Posts

Showing posts from 2017

Rootkit : hành trình tìm kiếm em yêu trong hệ thống cho dummies :D (Phần 1)

Image
Sau 3 tuần bán máu cho dự án, mình cảm thấy bản thân khá là điên điên, không hiểu nổi mình còn có phải là người không nữa. Foreword: Bạn nào thấy mình novice thì chỉ giúp nhé. Đứa em gửi qua Yahoo cho một cái quote khá hay "Bkav Token Manager", với các triệu chứng như: 1. Diệt mãi không khỏi 2. Tạo ổ ẩn, trên Windows không thấy được, lắp sang máy sài linux thì mới thấy. => thấy khá là có mùi rootkit Cũng muốn thứ đú tìm em nó trong hệ thống xem thế nào. Bước 1. Thử ngó qua xem bạn ấy thế nào ? 1. Một số công cụ cần thiết - Phần mềm ảo hóa : để chạy virus và dễ dàng hơn trong việc debug, mình hay dùng vmware hoặc virtual box, còn kvm, qemu thì lâu lắm không dùng. CHÚ Ý RẰNG: ảo hóa không phải là giải pháp hoàn hảo, chỉ là đỡ phế máy thật thôi, ngày càng phổ biến malware sẽ dò trước là chạy trên máy thật hay ảo để tránh bị phân tích. - Ngôn ngữ script : một cái gì đó giúp bạn có thể chạy được những task lặp đi, lặp lại. Có thể dùng python, perl, ruby .... Mì...

Alice's Adventures in Programming Language Theory Wonderland: A Short List of Computer Science/Programming/Mathematics Books in the Style of Lewis Carroll

Alice’s Adventures in Programming Language Theory Wonderland: A Short List of Computer Science/Programming/Mathematics Books in the Style of Lewis Carroll June 10, 2011 Once upon a time, an MIT professor reputedly claimed that Alice’s Adventures in Wonderland was the best book on computer science. While that opinion is subjective, there are a number of papers or publications related to computer science, programming, or mathematics that are written in a style that at least loosely resembles Carroll’s work. In fact, one of the first documents that I encountered in this classification was a paper that I encountered in the Sterling Memorial Library of my college that was an academic treatise analyzing the role of logic in the humor of works by Lewis Carroll. The paper was actually written to fulfill an academic requirement (I think that it was written as a thesis for either a Master of Arts of Master of Science degree, probably in philosophy), but was actually great fun to rea...

Drupal Security Audits: What to look for

Site audits are one of the services that some of our clients have requested from us in the past. While a site audit might be done with a specific objective in mind, there's always a common reason: find, understand, and fix any potential holes or problems that could cause a service outage on the site, or on the server where it is hosted. In some cases, that's the only reason, whereas in other cases the outcome of the audit will inform a more important decision, such as a platform or server move, or a site rebuild, to name a few. Depending on the goal of an audit, the things to look at on the site might change a bit: is it a performance audit, a security one, or a general review to check the overall status of the site and the feasibility of keep evolving it in an efficient way? This post covers the details concerning security audits in particular, although some of the practices mentioned here do not belong exclusively to the realm of security, and will be equally needed in othe...

List of dangerous PHP functions

accepted To build this list I used 2 sources.  A Study In Scarlet  and  RATS . I have also added some of my own to the mix and people on this thread have helped out. Edit:  After posting this list I contacted the founder of  RIPS  and as of now this tools searches PHP code for the use of every function in this list. Most of these function calls are classified as Sinks. When a tainted variable (like $_REQUEST) is passed to a sink function, then you have a vulnerability. Programs like  RATS  and  RIPS  use grep like functionality to identify all sinks in an application. This means that programmers should take extra care when using these functions, but if they where all banned then you wouldn't be able to get much done. " With great power comes great responsibility. " --Stan Lee Command Execution exec - Returns last line of commands output passthru - Passes commands output directly to the browser system ...