Authenticode and Antivitus Detection

Editors note: This used to be multiple blogposts that have been collected together in chronological order It turns out that many antivirus engines white list authenticode signed binaries regardless of the trustworthiness of the signature. Here's an experiment that I performed, feel free to play along at home (remember to be careful when working with malware). Step 1: Find some malware This was actually the most time consuming step, a lot of places talk about…

Read more →

The Best of the Web Filter

There are a lot of bad websites out there and visiting one can do bad things to your network. There's plenty of technologies that try and detect bad pages and block or filter them but the problem is that they're imperfect. There are other solutions like whitetrash that only allow you to visit sites that are listed as good (whitetrash is awesome, go play with it). The problem is creating the list of what sites are…

Read more →

Whitetrash

whitetrash is a great web security companion for squid, it is great in many ways and I thought I'd throw a plug in for it here. Not only does it only allow people to visit approved sites it also lets the users (or the administrators) add sites to the approved list via a web form that you get automatically redirected to. As of 1.0 it also checks sites against the Google Safebrowsing API so that…

Read more →