The best anti-malware software out there…

October 2, 2008

Now that I have made such a bold statement, let me back off a little and admit that I don’t know what anti-malware software is the best.  What I do know is that we can actually leverage a behavior that a lot of malware exhibits. “What behavior is that?” you ask.  Well, I’ll tell you.

My primary machine at home, the one that has “important stuff” on it, is a virtual machine that runs on my main server.  What type of environment does more and more malware not run in? Yup, a virtual one.

So, there you go, install a lightweight Linux OS with a virtualization platform or something thing VMWare ESXi and then load your daily OS on top of that.  Wah la! Best anti-malware software == malware itself.

Of course, I am not saying you have nothing to worry about with type of configuration. There is a whole host (pun intended) of issues that need to be dealt with and, of course, not all malware is quite this accomodating.  But it did make me stop and go hmmm.

What do you think?

Kevin

Advertisements

OT: Workflow for Interesting Bits posts…

September 23, 2008

This weekend I decided I wanted a more automated way to publish my ‘Interesting Information Security Bits’ posts. To do that I decided I needed two things 1) a workflow process and 2) some tools to do the dirty work for me. So that is what I set out to setup. The rest of this post gives details of the work flow and the script that I came up with to create the posts.

Workflow

I decided to use Delicious to collect the things that I want to appear in the posts.  They were going to end up there anyway and an API exists to get at them in an automated fashion.  In order to be able to selectively get just the posts I wanted for a given day, I had to come up with a tagging scheme that would differentiate these bookmarks from any others I might save. I did this by tagging them by date, in YYYYMMDD format, and with ‘iisb.’  For this first iteration of the script, I am only using the date portion.  The iisb tag will be used later as I expand this effort.  So my workflow goes like this:

  1. Find interesting things (web, twitter, RSS,etc.)
  2. Bookmark them on Delicious.
  3. Run script once a day.
  4. Profit (not really)

A couple notes about how I bookmark things on Delicious.  I use the Firefox add-in for this.  It makes it so much easier.  When I bookmark something, I make sure to enter a description.  This becomes the text explaining why I think that particular item is interesting. Finally, I also tag the item with other tags.  These tags are for my personal use and also will be used in future expansions of the script.

Script

So, now I have a bunch of things that I believe are interesting that I want to tell all of you about.  Instead of having to spend a lot of time with a blog post editor, I simply login to my linux machine and execute

./dailypost.pl

Tada, magical blog post.

This script is written in perl because that’s the language I can churn things out quickly in at this time.  It uses several CPAN modules, but the most important ones are Net::Delicious and WordPress::XMLRPC. Why reinvent the wheel.  Eventually, the posting part will be automatic using cron, but I still have some things I want to do before I turn it loose.

For those interested in the guts of the script, here it is.  It consists of the dailypost.pl perl script and a config file.  Obviously, replace my comments below with your info if you want to try it.  I currently have it set to create the posts as drafts and I then go and publish them manually.  Again, this is because this is a pretty young process.

Config file (must be named dailypost.cfg and in the same directory as the script at this time)

[delicious]
  user="username"
  pswd="delicious password"
  count=100
[wordpress]
  prefix="What you want the opening to be."
  postfix="What you want the ending to be."
  category="Wordpress category"
  title="post title prefix. The date will be appended"
  publish=0
  username="username"
  password="wordpress password"
  xmlrpcurl="http://<your site>/xmlrpc.php"

Script.  (I apologize for the complete lack of comments. Quick and dirty was what I was after.)

#!/usr/bin/perl -CS

use Net::Delicious;
use WordPress::XMLRPC;
use Config::Simple;
use Log::Dispatch::Screen;
use Text::Unidecode;
use Date::Format;

my $config = new Config::Simple('dailypost.cfg');
my $description = '';
my $body = '';
my $postDate = time2str("%Y%m%d", time);

my $del = Net::Delicious->new($config);

my $o = WordPress::XMLRPC->new({
  username => $config->param("wordpress.username"),
  password => $config->param("wordpress.password"),
  proxy => $config->param("wordpress.xmlrpcurl"),
  blog_id => $config->param("wordpress.blog_id")
});

foreach my $p ($del->recent_posts({tag => "$postDate",
               count => $config->param("delicious.count")})) {
  $body .= "<li><a target='_blank' href='" . $p->href() .
               "'>" . unidecode($p->description) . "</a>\n" .
  unidecode($p->extended()) . "</li>\n";
}

$description = $config->param("wordpress.prefix") .
$body .
$config->param("wordpress.postfix");
$post->{categories} = [$config->param("wordpress.category")];
$post->{title} = $config->param("wordpress.title") .
                           time2str("%m/%d/%Y",time);
$post->{description} = $description;

$page_num = $o->newPost($post,$config->param("wordpress.publish"));

print $description . "\n";
print "page num = ", $page_num, "\n";

That’s basically it.  I’m happy to have discussion about this with anyone who has questions and feel free to take and use anything you want.  I am also happy to email the config file and script to anyone who wants it.  Just drop me a note a kriggins _at_ infosecramblings.com.

Kevin


Backtrack 3 How-to updated…

September 16, 2008

Well folks, I made a rather stupid mistake in my Backtrack 3 how-to.  Instead of writing “>>” to append information to a file, I wrote “>” which overwrites the file.

Bad things happen when you overwrite the /etc/ld.so.conf file.

Thank you very much to David who left a comment pointing out my mistake.  The how-to has been updated.

Kevin


Hacker conference media archive finds a new home…

September 15, 2008

National Archives

Secyurity4all has previously mentioned that the hacker conference media archive has been looking for a new home.  He wrote yesterday that, thankfully, one has now been found.  You can find archived audio and video of presentations from conferences like Blackhat, Defcon, Hope and others at http://avondale.good.net/dl/bd/ now.

Kevin

Technorati Tags:


Backtrack/Nessus/Persistent Changes goodness…

September 7, 2008

Hi everybody,

Some of you know that I have been working on a document that describes how to  build a bootable USB thumbdrive with Backtrack 3, persistent changes, Nessus, Firefox 3 and Fyodor’s Blackhat 2008 nmap on it.

Well, it is ready for real world testing 🙂  I have tested it to make sure it isn’t a complete waste of your time, but no warranties or guarantees are granted or implied 🙂

Now, please feel free to send comments or suggestions to me at kriggins [at] infosecramblings.com or just leave a note on either the how-to page or this post.

If you look in the header of this page you will see a tab titled “Backtrack 3 – USB/Persistent Changes/Nessus/Firefox 3/BH08 Nmap”.  That is where the how-to is going to live. Direct link below.

Backtrack 3 – USB/Persistent Changes/Nessus/Firefox 3/BH08 Nmap

Good luck and have fun.

Kevin


How to become a hacker…

May 16, 2008

You may have all seen this already, but I just came across it. It’s been around for a while, but I thought it was interesting. How to Become a Hacker by Eric Steven Raymond.


Protecting against reverse shell wickedness…

April 21, 2008

In this post, I referenced a very interesting article over at Neohapsis about easily setting up a reverse shell using just the bash shell. Well there is a new post up which talks about the flip side of the equation; How to stop reverse shells.

Like the first post, this one is also a good read.