Posts | Archive

Exploiting Live Virtual Machine Migration

Later this week, I'll be presenting at the Black Hat DC Briefings on weaknesses in the security of live virtual machine migration as implemented by popular vendors such as VMware and Xen.  I thought I'd provide a teaser in advance of my presentation detailing some of the topics ...


Detecting and Evading CWSandbox

CWSandbox is one of the most comprehensive and full featured platforms for automated malware analysis. In this post, we detail how a malware sample being analyzed by CWSandbox may detect and evade the monitoring functionality of CWSandbox in order to disguise its malicious activities.

box-sunbelt-cwsandbox.jpg

Introduction to CWSandbox

CWSandbox is a ...


xkcd Malware Visualization

A recent xkcd comic related to malware visualization is eerily similar to a system we're currently running at the University of Michigan.

The xkcd Comic

network.png

Our System

malware.jpg

The system pictured is a production version of an architecture we proposed last year at HotSec '07 (paper, presentation), essentially a network-based ...


Facebook XSS

Facebook's new-fangled applications functionality seemed like a ripe opportunity for nasty cross-site scripting bugs. As it turns out, multiple XSS vulnerabilities were present in the fb:swf tag of the Facebook Markup Language.

facebook.png

FBML XSS Vulnerabilities

Given that Facebook seems to roll out tons of new functionality all the ...


USENIX Security, HotSec, WOOT 2007

I recently attended the USENIX Security Symposium in Boston, MA. I also attended two of the co-located workshops: the Workshop on Hot Topics in Security (HotSec), at which I presented a research paper focusing on a new paradigm for antivirus deployment, and the Workshop on Offensive Technologies (WOOT).

HotSec 2007 ...

Copyright © 2015 - Jon Oberheide <jon at oberheide dot org>.