Blog Entries - Technical

iRoll: Rick Roll meets the iPod

March 26th, 2008

Unless you’ve been living under a rock or some other non-internet-connected object, you’ve probably been Rick Rolled at some point. I decided to take the concept a step further and whipped up a Python script that will let you Rick Roll the entire iPod of an unsuspecting victim when they leave it unattended.

Read the rest of this entry »

Black Hat DC 2008 Briefings

February 22nd, 2008

Just arrived home from Washington, DC where I attended and presented at the Black Hat DC Briefings.  I was fairly busy throughout the briefings and didn’t make it to as many presentations as I hoped, but I thought I’d detail a few of the more interesting ones.

Read the rest of this entry »

Exploiting Live Virtual Machine Migration

February 10th, 2008

Later this week, I’ll be presenting at the Black Hat DC Briefings on weaknesses in the security of live virtual machine migration as implemented by popular vendors such as VMware and Xen.  I thought I’d provide a teaser in advance of my presentation detailing some of the topics that will be discussed.

Read the rest of this entry »

Detecting and Evading CWSandbox

January 15th, 2008

CWSandbox is one of the most comprehensive and full featured platforms for automated malware analysis. In this post, we detail how a malware sample being analyzed by CWSandbox may detect and evade the monitoring functionality of CWSandbox in order to disguise its malicious activities.

Read the rest of this entry »

xkcd Malware Visualization

November 30th, 2007

A recent xkcd comic related to malware visualization is eerily similar to a system we’re currently running at the University of Michigan.

Read the rest of this entry »

Facebook XSS

August 15th, 2007

Facebook’s new-fangled applications functionality seemed like a ripe opportunity for nasty cross-site scripting bugs. As it turns out, multiple XSS vulnerabilities were present in the fb:swf tag of the Facebook Markup Language.

Read the rest of this entry »

pynids 0.5a Update Released

May 7th, 2007

pynids is a python wrapper for libnids, a Network Intrusion Detection System (NIDS) library offering sniffing, IP defragmentation, TCP stream reassembly and port scan detection. This release is an update to Michael Pomraning’s 0.5 release to allow control of libnid’s checksumming options.

Read the rest of this entry »

Cosign SSO Vulnerability

April 12th, 2007

During an independent audit, I discovered a critical vulnerability in Cosign, a web-based single sign-on (SSO) platform which is currently in use at numerous large universities.

Read the rest of this entry »

T-Mobile WiFi Hotspots

February 12th, 2007

Some random technical notes on the T-Mobile WiFi Hotspots offered at locations such as Starbucks. Since I spend a fair amount of time at the 24-hour Starbucks on Washtenaw, I often end up playing around with the Cisco WAP instead of actually doing work.

Read the rest of this entry »

Aimject 1.0 Released

November 24th, 2006

Aimject facilitates man-in-the-middle attacks against AOL Instant Messenger’s OSCAR protocol via a simple GTK interface. This 1.0 release brings Aimject functionality to the masses, being available for Linux, BSD, OS X, and Win32 platforms.

Read the rest of this entry »