Tuesday, June 21, 2011

Malware Cookbook codes

If you aren't aware, there is a book dedicated to malware researchers/enthusiasts out there, namely "Malware Cookbook" . I haven't get the book in my hand, but the codes used in the book are already in google code, here

I tried several Python scripts written by the author, purposely in order to help my research in malware detection. One tool, pe_scanner.py considered outstanding, since it has support for malware entropy analysis, yara for malware classification and PEID support for PE identification.

I also managed to file bugreports and "patch".. since analyzing 30,000 malware sample is tedious, time consuming and possibly leads to migrain.

(not exactly bug report, but the problem faced when a given PE having corrupt header, and I have to segregate into different folder, unable to proceed with this kind of binary)

(F-prot AV having different line of reporting... so )

I am yet to commit my customized codes, possibly I'll put in github later on.

Wednesday, June 15, 2011

ClamAV on Cygwin

In case you're wondering, ClamAntiVirus (ClamAV) exists in Window's Cygwin too. And the update works as in other UNIX environment, $freshclam

Sunday, June 5, 2011

Gnuplot script in Dionaea honeypot

Ever use Gnuplot? The support for gnuplot is already in Dionaea, previously I used to parse the data manually before showing it out using gnuplot. Original reference, here


Usage: gnuplotsql [options]

  -h, --help            show this help message and exit
  -d DATABASE, --database=DATABASE
  -t TEMPFILE, --tempfile=TEMPFILE
  -p PROTOCOLS, --protocol=PROTOCOLS

This will create the HTML reports with PNG generated graphs from gnuplot:

najmi@vostro:/opt/dionaea/bin$ sudo ./gnuplotsql -d /opt/dionaea/var/dionaea/logsql.sqlite -p smbd -p epmapper -p mssqld -p httpd -p ftpd

Friday, June 3, 2011


There are many magazines, e-mag, e-zine - you name it that could help you - or kill your boredom during your spare time. Well - what if you're in security domain and need one to flourish your knowledge?

I would suggest the following:

  1. Virus Bulletin, electronic version only, montly http://www.virusbtn.com/ . The appropriate readers would be industrial and academic security researchers.
  2. IEEE Security & Privacy, printed and online version, periodically, IEEE S & P . Academic researcher would fit this better.
The rest, for example Phrack underground magazine is Free of Charge. 

Wednesday, June 1, 2011

Crime-fighting coder - successful Malaysian undergrad in Purdue Univ

Crime-fighting coder

Name: Ahmad Mujahid Mohd Razip
Major: Electrical and computer engineering
Year: Senior

Hometown: Penang, Malaysia

Tracking crime: Ahmad developed an app for iPhone and iPad that displays local crime and traffic information. Using the GPS feature in the devices, a user can see what crimes have occurred in the area, by type and location, as well as trends for specific types of crime. Ahmad says the app could be used by police officers, attorneys, real estate agents, reporters or anyone interested in local crime.

Purdue programs: Ahmad began working on his crime analysis app while participating in Purdue’s Summer Internship Research Fellowship (SURF), which offers students an intensive research experience and a chance to work directly with graduate students and professors. He developed the app for a Purdue research center, Visual Analytics for Command, Control, and Interoperability (VACCINE), which is developing technology to assist police officers and homeland security personnel by turning massive amounts of data into actionable knowledge.

Rigorous academics: “My most challenging class was ECE 437, Computer Design and Prototyping,” Ahmad says. “You start by designing a single processor computer, then you design a dual core processor one. It was good, but not easy. Overall I prefer to write software.”

Staying active: When not studying or developing apps, Ahmad enjoys playing indoor soccer, which he does regularly. He is also active in the Purdue Malaysian Student Association and enjoys music and comedy.

Next steps: International student Ahmad hopes to get a job developing software either in his home country of Malaysia or in California. “Anywhere warm,” he says, admitting he never completely adapted to Indiana weather. “The snow is very interesting at first, but then less so.”

By Steve Tally