Posts

Showing posts from January, 2012

[Tool] slowhttptest 1.4

Image

[Security] $100 in Google Adword vs Facebook Ads

Image
[Via]

[Security] Rootkit has rhythm by H-Security

A critical flaw in Windows multimedia library "winmm.dll" is already being actively exploited to spread rootkits, according to a warning from the anti-virus experts at Trend Micro. Attackers are embedding specially crafted MIDI files into web pages with are then opened by Internet Explorer using a plugin from Windows Media Player. The sound of background music covers the MIDI file using the vulnerability to execute shell code which installs a rootkit onto the system.

Attackers takes advantage of "heap spraying" where they copy their code onto the application's heap several times. They then write long sequences of NOP instructions with their malicious code at the end. The hope is that the application will trip on the heap and will end up jumping somewhere into the long NOP sequences where it will slide down the sequence (hence the name "NOP Slide") until it lands on, and runs, the malicious code.

The flaw affects all versions of Windows except Windows …

[Forensic] Mobius Forensic Toolkit 0.5.11

This release features 14 new registry reports:
autorun
services
IE download folder
IE typed URLs
MRU files opened/saved
MRU files executed
search assistant
printer ports
processors
all devices
enumerated devices
HID devices
network devices
stream devices.Minor improvements were made.Donload: http://download.savannah.gnu.org/releases/mobiusft/

[Source] Dark D0rk3r 0.5

#!/usr/bin/python # This was written for educational purpose and pentest only. Use it at your own risk. # Author will be not responsible for any damage! # !!! Special greetz for my friend sinner_01 !!! # Toolname : darkd0rk3r.py # Coder : baltazar a.k.a b4ltazar < b4ltazar@gmail.com> # Version : 0.5 # Greetz for rsauron and low1z, great python coders # greetz for d3hydr8, r45c4l, qk, fx0, Soul, MikiSoft and all members of ex darkc0de.com, ljuska.org # import string, sys, time, urllib2, cookielib, re, random, threading, socket, os, subprocess from random import choice # Colours W = "\033[0m"; R = "\033[31m"; G = "\033[32m"; O = "\033[33m"; B = "\033[34m"; # Banner def logo(): print R+"\n|---------------------------------------------------------------|" print "| b4ltazar[@]gmail[dot]com |" print "| 01/2012 …

[RAT] Phòng ngừa Facebook Spam Worm như thế nào?

Image
Biểu hiện của Spam facebook worm ?
- Post 1 stt, cmt hoặc 1 loạt  stt, cmt có nội dung tương tự lên list friend và tag những friend đó (Bạn có thể là người nhận hoặc người gửi) - Hiện nay là dạng Video.
- Cụ thể cách lây lan như thế nào thì bạn đọc bài sau: kiem-tien-tu-spam-facebook.html

Khi chưa biết mình có dính worm ko?
- Hãy cảnh giác với các trang web cung cấp video giật gân hay những câu chuyện bất thường, kỳ lạ (ví dụ như: Video thác loạn của ca sỹ này, diễn viên kia..., hoặc scandal, cảnh nóng .v.v.)
- Chú ý nguồn gốc các trang video: Thông thường bạn bè của bạn sẽ chọn những trang cung cấp, chia sẻ video uy tín như: Youtube, Zing chẳng hạn....
- Chú ý trong Accept friend - chỉ add những người mà bạn quen: Tránh tư duy theo kiểu: Mình và người add mình có 5 bạn chung: có nghĩa là chúng ta quen nhau :)
- Sử dụng Antivirus + Update liên tục :)

Khi đã dính Worm
- Kiểm tra trình duyệt của bạn plug-in, add-on (Mozilla Firefox), extension (Google Chrome) v.v và loại bỏ những add-on l…

[Security] Facebook Spam vs $$$$$$$$$

Image
Lâu rồi, Xnohat có phân tích 1 em malware chuyên đi spam các facebook khác.. .. . Hôm nay tình cờ đọc được 1 bài trên Fsecure mô tả chi tiết hoạt động của nó


Mọi người vào ngâm cứu và tìm ra 1 hướng riêng cho mình :)))

[Security] Facebook Fakebook: New Trends in Carberp Activity by David Harley

Image
This month we discovered some new facts relating to Win32/Carberp trojan activity. We have spent a lot of time writing about Carberp already, but interesting information is still coming to light. The first interesting information to attract our attention recently concerned stealing money from Facebook users. Before then we hadn’t seen Carberp activity targeting social network users. The scheme used here for financial fraud is simple: if the victim attempts to log in to Facebook, he sees instead a fake Facebook page displaying the message “Your Facebook account is temporary locked!”


