Authenticode and Antivitus Detection

Editors note: This used to be multiple blogposts that have been collected together in chronological order It turns out that many antivirus engines white list authenticode signed binaries regardless of the trustworthiness of the signature. Here's an experiment that I performed, feel free to play along at home (remember to be careful when working with malware). Step 1: Find some malware This was actually the most time consuming step, a lot of places talk about…

Read more →

Capture the Pequod (DEFCON 18 CTF Quals)

Last weekend I distracted myself from my university work by competing in ddtek's Defcon CTF quals. It was a bunch of fun and I recommend that everyone gives it a go. A good place to start if you're not sure what I'm talking about is over at wikipedia: Capture the Flag. Defcon CTF is played by teams of 5-6 people who spend the weekend trying to solve puzzles ranging from binary reverse engineering, exploit development, disk forensics, cryptanalysis…

Read more →

The Best of the Web Filter

There are a lot of bad websites out there and visiting one can do bad things to your network. There's plenty of technologies that try and detect bad pages and block or filter them but the problem is that they're imperfect. There are other solutions like whitetrash that only allow you to visit sites that are listed as good (whitetrash is awesome, go play with it). The problem is creating the list of what sites are…

Read more →

Whitetrash

whitetrash is a great web security companion for squid, it is great in many ways and I thought I'd throw a plug in for it here. Not only does it only allow people to visit approved sites it also lets the users (or the administrators) add sites to the approved list via a web form that you get automatically redirected to. As of 1.0 it also checks sites against the Google Safebrowsing API so that…

Read more →