最近お気に入りのサイト
これまであまりチェックしていなかったが、よく見るといろいろと興味深いネタがたくさんつまっていることに気が付いたサイト。最近はRSSでチェックしてます。
GNUCITIZEN
GNUCITIZEN is a Cutting-edge Ethical Hacker Outfit. We hack things for a living. To hack does not necessarily means to crack into something illegally. We don’t do that! Not the illegal part. We get paid to hack, which is a hack on its own. As you will learn by reading our stuff, hacking is mostly about finding creative solutions to interesting problems. Sometimes these problems are related to breaking into protected computer networks. Sometimes they are related to other things such as influencing a large number of people to believe in made up values. Hacking is all about creativity or finding creative solutions to interesting problems. This is exactly what GNUCITIZEN stands behind.
数々のハッキングネタを紹介しているサイト。最近の興味深いエントリはこんな感じ。
http://www.gnucitizen.org/blog/the-extreme-web-based-google-hacking-tool/
GHDB(Google Hacking Database)を使ったWebベースのツールの紹介。最近 cDcも Google Scannerというツールを公開したが、GNUCITIZENのやつはWebベースのツール。Yahoo Pipesを利用しているみたい。若干重い。
Exploring The UNKNOWN Scanning The Internet Via SNMP
インターネット上にある250万のランダムなIPアドレスのSNMP利用状況を調査(スキャン)した結果のレポート。ルーター等でかなり問題があるもよう。
Dark Reading
Dark Reading | Security | Protect The Business - ...
Dark Reading was launched in May 2006, incorporating CMP Media’s Secure Enterprise and Security Pipeline publications. Our mission is to be the top security news source for enterprise IT and network security professionals, providing the most up-to-date information about products, management strategies, architectures, and security policy.
Dark Reading is a security dashboard for IT professionals who don’t have the time or the luxury of combing wirefeeds, multiple bug feeds, or vendor Websites to find out what’s new or how well it works. Here, readers will glean bits of practical information from a digest of security stories culled from CMP's many titles, and also the best security content from all across the Web.
セキュリティ関連の様々なニュースを取り扱っているサイト。最近目を引いた記事はこんな感じ。
Dark Reading | Security | Protect The Business - ...
この前紹介したFirewireによるメモリへのアクセスに関するツール(winlockpwn)の紹介記事。
(関連記事)
http://www.darkreading.com/blog.asp?blog_sectionid=447&doc_id=147880
http://www.darkreading.com/blog.asp?blog_sectionid=447&doc_id=147718
http://www.darkreading.com/blog.asp?blog_sectionid=447&doc_id=147563
Offensive Computing
Offensive Computing, LLC was formed by Valsmith and Danny Quist as a resource for the computer security community. The primary emphasis here is on malware collections and analysis for the purpose of improving people's abilities to defend their networks. There is a noticeable lack of public sources of malware and malware analysis available. Those that were available were either for sale or limited to a small number of users. We provide resources such as live copies of malicious software, md5sums to search on and analysis of the malware to the general public. Offensive Computing currently has the largest publicly available malware collection on the Internet.
マルウェアの収集と解析を中心に行っているサイト。マルウェアのサンプルコードや解析レポートなど非常に有用なネタが多数掲載されている。最近の気になるエントリはこんな感じ。
Open Malware
Storm Wormに関するレポート。
Abstract:
This paper will detail the analysis methods of W32/StormWorm.gen1 and show a process injection method it uses to run malicious code in user-space. This variant loads a driver into the kernel which then injects itself into the running services.exe process. The worm then connects to a P2P network sending spam, initiating DDoS from the infected computer. This technique does not use a packer in the traditional sense but a two-stage loader to inject itself into a running process from kernel space. I will show the decoding process and methods for extracting the true malicious code from the driver executable.
Open Malware, Part I
Unpacking手法に関するチュートリアル。とてもおもしろい。
マルウェアのサンプル
最近話題の MBR Rootkit(mebroot)やMPackなんかもある。(入手するにはユーザー登録が必要)
Open Malware
Open Malware
