Malicious Software Coursera FREE class now online

Coursera previously initiated with few classes and now expands with many classes across different disciplines. Good to know, Dr Lorenzo Cavalero also started his class on Malicious Software which can simply being signed up here

Summary

"Malicious Software and its Underground Economy: Two Sides to Every Story
Lorenzo Cavallaro of Royal Holloway, University of London

Learn about traditional and mobile malware, the security threats they represent, state-of-the-art analysis and detection techniques, and the underground ecosystem that drives such a profitable but illegal business."

The class however will only start next Jun 2013.. that's almost 9 months to go! Enough to get a baby birthed.

Have fun!

From Springerlink, "Automatic Malware Analysis An Emulator Based Approach"

the book can be downloaded here (your organization need a subscription)

Value of Hacked PC - by Krebs

Krebs put this on his website. Thought it'll be useful to share it to you guys.

Kippo - MySQL 101

mysqd_safe --skip-grant-tables;
mysql -u root -p;
use mysql;
update user set password=PASSWORD("testpass") where User='root';
create database kippo;
use kippo;
grant all privileges on kippo.* to 'kippo'@'localhost' identified by 'secret';
flush privileges;


just my copy+paste script, useful for fresh installation

Snort MySQL error "database: must enter database name in configuration file#012"

in /etc/snort/database.conf, modify the line

output database: log, mysql

to

output database: log, mysql, user=snort password=<your pass> dbname=snort host=localhost 

My self note on Snort + MySQL on Ubuntu

Enable the root login first.

Stop the mysql service

Invoke :
mysqld_safe --skip-grant-tables &

Update password for root
use mysql;
update user set password=PASSWORD("testpass") where User='root';
flush privileges;

restart mysql normally

Snort:

create database snort;
use snort;
grant all privileges on snort.* to 'snort'@'localhost' identified by 'passwordbaru'
flush privileges;

Will be updated from time to time if needed


Should get this:


mysql> show tables;
+------------------+
| Tables_in_snort  |
+------------------+
| data             |
| detail           |
| encoding         |
| event            |
| icmphdr          |
| iphdr            |
| opt              |
| reference        |
| reference_system |
| schema           |
| sensor           |
| sig_class        |
| sig_reference    |
| signature        |
| tcphdr           |
| udphdr           |
+------------------+
16 rows in set (0.00 sec)

Metasploit

I kinda like the SVN version of anything, of course, expect buggy riding when doing so. For example, what did you do with your metasploit?