Montreal blog on Internet Security Software

mario's profileMontreal blog on Interne...BlogLists

Tools

Help

Blog

May 08

SuperShield When running an App you just aren't sure about...

If you go to my http://superconfigure.com website you will find my latest (my 3rd such utility) tool.

I write such things in my spare time, which isn't oo often.

SuperShield launches an application with Low Integrity and severely restricts what is can access.

Here is a snapshot showing IE launched as a chile process of SuperShield, notice the ILlevel.

Here is a snapshot showing file IE8 reads normally.

Absolutely none of these files are touched by IE 8 if it is launched by SuperShield!!

5:51 PM | Add a comment | Permalink | Blog it

April 22

More Good Security papers

Thwarting Virtual Machine Detection (Tom Liston, Ed Skoudis,)
http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf

The Art of Unpacking (Mark Vincent Yason)
https://www.blackhat.com/presentations/bh-usa-07/Yason/Presentation/bh-usa-07-yason.pdf

The following are from the Helsinki University of Technology:

Malware Situation in 2009 (Mikko Hyppönen)
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/malware_in_2009.pdf

Reverse Engineering I (Gergely Erdelyi)
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/introduction_to_reverse_engineering.pdf

Windows Operating System: Antivirus Perspective (Kimmo Kasslin)
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/windows_operating_system.pdf

Reverse Engineering II (Antti Tikkanen)
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/reverse_engineering_basics.pdf

Mobile Malware (Jarno Niemelä)
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/current_mobile_phone_threats.pdf

Using Debuggers to Analyze Malware (Antti Tikkanen)
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/using_debuggers_to_analyze_malware.pdf

Emulators and Disassemblers (Jarkko Turkulainen)
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/emulators_and_disassemblers.pdf

Reverse Engineering III (Gergely Erdelyi)
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/reverse_engineering__pe_format.pdf

Unpacking and Decrypting Malware (Jarkko Turkulainen)
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/unpacking_and_decrypting_malware.pdf

Windows Kernel Malware (Kimmo Kasslin)
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/windows_kernel_malware.pdf

Antivirus Engine Design. Introduction to the Course Assignment (Mika Ståhlberg)
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/antivirus_engines.pdf
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/simple_deobfuscating_antivirus_engine.pdf

6:17 PM | Add a comment | Permalink | Blog it | Computers and Internet

April 17

Notes for Windows 7 for Developers

Use the following GetVersionEx() fields to determine iff running on Windows 7
osvi.dwMajorVersion == 6 && osvi.dwMinorVersion == 1

Windows 7 has a policy control that can optionally enforce that AppInit DLLs must be digitally signed in order to load; and some DLLs may
not load into critical OS processes.

A service can be started or stopped based on an event.

IE 8, User Agent string contains "Trident/4.0", even in IE7 compatibility mode.

IE 8 will have DEP enabled by default.

IE 8 will have a malware Url filtering, on top of the existing phishing Url filtering.

1:47 PM | Add a comment | Permalink | Blog it | Computers and Internet

April 15

Collection of Security Presentations

Browser Forensics
http://www.techsec.com/agendaforensic08/monday/Browser_Forensics_Matthew_McFadden.pdf

Botnets
http://www.techsec.com/agendaforensic08/monday/Botnets-Battling%20the%20Borg%20if%20the%20Internet.SFD2.pdf

Botnets
http://www.nanog.org/mtg-0410/pdf/kristoff.pdf

ISP Security - Real World Techniques II
http://www.nanog.org/mtg-0210/ppt/ispsecure.pdf

Industry/Government Infrastructure Vulnerability Assessment: Background and Recommendations
http://www.nanog.org/mtg-0206/ppt/avi.ppt

Trends in Denial of Service Attack Technology
http://www.nanog.org/mtg-0110/ppt/houle.ppt

Diversion & Sieving Techniques to Defeat DDoS
http://www.nanog.org/mtg-0110/ppt/afek.ppt

ISP Security - Real World Techniques
Remote Triggered Black Hole Filtering and Backscatter Traceback
http://www.nanog.org/mtg-0110/ppt/greene.pdf

6:57 PM | Add a comment | Permalink | Blog it

Upcoming Security Conferences

30th IEEE Symposium on Security & Privacy
http://oakland09.cs.virginia.edu/
May 17-20, 2009, Oakland, California

LayerOne
http://layerone.info/
May 23-24, 2009, Anaheim, CA

ISS World
Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering
http://www.issworldtraining.com/ISS_EUROPE/
3-5 June 2009, Prague, CZ

2009 Techno Conference
http://www.techsec.com/html/Techno2009.html
May 31 - June 3, 2009, Myrtle Beach

The North American Network Operators' Group, NANOG
http://www.nanog.org/
June 14-17, 2009, Philadelphia, Pennsylvania

SANSFIRE 2009
http://www.sans.org/sansfire09/
June 13-22, 2009, Baltimore, MD

Hacker Space Festival
http://www.hackerspace.net/start
June 26-30, 2009, Paris

12th International Symposium On Recent Advances In Intrusion Detection
http://www.rennes.supelec.fr/RAID2009/
September 23-25, 2009, Saint-Malo, Brittany, France

ISC East
International Security Conference
http://www.isc365.com/isc_east_08.aspx
October 28-29, 2009 New York

Deep Sec
Annual European two-day in-depth conference on computer, network, and application security.
https://deepsec.net/
November 17-20, 2009, Vienna Austria

6:55 PM | Add a comment | Permalink | Blog it

View more entries

Other Security Bloggers, and articles on software


security tools oSpy, AuditPro Enterprise, Technitium MAC Address Changer, sam spade, superscan, nbtscan, usb-watcher, proslo, Metasploit, etc

McAfee CyberCrime Response Unit Reporting Cyber Crime

banned.h deprecated APIs from MS

FIRST Best Practice Guide Library (BPGL) Guides

Checking Microsoft Windows® Systems for Signs of Compromise Version: 1.3.4 28/10/05 One of the main aims of this document is to address the lack of documentation concerning concrete actions to be taken when dealing with a compromised Microsoft system.