Figure 1: Fake Facebook Lockout

The fine print tells the victim to enter details of a "20 euro Ukash voucher" which can be purchased at ukash.com, assuring the victim that "20 euro will be added to your Facebook main account balance." If the victim enters information considered to be invalid – i.e. doesn’t take the hint and supply details for a 20 Euro Ukash voucher to “confirm verific…

[RAT] Ngồi nhặt sạn ở báo Dantri :)) - Bài Internet 2011 qua các con số

Image
Ngồi đi lướt báo thấy cái này
Nhìn lại gì đó........ trên dantri

Nguồn của số liệu này đã được mình post tham khảo từ trước tết ở bài: Thống kê: Internet 2011 qua các con sốCó 1 số lỗi nhỏ trong type: chắc chủ định của tác giả hoặc biên tập viên muốn kiểm tra xem độc giả của Dantri có phải là những người chịu khó đọc không? Lượng độc giả có nhiều không? hay chỉ là dạng lướt tiêu đề rồi NEXT :)Thử check tiếp 1 tẹo xem... Google nhé :)


Đây là kết quả:... rất khiêm tốn: 62 kết quả chính xác sử dụng đúng title trên


---Chưa xem xét việc change title.

Có thể thấy, 1 lỗi nhỏ nhưng hậu quả có thể rất lớn - Chắc tại mình mắc bệnh hay phóng đại mọi thứ :)))

[Forensic] Mobius Forensic Toolkit 0.5.10

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

25 Jan 2012 22:15
Release Notes: This release features 14 new registry reports: autorun, services, IE download folder, IE typed URLs, MRU files opened/saved, MRU files executed, search assistant, printer ports, processors, all devices, enumerated devices, HID devices, network devices, and stream devices. Minor improvements were made

Download mobiusft-0.5.10.tar.gz or mobiusft-0.5.10.zip

[Tool] Acunetix WVS 8 Released Candidate 2012

Image
Improvements:
The accuracy of Script Checks has been increased. The Acunetix development team is dedicated to continuously improve scan detection of security checks.
The Graphical User Interface (GUI) has been enhanced in order to make menu navigation and usage easier and more effective than ever before.
SSL security audit script is launched automatically when scanning a HTTPS website, regardless if port scanning is enabled or not.
Added a number of new SQL Injection variants checks.
Bug Fixes:
HPP detection security script failed when testing input scheme with excluded variants
Apply settings button not showing up in specific cases
Fixed several issues related to pausing and resuming of crawler
Fixed several issues when running multiple instances of the reporter
Two backup files were being generated because of filename case insensitivity
Filtering of wildcards from robots.txt
Download Acunetix WVS 8 Released Candidate  vulnerabilityscanner8.exe

[IC3] TIMESHARE MARKETING SCAMS

Timeshare owners across the country are being scammed out of millions of dollars by unscrupulous companies that promise to sell or rent the unsuspecting victims' timeshares. In the typical scam, timeshare owners receive unexpected or uninvited telephone calls or e-mails from criminals posing as sales representatives for a timeshare resale company. The representative promises a quick sale, often within 60-90 days. The sales representatives often use high-pressure sales tactics to add a sense of urgency to the deal. Some victims have reported that sales representatives pressured them by claiming there was a buyer waiting in the wings, either on the other line or even present in the office.

Timeshare owners who agree to sell are told that they must pay an upfront fee to cover anything from listing and advertising fees to closing costs. Many victims have provided credit cards to pay the fees ranging from a few hundred to a few thousand dollars. Once the fee is paid, timeshare owners r…

[Lượm] VMWare Tools on VMWare Player 4.x

With the introduction of VMWare Player 4.0, VMWare Player seems to no longer automates certain aspects of the VMWare Tools Install process. Therefore, you will need to take a few additional steps in order to properly install VMWare Tools on your viaExtract Virtual Machine.

