Tuesday, December 14, 2010

Wikileaks, DDOS


Analysis by Twente Univ found the source of attack is traceable due to
LoIC, a tool used by the hacktivist does not employ security/anonymizer:
http://www.utwente.nl/ewi/dacs/news/archive/2010/wikileaks.doc/

More info:
http://encyclopediadramatica.com/LOIC
Binary in sourceforge:
http://sourceforge.net/projects/loic/

Another version derived from LOIC called LOIQ (maybe since it's written in QT) work right away on Linux, and you don't have to install Mono stuff.

LOIQ however, named as "server stress test"


In this case basically, I believe no botnet whatsoever involved, the so called "hacktivist" merely ran this tool right away, without anonimizer and stuffs.

Metasploit for shellcode generation & Libemu for offset locator

Hi,

I found Soritov's blog and decided to follow his write up



Wednesday, December 8, 2010

Corpus

Membicarakan tentang corpus, anda mungkin akan terbayang istilah perundang-undangan, habeas corpus. Dalam tulisan saya kali ini bukan itu yang dimaksudkan, tetapi adalah suatu kerangka ataupun framework untuk sesuatu yang kita ingin kaji.

Contohnya, bila disebut phishing corpus, ia lebih kepada kerangka bagaimana emel phishing itu secara umum. Kebiasaannya kita akan menggunakan istilah ini untuk mengkaji bagaimanakah emel phishing itu, dan bagaimana membezakan:

  1. Emel Phishing dengan sah
  2. Emel Phishing daripada emel spam


Merujuk kepada isu malware, kita perlu bina satu corpus untuk mengenali malware itu. Apakah yang membezakan malware dengan bukan malware. 

Sesetengah kertas kajian menggunakan istilah taksonomi(taxonomy). Bagi saya taksonomi ialah satu langkah ke arah membina corpus.

Atau mungkin sebaliknya, vice versa.

Packer

Packer performs much like compressor,where a packed binary will work without seems decompressed.

Malware Stuffs

Today I read a paper(thesis) on WildCat, malware stuffs, a thesis which contributes on the dynamic analysis of malware.

Also, in my hand, personally I contacted the author of another thesis which was recently defended, entitled Reform. This thesis contributes on the packer technology for Win 32 binaries. Thorough analysis done, among them is by using statistical analysis.