crazylazy.info

Malicious Office Documents

On very common entry point these days are malicious office documents. If you've got no idea on how interactive these "documents" can get, take the test at decloak.net (Start button). You'll get a .doc file that's performing network connections and in this case bypassing antonymization technologies.

Some AV Vendors Lack Efficiency

Once upon a time we were living in a world where creating protective technology, still called Anti-Virus, was a good thing to do. These days vendors seem to be too relaxed with the idea of selling the pig in a poke.
(Source: Roel Schouwenberg's rant ;) - yes I reversed his message)

Teaching?

What took the most of us to learn,
is what we teach best.

I found a good collection of IT security specific learning materials. Even if you're an old hand in the fields, you might catch something new, nevertheless I guess it's a university course intended for starters.

Introduction and Source Code Analysis, Dan Guido
Reverse Code Engineering, Stephen A. Ridley
Memory Corruption, Dino Dai Zovi
Fuzzing, Mike Zusman
Client-side attacks and Post-Exploitation, Dean De Beer
Web Hacking, Erik Cabetas

About IT security and more

hey guess what: the trojan horse has got a black hat :)

The conference material at BH is always kewl. Attending to this con is highly expensive because it's far away - in my case. Well... here's the material publicly available. For personal entertainment: Follow this link.

Highlights for the moment

Not just the disks!

it turns out rock climbing sometimes is easier than diving.

Generations of forensic experts just used data from the hard-disk. They dived down deeply into the filesystems to dig for all kinds of incident. But what's with the surface?

It turns out if you've got a chance to get hands on RAM nowadays, you should take it. - Even in pentesting: here's why and how.

Why?

JS and the Acrobat bring the Swine Flu to Linux

Human or swine origin - in case of spammers that's now the question.

It seems to be a strange friendship: since JavaScript in Adobe's Acrobat Reader is common, targeted Office Malware attacks against it are everywhere. What's extraordinary dangerous here is, that especially unsophisticated users who just do their Office-stuff, are affected. - Not just the Administrator or any other IT person, that'll be far away to fix this.

All I can say: yes, affordable now.

Keeping the tradition of the blog up... just a short write-up this week. Lots of other dings to do. Nevertheless I had some fun with the recent top security news.