TheInterW3bs.com

Just another guy griping on his blog

Botnets, botnets and more botnets

Oct 25

Posted by nick in Security

Hakin9 kicked out another Extra issue this one devoted to Botnets.  It covers some basic overviews on botnets and a few articles covering some more technical aspects of botnets.  If you are newcomer to botnets then this issue is the one to read and if you are simply looking for a couple technical articles on botnets then the first two articles are an awesome source.

The first article, titled “A study of a Botnet creation process and the impact of a DDos attack against a web server” is about the bot BlackEnergy and all of its functions.  It was a pretty interesting read on BlackEnergy, it’s functions and configs.  It covers the bot’s capabilities and then discusses a load test (aka a BlackEnergy attack) against a web server.  While load tests are never the perfect replica of an environment the results are still note worthy and easily show the results of a BlackEnergy attack.

The next article, “Zeus Botnet” goes over how to build and configure Zeus.  I haven’t ever had the chance to build Zeus but after reading this I should really play with some the code some.  It was an extremely interesting overview on the packaging of Zeus.

The following article is a short article on Bots that are abusing VoIP and DTMF tones.  It doesn’t go into any large detail about these specific botnets and their VoIP control but it introduces the user to another medium bots are being herded.

The next article, “BotNet, the Right Hand of the Criminals” is an introduction to what botnets are.  If you are new to the topic I suggest reading this article prior to any of the others.  It was a really nice overview on common botnet procedures, including a fair amount of common botnet statistics.  It was an easy very high level read and the perfect nontechnical introduction for a beginner.

Botnets for fun and profit (man, the title never gets old) is another overview of botnets but on a little more of a technical view.  Once again it was a high level overview but with a tad more technical aspects.

The next article, “Social Networking and Security Risks” is exactly about exactly what the title states.  While a lot of the suggestions, tips and information might seem like commonsense pieces of information unfortunately the truth is most people don’t follow these simple rules and suggestions.  If you are looking for an article to help you explain a lot of these types of risks out there this article can help.

“What is a botnet”, is another 10k view of a botnet overview.  I am not saying tiwas a bad article at all but if you take in all 3 botnet overview articles and the top two technical articles you will have a pretty nice understanding of how some commonplace botnets work, giving you a good not overly technical overview of botnets.

The last article, “Top 10 iPhone Security Tips” is a really nice article on properly securing your iphone.  Of course there are usually 300 different ways to achieve something but this overview does a terrific job detailing a lot of good security steps for your iphone and what I would consider an absolute must read for all you iphone users.  While this article isn’t botnet related it is probably my top pick for this issue because the information in the article is completely laid out for the user and is one of those things that can save you some time from mucking around the phone or forums looking for the proper actions to perform when securing your device.

No Comments

Hack Apple issue

Oct 14

Posted by nick in Hacking

I can’t keep up with all the issues the folks at Hakin9 are kicking out but continuing my reviews, the latest issue of Hakin9 is mainly focused on Apple security concerns.  A few articles sway off the Apple topic but for the most part the articles can give anyone entering into the Apple security space a well rounded introduction.

The first article “Hacking Tools on iOS” covers some of the more popular jailbreaking apps available.  I don’t have much experience with iphones or ipads but I found this article pretty informative.  It covers how to patch your jailbroken iphone, which apps are available for the most common hacking tools.  If you are new to Apple iOS hacking this article should give you a great start.

The next article discussed a small little bit of C code called osxmem, osxmem-chunks, osxmem-react.  The code allows you to poke around what’s floating in your memory, cause some segfaults all without dumping memory and carving.  It seems like a nice way to possibly poke around certain area of memory you are interested in.  Definitely something I think I may have to give a whirl.

The next article, titled “As Apple Devices Gain Popularity, Do they become more vulnerable to exploitation” is a odd little article.  It lists out a ton of CVE directly related to Apple hardware and software then discusses some recommend methods for hardening your devices.  I frequent CVE’s and vulnerability tracking sites enough that I thought it was odd to read an article listing so many CVEs but listing the vulns out helped detail a lot of the risks that are growing for Apple devices.  As odd as I found it, I liked seeing an article list out some of the more concerning vulnerabilities in CVE form.

The following article “Import Hooks for Encrypted Python Modules” is about using hooks to import your encrypted python code.  I started reading the article but shortly into it my eyes started to glaze over.  Even with my eyes drifting, it was probably my second favorite article of the bunch.  It was well written and it was pretty informative and thorough.  I just haven’t yet had the need to encrypt any of my Python code (It’s bad enough that I probably should) so I will have to say that this article is perfect for anyone who has the need to encrypt their code.  Until then I will shelve this topic for when the need arises.

The article “Apple OSX and iOS Hacking News” is a little different spin from the previous article discussing CVE’s.  This article goes into a high level view on some of the hot security concerns that have happened over the last year.

The next article “Interception with Paros Proxy” is a pretty nice little article for any newcomer to web analyzing or attacking via a proxy.  If you are totally new to this topic then I give the article a read, it should help get you a quick 5 minute intro into proxying traffic.  My only real comment to this article is that the reader should also check out the Paros fork Zed Attack Proxy.

The following article “From Praying to Preying” migrates over from Apple to Android and discusses the Android application, Prey is an android application that Geo tracks your device and notifies you via SMS messages.  This app looks promising for those that are interested in monitoring their devices in the case of theft or loss.

The next article, Facebook and the Fuzz is a fairly decent article dealing with smart phones and their use when incidents and news worthy situations are happening.  It discusses current trends in legislation, possible future restrictions on smart phone devices and law enforcement situations.  Facebook really isn’t the main focus of the article as is the use and public nature of social media and the responses that can happen due to them.

The last article is an interview with the UK researcher David Harley.  The interview was pretty interesting to hear a prominent voice discuss his views of some subjects that are sometimes ignored by the higher level folks.  In particular his Mac Security viewpoints are very interesting and informative.

No Comments

Low-end Windows Patching

Sep 23

Posted by nick in Security, Windows

In every environment you will run across systems that are missing some patches.  Sometimes your patch management tool fails or the other circumstances prevent you from getting a patch to a machine.  Most places I see, prevent their machines from going straight to Windows Update and I’ve found myself in situations before where I want the simplest solution to apply a patch on a remote machine without the user knowing and without going thru some SCCM or [INSERT TOOL HERE] hell.  Here is a simple method that I have used in the past.  It is a great cheap Windows patching solution.  Of course you need remote admin on the machines in need of the patch to perform these actions.
First visit the appropriate IT professional page to determine the correct switches (usually /quiet /norestart).  For example, for MS11-058 http://technet.microsoft.com/en-us/security/bulletin/ms11-058.  Then create a text file containing the names or IP addresses of the machines in need of the same patch.

type ms11-058.txt
windowsbox1
172.16.2.2
172.16.3.3
windowsbox2
windowsbox3
windowsbox4
windowsbox5

Then create a batch file that reads the ms11-058.txt and copies the patch to the remote machine’s c:\windows\temp and then runs the patch command syntax on the machine.

type ms11-058.bat
@echo off
REM MS11-058

FOR /F "tokens=*" %%G IN (ms11-058.txt) DO xcopy Windows6.0-KB2562485-x86.msu \\%%G\c$\windows\temp\

wmic /node:"@ms11-058.txt" /user:YourAdminAccount process call create "cmd.exe /c cd c:\Windows\Temp && C:\Windows\Temp\Windows6.0-KB2562485-x86.msu /quiet /norestart"

And if the Microsoft gods are smiling on you that day, the pc should now be patched.

No Comments