ARBSEC Officially Launched
February 19th, 2009ARBSEC, a CitySec-style meetup for security professionals in the Ann Arbor area, has been officially launched! Our first meeting, ARBSEC 01, will be at 6:00pm on March 4th at Bar Louie in Ann Arbor.
Blog Entries - Security
Bash Brace Expansion Cleverness
September 4th, 2008Brace expansion is a nice feature in the Bash interpreter that happened to be exactly what I needed during an audit. A good thing to log away in memory in case you ever find yourself in a pen-test environment with similar constraints.
Read the rest of this entry »
Hardening DNS with IP TTLs
August 10th, 2008During Paul Vixie’s talk at WOOT on some of the operational challenges of deploying source port randomization functonality in BIND, I started thinking of a few simple ways to harden DNS infrastructure against VU#800113 by leveraging the IP TTL value.
HotSec 2008 and USENIX Security 2008
August 2nd, 2008I’m back from San Jose finally and while I won’t be breaking down a full review of HotSec and USENIX Security like I did for WOOT, I thought I would point out some of the more interesting presentations I was able to attend.
WOOT 2008: The Good, The Bad, and The Ugly
July 28th, 2008Day one of my trip out to San Jose to attend the WOOT, HotSec, and USENIX Security trifecta is over. The 2nd Workshop on Offensive Technologies (WOOT) took place today and I’ll be breaking it down with “The Good, The Bad, and The Ugly”.
PDPT: Passive DNS Port Test
July 21st, 2008The Passive DNS Port Test (PDPT) tool acts as a passive DNS monitor to flag resolvers that may be vulnerable to the cache poisoning issue described in CERT VU #800113. Similar to OARC’s porttest, this monitor will judge the source port behavior of resolvers based on the standard deviation of observed source ports.
Beware of Google App Engine SDK
April 9th, 2008An easily exploited vulnerability in Google App Engine’s SDK can put your development servers at risk. While this bug is trivial to fix, engineers at Google have declined to address the vulnerability, so be cautious when using the SDK to develop your web service.
Black Hat DC 2008 Briefings
February 22nd, 2008Just arrived home from Washington, DC where I attended and presented at the Black Hat DC Briefings. I was fairly busy throughout the briefings and didn’t make it to as many presentations as I hoped, but I thought I’d detail a few of the more interesting ones.
Exploiting Live Virtual Machine Migration
February 10th, 2008Later this week, I’ll be presenting at the Black Hat DC Briefings on weaknesses in the security of live virtual machine migration as implemented by popular vendors such as VMware and Xen. I thought I’d provide a teaser in advance of my presentation detailing some of the topics that will be discussed.
Read the rest of this entry »
Detecting and Evading CWSandbox
January 15th, 2008CWSandbox is one of the most comprehensive and full featured platforms for automated malware analysis. In this post, we detail how a malware sample being analyzed by CWSandbox may detect and evade the monitoring functionality of CWSandbox in order to disguise its malicious activities.