Upon initially opening the Virtual Machine, select Install VMWare Tools from the Virtual Machine tab at the top of the Virtual Machine. Select OK at the next message and a CD Icon Should appear on your Desktop. Double click the icon to open up the media window. This ensures that the CD has properly mounted and we can continue with the command line prompts. Open a Terminal Window (The Black Icon box at the top of your Virtual Machine and enter the following command.
cd /media/VMware\ Tools/Next run:
lsYou should see 2 files. One is a manifest.txt file and the other is a VMWare tar file. Take note of the version in the file name. The version we installed is v8.8.1-528969 because it is the latest version of VMWare Tools.…

[Security] SQL Injection Cheat sheet

Image
From


[Security] Compromised Chrome Plugin Forum

Image
This morning Websense® ThreatSeeker® Network alerted us that if a user enters the term "Download Chrome" in Google Search, the 36th result would result in potentially malicious content being downloaded to the user's machine.

I'll briefly describe the attack vector in which the content is sent to the user.

Web Search

Search for "Download Chrome":





The 36th result leads to a compromised, unofficial Google Chrome plugin Web page:



Compromised Web site
The 36th result leads to to this website:



The above site:



is a legitimate, unofficial Google Chrome plugin forum Web page which is pulling in content from two malicious Web sites. We believe this Web page was compromised.

One indicator that this is a compromised site, as opposed to a site set up for strictly malicious purposes, is that the whois registration information, which helps indicate the reputation, is registered in 2008. The registration details also seem to indicate that real information was provided. Ag…

[Jailbreaking] your iPhone 4S or iPad2 5.0.1

Been waiting for this one for awhile. Awesome job from the dev-team on releasing a jailbreak for the iPhone 4S and iPad2. Real easy:
First thing, make sure you are on 5.0.1

Download: http://jailbreaktools.com/downloads/osx/absinthe-0.1.2.2.zip

Unzip. On OSX Lion I had a “Absinthe quit unexpectedly”. If you run into this, open up a terminal and cd into the root directory of the directory that has Absinthe.app. Do not go into the directory and type: sudo ./Absinthe.app/Contents/MacOS/Absinthe

It will restart a few times, you probably should remove your passcode lock as it can hose the install process. Once it reboots, go to your home screen on the iPhone and look for the Absinthe icon. Click on that (may need to wait a couple minutes for 3G to connect) and it'll reboot. You should now have Cydia in place.

[Tool] Oxygen Forensic Suite 2012 v.4.0.1

New in Oxygen Forensic Suite 2012 v.4.0.1:
Applications. Added support for SkyFire Web Browser user data for Apple devices. It allows to examine the web history and saved bookmarks.

Applications. Added support for Touch application user data for Android OS and Apple devices. It permits to view the friend’s list, chats, shared photos, comments, etc.

IPD Viewer. Added ability to convert the selected text.

Added support for 80 new Android OS devices. The total amount of supported devices is 2800.

General. Removed restriction on working with the program database stored in the network.

Device Extraction Wizard. Accelerated Device Extraction Wizard loading.

Calendar. Improved Unicode support.

Desktop. Improved Unicode support for Device notes.

Export. Interface improvements.

Web Connections and Location Services, Locations. Now only figures can be entered in Accuracy filter.

Export. Fixed problem with exporting and printing of all the data from Desktop.

Database. Fixed problem with …

[Fix] Chassis intruded ! Fatal Error System Halted

Image
Gặp lỗi này thì làm như sau

Lượm 1
trường hợp của bạn là bạn chỉ cắm đường quạt trên cổng điện quạt cho cpu còn 1 đường nguồn quạt cho chipset bạn để trống nên nó báo vậy , bạn vào bios disable cái quạt system đi là oke .
trường hợp 2 . có thể jumper đường Open case bạn chưa cắm hoặc đang để chế độ open ,
trường hợp 3 cable IDE cắm thiết bị ổ nhưng lại set là slave
trường hợp 4 vẫn chỉ là set chức năng chưa hợp lý trong bios
Lượm 2
Problem “Chassis Intruded ! Fatal Error ….. System Halted.” Note : Mother Board most be out of electricity in all of these steps.
Check if your PC Chassis is closed “A sensor on the chassis most be pushed when closing the cover”.
If the problem persist check the Chassis intrusion Jumper on your Mother Board “See the manual user for your Mother Board before removing or changing the place of any Jumper” a jumper most be placed on the in Pin-1 and Pin-2 this is the right jumper position to deactivate the chassis intrusion option after that you should remove th…

[RAT] Chúc mừng năm mới - Nhâm Thìn - 2012

Image
Do một chút sự cố về con Desktop nên giờ mới có điều kiện online :)

