malicious content into a specific TCP session. A session is selected for injection based on ‘selectors’, such as a persistent tracking cookie that identifies a user for a longer period of time."The attack can be done by sniffing an HTTP request then the attacker will .. 더보기
When Prevention Fails, Incident Response Begins I’ve been asked a few times this year ($dayjob) to discuss and review incident handling practices with some of our clients. This topic seems to have come up to the surface again, and with some breaches getting main-stream coverage, it only makes sense. Taking a look at some of our past posts here on the ISC, I was pleasantly greeted with a long history on this topic (see list below).Incident Res.. 더보기
Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win. Defender MindsetA lot of network defense goes wrong before any contact with an adversary, starting with how defenders conceive of the battlefield. Most defenders focus on protecting their assets, prioritizing them, and sorting them by workload and business function. Defenders are awash in lists of assets—in system management services, in asset inventory databases, in BCDR spreadsheets. There's o.. 더보기
How debugger works Table of contentsIntroduction Kernel support ptrace() Starting to debug Debugger-debuggie synchronization A new debugger was born The magic behind INT 3 Breakpoints hands on Single steps Conclusion IntroductionBACK TO TOCIn this article, I’d like to tell you how real debugger works. What happens under the hood and why it happens. We’ll even write our own small debugger and see it in action.I wil.. 더보기