Showing posts from April, 2012

[Tool] Wincheck is a tool that inspects undocumented

Wincheck is a tool that inspects undocumented or not less documented Windows internal structures. If you think that this is another anti-rootkit software and it supports disinfection or automatic analysis of rootkits, you are mistaken. However, it can help you with process anomaly detection, that makes it much more powerful than most of the “classical” anti-rootkits. Wincheck was built by the author because many existing commercial and free anti rootkit tools can’t display or check multiple important Windows structures that modern rootkits use. Since Wincheck does not use symbols and it detects addresses and functions with static code analysis only, you can easily check internal Windows structures. It uses unsigned driver so starting from Windows Vista it requires system boot with “Disable Driver Signature Enforcement” option (use F8 boot menu) and hence it has to be run with Administrator privileges. Wincheck can analyze kernel mode structures or user mode processes. Good news is th

[Tool] PdfStreamDumper - analysis of malicious PDF documents

PdfStreamDumper is a free tool for the analysis of malicious PDF documents. It also has some features that can make it useful for PDF vulnerability development. It has as specialized tools for dealing with obsfuscated javascript, low level PDF headers and objects, and shellcode. In terms of shellcode analysis, it has an integrated interface for libemu sctest, and a shellcode_2_exe feature. Javascript tools include integration with JS Beautifier for code formatting, the ability to run portions of the script live for live deobsfuscation, toolbox classes to handle extra canned functionality, as well as a pretty stable refactoring engine that will parse a script and replace all the screwy random function and variable names with logical sanitized versions for readability. PdfStreamDumper also supports unescaping/formatting manipulated pdf headers, as well as being able to decode filter chains (multiple filters applied to the same stream object.) Download  PDFStreamDumper_Setup.exe

[Report] State and Trends of the Russian - digital crime market 2011

Cybercrime investigation experts, when using the generic term hacker, prefer to classify cybercriminals by the nature of their specific activities, as well as nationality. The latter draws particular attention to the different ways ex-perts interpret the term Russian hackers. Russian computer forensic specialists prefer to use this term for Russian citizens who carry out criminal activities inside Russian territory. In the United States and Europe, Russian traditionally refers to not only Russian citizens, but all citizens and immigrants from the countries of the former Soviet Union, sharing a common history and language. This distinctiveness is reflected in the way Western specialists interpret the term Russian hackers when referring to cybercriminals from the Baltics, Ukraine, or Central Asia. Therefore, one of the goals of this study is the evaluation not only of the Russian cybercrime market, but also the analysis of the entire Russian segment of the global cybercrime mark

[Tool] Flashback Removal Tool 2012

How to use the tools: 1) Download to the Mac machine you want to scan. 2) Double-click the zip package to unzip it in the current folder 3) Double-click the FlashBack Removal app to run the tool 4) Follow the instructions to check your system and clean any infections The tools creates a log file (RemoveFlashback.log) on current user’s Desktop. If any infections are found, they are quarantined into an encrypted ZIP file ( to the current user’s Home folder. The ZIP is encrypted with the password 'infected'. Apple has announced that it's working on a fix for the malware, but has given no schedule for it. Source: F-secure Other Check_Your_Mac_for_Malware variant-of-mac-flashback-malware-making-the-rounds

[Change] Toiphammaytinh Apr 2012

Font: Google API Comfortaa Oswald Bỏ bớt các JS Blockquote. Thử nghiệm abc def

[Thủ đoạn] Lừa đảo qua mạng

Ngày 5/4, cơ quan CSĐT Công an quận Đống Đa (Hà Nội) cho biết đang hoàn tất thủ tục để khởi tố bị can, cho tại ngoại đối với Phạm Hồng Hạnh, 22 tuổi, trú tại phường Nhật Tân (Tây Hồ, Hà Nội), về hành vi lừa đảo chiếm đoạt tài sản. Phạm Hồng Hạnh là một gã trai có hình thức trắng trẻo, đẹp đẽ, ăn nói ngọt ngào, dễ nghe. Chính vì thế, khi làm quen với các cô gái trên mạng Internet, bao giờ cậu ta cũng đưa ảnh webcam để "câu" cảm tình các cô gái mới lớn. Hạnh thường chọn các nick của các nạn nhân rất "kêu" như: thienthantinhyeu; tieuthukieuky; girl sanh dieu-thich uong ruou, bởi theo cậu ta giải thích, có vẻ những nick này thích đi chơi và dễ rủ đi chơi hơn. Và ngay ngày đầu giáp mặt để rủ các cô gái này đi chơi, Hạnh đã nghĩ ra đủ các mánh khóe để lừa đảo tài sản của họ… Theo tường trình của nạn nhân Đào Thị H., 21 tuổi, trú tại Tây Hồ (Hà Nội), qua chat trên mạng, H. quen Hạnh và cảm mến anh chàng này bởi cách nói chuyện dí dỏm. Ngày 3/2, Hạnh rủ H. đi uống n

[Infographic] BYOD Infographic by ESET