Chúc độc giả của Toiphammaytinh có 1 năm mới sức khỏe, ấm áp và vững tin về một năm tài chính ổn định :)

Về bản thân bài viết trên Toiphammaytinh vẫn theo 2 hướng chính

- Điểm mặt 1 số tin tức về Security, Forensic
- Cung cấp cho độc giả các tài liệu về khoa học pháp lý liên quan đến tội phạm máy tính (hay phổ biến hiện nay gọi là Tội phạm sử dụng công nghệ cao) - Chứng cứ - lý luận .v.v

[Security] What's hot at AVAST Software

Image
The second week of January 2012 started with amazing growth in terms of numbers for AVAST Software. Numbers and stats might not sound that “hot” and maybe you are wondering why I would write a blog post about it, but these numbers are REALLY HUGE and it is YOU – our avast! Community – who greatly helped us to achieve such results. Look at this:

1. Over 500,000 – fans of the avast! antivirus official page on Facebook.



In comparison: in January 2011, we had approximately 50,000 fans. Without investing any money into advertising, this number multiplied by 10! Actually I should say that YOU multiplied this number for us. Well done, guys! What is truly amazing about it is not only how quickly the number of new fans grew, but also how involved our fans are.:)

2. Over 1,000,000 people installed on their smartphones avast! Free Mobile Security – the new anti-theft and anti-malware app from AVAST Software – in just 16 days. I believe that no further comment is required about this.


3. Last but…

[Security] World IPv6 Launch on 6 June

The Internet Society is organising World IPv6 Launch for 6 June 2012, when participating internet service providers, network equipment manufacturers and other service providers will permanently enable IPv6 on their connections, devices and services. The event is a follow-up to last year's World IPv6 Day. Google internet evangelist Vint Cerf said that he considers 6 June 2012 a turning point in internet history, and that it will create substantially more IP addresses for the internet as well as strengthen the net's end-to-end principle.

Participating internet service providers currently include AT&T, Comcast, Free Telecom, Internode, KDDI, Time Warner Cable and XS4ALL. Several companies – including Comcast, XS4ALL and the French Free Telecom service – already offer IPv6 to many of their internet customers. The announcement said that on 6 June, at least one per cent of each participating ISP's subscribers will be able to access the net via IPv6, and that this will happen…

[Hình ảnh] Phản đối SOPA :)

Image
Một số hình ảnh sưu tập được









[Security] Obama Says So Long SOPA, Killing Controversial Internet Piracy Legislation

The growing anti-SOPA (Stop Online Piracy Act) support that has swept through the gaming and Internet community found a very big ally today. With websites like Reddit and Wikipedia and gaming organizations like Major League Gaming prepared for a blackout on January 18th – the same day that the House Judiciary Committee hearing on HR 3261was scheduled in Washington, DC – President Barack Obama has stepped in and said he would not support the bill. SOPA has been killed, for now.

Much to the chagrin of Hollywood, the Entertainment Software Association (which has been a backer of the bill from early on), and Internet domain company GoDaddy.com (which lost many accounts as a result of its support for the bill); SOPA has been shelved. The Motion Picture Association of America, one of the bill’s largest sponsors, is expected to regroup.

California congressman Darrell Issa, who has been opposed to the bill from the beginning, praised the Internet action that has swept like a virus across the …

[Report] Twitter statistics 2011 by marketinggum

Image
Twitter officially launched in 2006 and started its meteoric growth around January 2009, so how’s everything tracking in 2011? Let’s take a look at who’s doing what and how much of it they’re doing in these updated Twitter stats for 2011…

On March 14th this year Twitter celebrated it’s 5th birthday. The first tweet was sent on March 21st in 2006 by Jack Dorsey (Twitter’s creator).

According to Twitter, the record for the number of tweets per second (TPS) is 6,939, set at 4 seconds after midnight in Japan on New Year’s Day. This dwarfs the previous record of 456 TPS (on the day Michael Jackson died).

In 2007 the average was 5,000 tweets per day.
In 2008 that had grown to 300,000.
In 2009 tweets per day averaged 2.5 million.
In 2010 that number was 35 million tweets per day.
In the month of March 2011 alone, 140 million tweets are being sent on average per day.

Update: As of June 2011, users on Twitter are now averaging 200 million Tweets per day.


Below is a superb infographic from Digit…