mardi 6 mars 2007

Javascript traps for analysts

Here is a real nice article from Bojan Zdrnja I've just read, about some kind of new traps against javascript reversers.

I guess everyone reading this blog knows how to deobfuscate most of the actual used JS, but the article shows the malware coders are starting to take care of not being so easily reversed.
Personnaly (usually in hacking challenges) I'm mainly using the alert() méthod to deobfuscate parts of JS code, but it's true that it can become quite boring and tiringsometimes...
And to be honest, I didn't know Rhino, which I immediately apt-get'ed after reading this article ;-)

vendredi 2 mars 2007

PHP Bug's month

Well, to make it short, mars is the month of ... PHP Bugs !

Amazing to already see five bugs the 2nd day of the month ... Will it keep growing on this base ?

Let's wait and see... :-)

mercredi 28 février 2007

Trashing Inc.

Here's an article I've just read ...

This article is about the old known technic of "trashing" to get crucial informations about companies, or about their users, or network, or security... Anything you can think of that could be found in your trash.
This technic has often proven to be efficient in the years of 90, used widely by malicious hackers to get user names and passwords from companies.
Well I was smiling seeing this article, because I am still naïve enough to think almost all companies actually *are* recycling their trash in secure ways.
I might change my mind ;-)

mardi 20 février 2007

Attaques sur logs...

Vous intervenez sur un serveur compromis ? Vous pensez pouvoir vous fier aveuglément aux logs encore présents sur ce serveur ?

Je vous laisse lire ce document PDF très très intéressant écrit par le brillant Daniel Grzelak (Hi Dan ;-) ) de SIFT

Bonne lecture ! :-)

page 2 de 2 -