Denial of Service (DoS) Attack Resources Links to everything DOS

Expectations for Computer Security Incident Response This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.

Anti-Malware Testing Standards Organization Founded in May 2008 as an international non-profit association that focuses on the addressing the global need for improvement in the objectivity, quality and relevance of anti-malware testing methodologies.

Programatically setting Wininet/Internet Explorer's Proxy settings From Windows Core Networking Blog

PaulDotCom Episode98 DLL Injection

Google Online Security Blog The latest news and insights from Google on security and safety on the Internet

The Ghost In The Browser - Analysis of Web-based Malware by Google's Niels Provos 2007 9 pages Other link to doc: http://www.usenix.org/event/hotbots07/tech/full_papers/provos/provos.pdf

All Your iFRAMEs Point to Us by Google's Niels Provos February 4th, 2008 22 pages

Password Strength Checker This application is designed to assess the strength of password strings. The instantaneous visual feedback provides the user a means to improve the strength of their passwords, with a hard focus on breaking the typical bad habits

Microsoft Password checker Password Checker can help you to gauge the strength of your password. It is for personal reference only. Password Checker does not guarantee the security of the password itself.

Default Router Password Database This is the internets most complete default router password database available.

Google Sparsehash Package The Google sparsehash package consists of two hashtable implementations: sparse, which is designed to be very space efficient, and dense, which is designed to be very time efficient. For each one, the package provides both a hash-map and a hash-set

IDN Conversion tool Putting [räksmörgås.josefßon.org] in IE7, gets puny coded to [http://xn--rksmrgs-5wao1o.josefsson.org/] use this tool to convert unicode characters to punycode as IE 7 does.

How long should my passphrase be? To provide adequate protection against the most serious threats... keys used to protect data today should be at least 75 bits long. To protect information adequately for the next 20 years ... keys in newly-deployed systems should be at least 90 bits long

Draft Technical Report on C++ Library ISO/IEC DTR 19768 Doc No: N1836=05-0096 Date: 2005-06-24 Reply to: Matt Austern austern@google.com

Jeffrey's Exif Viewer Great util for viewing more data on your image files than you care to know. Exchangeable Image File Format.

McAfee Avert Labs Blog Computer Security Research

Microsoft® Windows® Software Development Kit for Windows Vista™ and .NET Framework 3.0 Runtime Components The Windows SDK includes documentation, samples, and tools designed to help you develop Windows applications and libraries using both Win32® and .NET Framework 3.0 technologies targeting Windows Vista.

Anton Stiglic A senior IT security advisor with a strong background in information theory and a keen interest in the business aspects involved around IT decisions. He has been involved in security in the IT industry since 1999, and in academia since 1996

Virus Bulletin News Latest news from the anti-virus industry

StopBadware Blog Stop Badware Blog

Virus Total Blog Blog VirusTotal

Norman Sandbox Upload malware for analysis

Susceptible Api's Build Security In - Setting a Higher Standard for Software Assurance. This catalog provides a set of Coding Rules to assist software developers, whether manually or in conjunction with tools, to discover, explore, remove and eventually prevent security vul

Windows Wireless Networking Using WMI to verify WEP status - 2006 Article, Me

Uniform Resource Identifiers (URI): Generic Syntax This document defines the generic syntax of URI, including both absolute and relative forms, and guidelines for their use; it revises and replaces the generic definitions in RFC 1738 and RFC 1808.

RFC 3552 Guidelines for Writing RFC Text on Security Considerations

Should I check the parameters to my function? Larry Osterman's blog - May 18 2004

Agile Alliance We are uncovering better ways of developing software by doing it and helping others do it.

Exploit Prevention Labs Exploit and 0day prevention

got API A great website for ANY developer!

STL.NET Primer Stanley B. Lippman Architect, Microsoft Visual C++ team August 2004 Applies to: Microsoft Visual C++ 2005 Standard Template Library (STL) and STL.NET

STL/CLR STL/CLR – Version of Standard Template Library for managed code 4/4/2007

AV Test project of the Business-Information-Workgroup at the Institute of Technical and Business Information Systems at the Otto-von-Guericke-University Magdeburg (Germany) in cooperation with AV-Test GmbH. In regular intervals we test anti-virus, anti-spyware...

AV Comparatives Independent comparatives of Anti-Virus software

VS2005 SP1 update for Vista http://support.microsoft.com/default.aspx?scid=929470

Peter Gutmann's Cryptlib Better than OpenSSL?

Why Crunch Mode Doesn't Work slashdot article, 2005

Top 50 Msdn security Articles MSDN Magazine Security CD, 19,95$

The Six Dumbest Ideas in Computer Security by Marcus Ranum

Adam Shostack Security Blog

Montreal blog on Internet Security Software

Profile

mario

Xbox Live GamerCard