Some Documents of File Specifications/Formats
Here are some documents to help you understand some file formats/headers, for file format fuzzing purpose: WAVE PCM soundfile format (RIFF) https://ccrma.stanford.edu/courses/422/projects/WaveFormat/ ZIP File format specification http://www.pkware.com/documents/casestudies/APPNOTE.TXT MPEG File format http://www.mpgedit.org/mpgedit/mpeg_format/mpeghdr.htm#MPEGTAG GZip File format http://www.gzip.org/zlib/rfc-gzip.html SWF File format http://the-labs.com/MacromediaFlash/SWF-Spec/SWFfileformat.html TIFF File format http://www.awaresystems.be/imaging/tiff/faq.html EXIF File...
read moreRemove Comments from Configuration
Sometimes when you want to config something, it contains the comments from the developer which will help us to figured out which options of arguments will be used. But if you are already familiar with the configuration, comments are so annoying, so here is how to eliminate them (using apache2.conf as example): sed '1p; /^[[:blank:]]*#/d; s/[[:blank:]][[:blank:]]*#.*//' /etc/apache2/apache2.conf | more or write it to a file: sed '1p; /^[[:blank:]]*#/d; s/[[:blank:]][[:blank:]]*#.*//' /etc/apache2/apache2.conf > /etc/apache2/apache2.conf.nocomments Use it with caution,...
read moreMalware… oh malware
This afternoon, when I was working at my collage, I found an annoying nag screen from one of antivirus application which told me that the computer has been infected by a trojan. Since I had a curiousity with this kind of “software”, I decide to play around with the malware a little. I decide to download some standard application to help me analyze the malware. Here are some of the application : CaptureBAT TCPView Ollydbg Process Monitor Telnet Mandiant Red Curtain Ok, the antivirus said that the application which was suspected as a trojan locate at C:\Windows\ and named with...
read moreDay-to-day system administration
Day-to-day system administration encompasses many activities, but most focus on keeping your computers and networks running smoothly by maintaining equipment, making sure there’s sufficient space on the system disks, and protecting the system and its software from damage. Examples include making sure users can’t modify system software; checking each new release of a vendor’s software, especially fixes to security problems, to be sure such problems have really been fixed; and insisting that users or system administrators promptly patch any security holes or other bugs that...
read moreDetecting Intrusions (Theoretically)
How do you know when you’ve been attacked successfully? That question has been posed by administrators and intrusion analysts for a long time. The methods used for detecting successful attacks used to be more art than science. Luckily, various tools are now available to make intrusion detection much more science than art. With that said, the primary tool for intrusion detection still remains a human who can gather data from a number of sources and make an intelligent, educated decision about the meaning of the data. The current tools are sophisticated and can perform some of this...
read moreApplication layer firewall
Application proxy firewalls are the most intelligent firewall architecture. By intelligent, we mean that an application proxy firewall can perform the most detailed inspection on data before making a filtering decision. An application proxy firewall can decode and process at the application layer the data contained in packets. Consequently, application proxy firewalls can filter based on the actual application data content. For example, with a packet-filtering firewall, the firewall can merely permit or deny traffic based on data such as the IP protocol in use. So a packet-filtering firewall...
read more