Folks,
If you have ever configured ISC BIND DNS in your machines locally and the application is not replying you with the required DNS response then this post is for you. This post will tell how to do a basic troubleshoot if you face such issues. Some couple of days back, I was in need to check DNS version so I crafted my own packet to fetch the installed BIND DNS version (in one of my vmware) but I was coming across with an error that the remote DNS Server is refusing my connection even though my crafted packet was legitimate and was not based on any hack attempts. You can just write a simple program in python (or any programming language) to send the DNS request and fetch the DNS version but make sure that the socket object you are creating is based on UDP as DNS works in UDP. Read the rest of this entry »
Folks,
As you must be knowing that OpenVAS Community has released a new version for OpenVAS 3.x and they have come up with some many additional features this time i.e. GSA, openvas-administrator and openvas-manager. They are some of the useful features that you should give it a try! And at the same time we can also observe that this time their packages are kinda different as well. I will be telling you on how you can install OpenVAS in Ubuntu 9.10 as I was very happy that when I got OpenVAS installed in Ubuntu latest build! Read the rest of this entry »
As we know recently, there had been a hype about SMB v2 protocol vulnerability which was causing BSOD in the vulnerable system. This vulnerability exists in srv2.sys which was not able to handle a higher/lower PID value in the SMB_Negotiate protocol field (2 Bytes). The vulnerability can be successfully exploited by the poc provided by Laurent Gaffié (Found this bug in 3 seconds with his simple hand made fuzzer). And after successful exploitation it will cause a remote BSOD in the affected SMB v2 enabled Operating System thus causing a hard reboot in the machine.
Read the rest of this entry »
Buddies,
Today I will write a small analysis paper on milw0rm exploit#9319. Due to security reasons I can’t share all the in-depth technical information about this vulnerability but I will be giving an overall idea on how the exploit affects the remote application and how the attacker is taking advantage of this vulnerability through the shared milw0rm code. And at last we will be discussing on how to write a signature to detect this exploitation attempt over the network packets transmission.
What is JS Obfuscation?
JS Obfuscation is a process of scrambling your JavaScrips Codes in order to prevent the code from being analyzed. However it makes the code stealing job difficult as it converts the codes in such a format that it will be difficult to understand the functionality of code and how it works.
How to Obfuscate your JavaScript codes?
Although you can make your own JS Obfuscators, well there are some vendors which makes your life easier by providing readymade tools for solving your obfuscation purposes. Some of them are:
Read the rest of this entry »
Buddies,
I hope the title of the post explained you what this post will be all about. However, I just dropped it into the dashboard so that you can have a glimpse what I am doing. Actually I am trying to write a documentation (I won’t be able to cover each and every aspect of File Format Vulnerabilities) but I will be sharing how to Analyze file format vulnerabilities.
Buddies,
Before delving deeper into the malware detection stuffs let me just add some lines for defining what a Malware is all about. Malwares are some certain piece of codes which makes them executed without the user’s interference. Malwares are of various kinds which depends upon how they work and how they replicate themselves into the system for affecting the victim. 
But we won’t be discussing about their characteristics here as we will be focusing on some methodologies they follow to spread over the wired world.