tag:blogger.com,1999:blog-46966556551221670492011-11-28T06:15:49.909+05:30Shashankhttp://www.blogger.com/profile/01783352202320808541noreply@blogger.comBlogger51100tag:blogger.com,1999:blog-4696655655122167049.post-34808972381877008512010-03-09T14:54:00.002+05:302010-03-09T14:57:13.729+05:30The presentation consist of worth knowing information about the State of Enterprise Security. Download it from <a href="http://www.symantec.com/content/en/us/about/presskits/SES_report_Feb2010.pdf">here</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4696655655122167049-3480897238187700851?l=infosecsage.blogspot.com' alt='' /></div>Shashankhttp://www.blogger.com/profile/01783352202320808541noreply@blogger.com0tag:blogger.com,1999:blog-4696655655122167049.post-89735826236195306942010-02-24T10:45:00.005+05:302010-02-24T11:25:31.944+05:30Alternate data streams (ADS) are a relatively unknown compatibility feature of NTFS. ADS have the ability to fork file data into existing files without affecting their functionality, or size.<br /><br />This feature helps an attacker to hide malicious files on victims machine.<br /><br />In the screenshot below I have created a test.txt file in ADS directory which already contains nc.exe the malicious executable.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_ataXKuJ11t8/S4S4hCmtcyI/AAAAAAAAB6M/UKi1hISDq3I/s1600-h/1.bmp"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 197px;" src="http://4.bp.blogspot.com/_ataXKuJ11t8/S4S4hCmtcyI/AAAAAAAAB6M/UKi1hISDq3I/s320/1.bmp" border="0" alt=""id="BLOGGER_PHOTO_ID_5441677127544828706" /></a> <br /><br /><br />Now I will hide the nc.exe using ADS.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_ataXKuJ11t8/S4S6Q8pqfiI/AAAAAAAAB6U/KxJm_KuahtY/s1600-h/2.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 142px;" src="http://4.bp.blogspot.com/_ataXKuJ11t8/S4S6Q8pqfiI/AAAAAAAAB6U/KxJm_KuahtY/s320/2.JPG" border="0" alt=""id="BLOGGER_PHOTO_ID_5441679050091953698" /></a><br /><br />As you can see in the screenshot nc.exe is no where in the ADS directory.<br /><br />Now to see the hidden nc.exe in test.txt:malicious.exe run the command <br /><span style="font-weight:bold;">start ./test.txt:malicious.exe</span><br /> <br />For more details follow link <a href="http://www.infosecwriters.com/texts.php?op=display&id=53">here</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4696655655122167049-8973582623619530694?l=infosecsage.blogspot.com' alt='' /></div>Shashankhttp://www.blogger.com/profile/01783352202320808541noreply@blogger.com0tag:blogger.com,1999:blog-4696655655122167049.post-14443939728571155362010-02-06T23:14:00.005+05:302010-02-06T23:24:41.350+05:30My friend wanted to listen <a href="http://www.pandora.com/">Pandora radio</a>.To make it happen I came across this link and it worked.<br /><br /><a href="http://www.how-to-hide-ip.info/2009/08/08/how-to-use-an-ip-from-a-specific-country-while-running-tor/">How To Use An IP From A Specific Country While Running Tor</a><br /><br />Also found some useful information. <br /><br /><a href="http://www.how-to-hide-ip.info/2009/02/10/pros-and-cons-of-using-tor/">Pros and Cons of using Tor</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4696655655122167049-1444393972857115536?l=infosecsage.blogspot.com' alt='' /></div>Shashankhttp://www.blogger.com/profile/01783352202320808541noreply@blogger.com0tag:blogger.com,1999:blog-4696655655122167049.post-19007544017539508302010-02-06T21:55:00.007+05:302010-02-06T22:41:40.135+05:30Tor is wonderful tool to visit the websites anonymously but what about scanning an IP anonymously.I found this useful tool called as <a href="http://proxychains.sourceforge.net">proxychains</a>.<br /><br />ProxyChains is a tool for TCP tunneling via HTTP/HTTPS and SOCKS4/SOCKS5 proxy servers. It allows to run SSH,VNC,FTP,TELNET or any other program from behind proxy server.<br /><br />1. To use it first download it from:<br /><br /><span style="font-size:10;"> <a href="http://proxychains.sourceforge.net/" target="_blank">http://proxychains.sourceforge.net</a></span><br /><br />2. Now we need to unpack ProxyChains:<br /><br />hacks# tar -xzvf proxychains-3.1.tar.gz<br /><br />You should see a directory named proxychain-3.1. Make this new directory your working directory and issue the following commands at your terminal:<br /><br />hacks/proxychains-3.1# ./configure<br />hacks/proxychains-3.1# make<br />hacks/proxychains-3.1# make install<br /><br /><br />3. Now, it is ready to use.<br /><br />hacks# proxychains nmap -sS 192.168.0.112<br /><br />Enjoy the anonymity.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4696655655122167049-1900754401753950830?l=infosecsage.blogspot.com' alt='' /></div>Shashankhttp://www.blogger.com/profile/01783352202320808541noreply@blogger.com0tag:blogger.com,1999:blog-4696655655122167049.post-85766230690308256222009-09-10T15:59:00.000+05:302009-09-10T17:12:02.478+05:30<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_ataXKuJ11t8/SqjlJD7vB2I/AAAAAAAABw8/3LnP8oIHja0/s1600-h/star.JPG"><img style="cursor: pointer; width: 320px; height: 187px;" src="http://2.bp.blogspot.com/_ataXKuJ11t8/SqjlJD7vB2I/AAAAAAAABw8/3LnP8oIHja0/s320/star.JPG" alt="" id="BLOGGER_PHOTO_ID_5379801698731493218" border="0" /></a><div style="text-align: justify;"><br />Recently I took the SANS STAR Comprehensive Packet Analysis Exam.This exam is basically targeted for Incident Response analysts, firewall and network administrators, analysts responsible for packet and network analysis and packet stream recovery. I am happy with scoring 100 p c. For the listing visit the link below.<br /></div><a href="http://www.giac.org/star/listings/Security/556"><br />http://www.giac.org/star/listings/Security/556</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4696655655122167049-8576623069030825622?l=infosecsage.blogspot.com' alt='' /></div>Shashankhttp://www.blogger.com/profile/01783352202320808541noreply@blogger.com1