Actus Sécurité Confirmés 2011 S13

=> Tracur Malware Analysis. 21/12/2010. «In a previous tutorial we have shown how to deal with malware, this time we’ll go through the analysis process of a real malware found in the wild. In this case we are going to deal with Tracur.b a variant of Tracur malware, we will get infected and we’ll try to understand what’s going on the infected machine, and what this malware is capable of. So fire up your debugger and get ready for the fun! (…).» Intéressantes publications.
Source : quequero.org/Tracur_Malware_Analysis
Billets en relation :
19/11/2010. How to Deal with Malware : quequero.org/How_to_Deal_with_Malware
07/01/2011. Tracur.b Analysis – Part 2 : quequero.org/Tracur_Malware_Analysis_part2
04/02/2011. Tracur.b Analysis – Part 3 : quequero.org/Tracur_Malware_Analysis_part3

=> Technical Analysis and Advanced Exploitation of Adobe Flash 0-Day (CVE-2011-0609). 26/03/2011. «Hi everyone, Back from holidays I was informed about a zero-day exploit (CVE-2011-0609) in the wild (now patched) targeting Adobe Flash, it seems that criminals never take holidays (…).»
Source : www.vupen.com/blog/20110326.Technical_Analysis_and_Win7_Exploitation_Adobe_Flash_0Day_CVE-2011-0609.php
Billets en relation :
28/03/2011. Source : twitter.com/#!/bartblaze/statuses/52309201023803392

=> Tim Mugherini presents NTFS MFT Timelines and Malware Analysis. 28/03/2011. «Default file system of all modern versions of Windows. Version 3.1 is the current version on Windows XP and above. The Master File Table ($MFT) is the heart of the NTFS file system and contains the metadata about all the files and directories on the file system. Each file and directory has at least one entry in the $MFT (…) It is these attributes that can be useful during analysis but only if we understand the effects of the operating system, software, and user behavior on these values (…).»
Source : pauldotcom.com/2011/03/tim-mugherini-presents-ntfs-mf.html

=> PE Infector. 28/03/2011. «Today I want to share the simplest way to infect a Windows Portable Executable file. There are many different ways to implement an infection (or injection) by adding code into the PE free space but the way I am going to describe is probably the simplest and (with respect to _antony) the most primitive one (…).»
Source : marcoramilli.blogspot.com/2011/03/pe-infector.html

=> Microsoft Hunting Rustock Controllers. 28/03/2011. «Who controlled the Rustock botnet? The question remains unanswered: Microsoft’s recent takedown of the world’s largest spam engine offered tantalizing new clues to the identity and earnings of the Rustock botmasters. The data shows that Rustock’s curators made millions by pimping rogue Internet pharmacies, but also highlights the challenges that investigators still face in tracking down those responsible for building and profiting from this complex crime machine. (…).»
Source : krebsonsecurity.com/2011/03/microsoft-hunting-rustock-controllers/

=> Cours du SANS Institute : en France et en Français. 29/03/2011. «Un Cocorico avec ce clin d’œil à la société Hervé Schauer Consultants qui vient de décrocher un partenariat avec le célèbre Sans Institute (…).» J’avais vu l’actu passée la semaine dernière, mais elle n’avait pas été évoquée dans la Brève.
Source : www.cnis-mag.com/cours-du-sans-institute-en-france-et-en-francais.html

=> Don’t check files in public scanners ? :). 30/03/2011. «Don’t check files in public scanners ? :) (…).»
Source : internetpol.fr/wup/?Don’t+check+files+in+public+scanners+?+:).html#01d24f259838902d1ca34add15cac071

=> Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1. 30/03/2011. «Though I didn’t realize what I was seeing, Stuxnet first came to my attention on July 5 last summer when I received an email from a programmer that included a driver file, Mrxnet.sys, that they had identified as a rootkit (…).»
Source : blogs.technet.com/b/markrussinovich/archive/2011/03/30/3416253.aspx
Billets en relation :
27/12/2010. Adventures in Analyzing Stuxnet : www.vimeo.com/18225315
30/03/2011. The Stuxnet Train Rolls On… : blog.eset.com/2011/03/30/the-stuxnet-train-rolls-on

=> TDSS: The Next Generation. 30/03/2011. «Win32/Olmarik (also known as TDSS, TDL, Alureon and sundry less complimentary names) has gone through some interesting evolutions in the last couple of years (…).»
Source : blog.eset.com/2011/03/30/tdss-the-next-generation
Billets en relation :
01/06/2010. TDL3: The Rootkit of All Evil? : www.eset.com/us/resources/white-papers/TDL3-Analysis.pdf
01/10/2010. Rooting about in TDSS : www.eset.com/us/resources/white-papers/Rooting-about-in-TDSS.pdf
30/03/2011. The Evolution of TDL: Conquering x64 : www.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf

=> India-United States Naval Cooperation.doc Analysis. 30/03/2011. «Today I will analyze the following file and its payload (…).»
Source : shpata0xff.wordpress.com/2011/03/30/india-united-states-naval-cooperation-doc-analysis/

=> Dissecting the Massive SQL Injection Attack Serving Scareware. 30/03/2011. «A currently ongoing massive SQL injection attack has affected hundreds of thousands of web pages across the Web, to ultimately monetize the campaign through a scareware affiliate program (…).»
Source : ddanchev.blogspot.com/2011/03/dissecting-massive-sql-injection-attack.html

=> Honeynet Workshop 2011. 30/03/2011. «March 21th I was in Paris for the annual Honeynet Workshop. For the first time this year there was a conference day accessible to the general public. Moreover, I didn’t have to pay the registration fee since I successfully completed one of the Honeynet Forensics challenges. The day was split in 4 sessions and had talks covering the Honeynet projects, malware, and ethical and legal considerations of tracking botnets and eventual take-downs. There was also a CTF taking place during the day so I didn’t take as much notes as I wanted, this is also why I will not be covering all the talks in this article (…).»
Source : www.corelan.be/index.php/2011/03/30/honeynet-workshop-2011/

=> Take a sample, leave a sample. Mobile malware mini-dump – March 31 Update. 31/03/2011. «I frequently get requests for already published on Contagio mobile malware and also new files that might be mentioned in the media and blogs. I do not really have a large collection of mobile malware but I welcome the submissions. (…).»
Source : contagiodump.blogspot.com/2011/03/take-sample-leave-sample-mobile-malware.html

Publié par

Gof

Canard boiteux numérique ; juste intéressé, juste passionné.