Later this week, I'll be presenting at the Black Hat DC Briefings on weaknesses in the security of live virtual machine migration as implemented by popular vendors such as VMware and Xen. I thought I'd provide a teaser in advance of my presentation detailing some of the topics ...
CWSandbox is one of the most comprehensive and full featured platforms for automated malware analysis. In this post, we detail how a malware sample being analyzed by CWSandbox may detect and evade the monitoring functionality of CWSandbox in order to disguise its malicious activities.
Introduction to CWSandbox
CWSandbox is a ...!--more-->
A recent xkcd comic related to malware visualization is eerily similar to a system we're currently running at the University of Michigan.
The xkcd Comic
Facebook's new-fangled applications functionality seemed like a ripe opportunity for nasty cross-site scripting bugs. As it turns out, multiple XSS vulnerabilities were present in the fb:swf tag of the Facebook Markup Language.
FBML XSS Vulnerabilities
Given that Facebook seems to roll out tons of new functionality all the ...!--more-->
I recently attended the USENIX Security Symposium in Boston, MA. I also attended two of the co-located workshops: the Workshop on Hot Topics in Security (HotSec), at which I presented a research paper focusing on a new paradigm for antivirus deployment, and the Workshop on Offensive Technologies (WOOT).
HotSec 2007 ...!--more-->
Copyright © 2015 - Jon Oberheide <jon at oberheide dot org>.