crazylazy.info

Malicious Office Documents

On very common entry point these days are malicious office documents. If you've got no idea on how interactive these "documents" can get, take the test at decloak.net (Start button). You'll get a .doc file that's performing network connections and in this case bypassing antonymization technologies.

Great new features

Microsoft designed a powerful Debugging Engine, however the offical frontend lacks the useability ollydbg or Immunity Debugger have.
There're only a few useful extensions I know of.

Byakugan is an awesome set of extensions for WinDBG. It's is based on MS Detours.
And there's msecdbg aka "!exploitable".
Both are interesting to speed up writing exploits. Combining the power of these Debugging extensions with the insights IDA offers seems to be promising:

wishi's Fuzz-Box

A Fuzz-Box for me is a standalone machine. It has to:

• host multiple virtual machines at once (max 2 in my case)
• effectively manage ~4 GB RAM
• be Linux compatible with, stable clean device drivers
• energy efficient and ergonomically able to run 24h/day 7d/week...

Scaling Hardware?

You don't want a performance monster. - Or a gaming machine. And you do not want trash, because you're going to spend valuable time with it.

How to think security

by Ivan Ristic, just a part of it

People in application development generally have different perspectives. Developers often focus on getting stuff up and running in an efficient feature-rich way, testers focus on confidentiality, integrity or stability/availability issues... Marketing focuses on getting Outlook to display yesterday's i-Mails with smilies. :) Well, lets forget these people here.

A collection of tutorials, videos and fun

I think it's an amazing site. There're many video tutorial sites these days. However the quality differs a lot. In the following I listed stuff I like so far. Feel invited to watch everything:

Programming

Python programming course from MIT - the advanced stuff may be of some interest, however it starts of with fairly trivial and introductorily mentioned stuff.

Some AV Vendors Lack Efficiency

Once upon a time we were living in a world where creating protective technology, still called Anti-Virus, was a good thing to do. These days vendors seem to be too relaxed with the idea of selling the pig in a poke.
(Source: Roel Schouwenberg's rant ;) - yes I reversed his message)

A brief reversing tutorial

I recently came across the problem, that I needed to collect strategically important information according to the Heap while executing the application. On Windows there're certain restrictions: tool-suites like Valgrind with croncile-recorder didn't seem to exist at first. Sysinternals' VMMap by Russinovich and Cogswell are much too basic in their functionality. But there's IDA, there's Pedram's Paimei... and there's Grenier's Byakugan in the Metasploit projects. And much more ;). In the following I'm just referring to Paimei, because I still have to sort some things out with WinDBG. It's an ugly monster that I need to tame actually.