OS Scan 2004
Once again, its that time. The time when we take some of the more
popular operating systems used today, and see how they compare out of
the box and with their latest security patches. The purpose of this project
is to see how Linux stacks up against Windows XP, or Solaris against Windows
2003. Check out OS SCAN 2004!!!
It's been a year, and I have dedicated my efforts to www.infosecwriters.com.
However, I have some new projects coming out that this site will be used
for staging. As always, I look forward to your comments. Please email
Reverse Engineering Worm_Mimail
While at SANS in Washington DC in July, I took a class given by Lenny
Zeltser. A true genius when it comes to reverse engineering malware. So
using some of his techniques, I have reverse engineered the latest Internet
Combating SPAM Problems in a Corporate Environment
Brien M. Posey has written a paper on everbodys favorite topic, SPAM.
He touches on the corporate perspective and gives a quick review of products
to help battle the spamsters.
Due to hosting problems, we have decided to move the site to a professional
hosting service. Additionally, the Honeynet@home project will receive
more attention as the connection and old site hardware will now be incorporated
in to the project.
This is a paper written by Abhishek Bhuyan on Cookies.
He discusses what cookies are, what are they used for and how they work.
There is a good example included on how Cookies work, making this a worthy
ID Management Presentation
Brian Cincera presented
ID management at this months Infraguard FBI meeting. Brian has more
than 12 years of professional experience in the design, development, and
implementation of enterprise security and network infrastructure systems.
Experience in developing security policies and standards, application
and infrastructure security testing and mitigation programs and implementing
security monitoring and management capabilities. Experience in enterprise-wide
security assessments evaluating people, process and technical risks and
controls. Deep Program Management experience with design and deployment
of mission-critical network and security infrastructure
Honeypot Series: Design of a Linux Honeypot
This is a paper written by Stephen Holcroft back in April 2002. He covers
the details of building
a Linux 6.2 Honeypot that includes details on proper analyzing. This
is a very informative paper and a recomended reading.
Honeypot Series: Analysis of Linux Honeypot Compromise
This is a paper written by Stephen Holcroft back in April 2002. It is
an analysis he did of a compromised
Linux 6.2 Honeypot. This is a very informative paper and a recomended
Preview of the Honeynet Peer-to-Peer Study
I have decided to post a preview of the Peer-to-Peer
Application study that is being performed on the Honeynet@home network.
This study is meant to demonstrate any risks of using some of the more
popular peer-to-peer applications available like Kazaa and Bearshare.
This paper will be updated and proofed shortly for release at www.infosecwriters.com.
Product Review: InsideOut Firewall Reporter
Relevant Technologies has put together a review of the product "InsideOut
Firewall Reporter". This product analyzes data produced in common
Enterprise Identity Management Presentation
Brian Cincera presented this Powerpoint
presentation at the NY Infraguard meeting in May. Brian is a Security
Practice Engineer for Greenwich Technology.
OS Scan 2003: Solaris 9
Solaris 9 on Sparc hardware has been added to the OS
Reverse Engineering Malware (Microsoft Update Email Fakes)
This paper is designed for the semi-technical.
Using some of the best tools today to study an Internet Hoax's affect
on a system that are becoming quit common. In this report, you will see
detailed analysis of registry and file system changes, a review of the
delivery method as well as a peek into the malware.
This paper is designed for the typical non-technical audience on Internet
Hoaxes. Over the last few weeks we have received several of these "convincing"
emails, and decided to do our part in educating our readers. Read our
paper "Internet Hoaxes" in an
HTML Powerpoint presentation.
OS Scan 2003: Windows Server 2003
Windows Server 2003 Beta has been added to the OS
Scan project. A re-scan of the official release will be posted when
available. Take a look at how it compared to Windows 2000 Server.
OS Scan 2003: Solaris 8
Solaris 8 on Sparc hardware has been added to the OS
OS Scan 2003: Windows XP
Windows XP has been added to the OS
OS Scan 2003: Windows 2000 Server
It's time again for the annual OS
Scan project. This year, we look at
the latest server Operating Systems and compare them against each other
using the new and improved Nessus 2.0 technology and NMAP. Windows 2000
Server is the first OS to be analyzed.
What is it?
The Honeynet@home has kicked off full blast! We will be releasing packet
captures of specific traffic logs to and from the Honeynet. The goal
is to give a reference point to packets and associated attacks. Check
out the new section "Packet Analysis". New links in the title bar at
the top and at the bottom allow quick access.
Don't Take Code Red Lightly
Larz has just completed a paper entitled "Dont
take Code Red Lightly".
Abstract: "In confronting malware, there is nothing innovative about
new strains of Klez, Yaha, SirCam and Code Red. Yet all of these worms
have demonstrated unprecedented staying power on the Internet despite
the existence of patches, anti-virus signatures, personal firewall protection
and Intrusion Detection technology. Why are these threats so prolific
and why do new threats gain traction so quickly if all they amount to
are retread malicious code?
This paper analyzes the patterns of emerging malware and presents a strategy
to assist network and security administrators in addressing "new"
yet old threats."
Selling Security to Management and the Business
I got an idea to take notes on what I have learned and what experienced
from presenting and selling security to upper
management. This paper provides notes that are essential to anyone
who is presenting security.
A Practical Approach to Defeating NMAP OS-Fingerprinting
David Barroso Berrueta has written a fascinating paper
on this subject. This paper is in PDF format.
Ian Briggs has written a paper that focuses on email
security. Well referenced and covers a lot of ground, a definite must