With more and more high profile attacks, and rising customer expectations with regards to their privacy, Information Security studies, in various formats, are becoming a very lucrative field these days. For those of us already working in the field it may seem as either a good development, bringing in fresh blood into the system, or as a bad one with the field overcrowding with so called “experts” with a shinier diploma but zero experience.
There is one aspect however that I think most of us can agree on: too many courses are either just bad. There may be many reasons for that but I want to focus on one that I find is the most common – Teaching too much stuff in too little time. Continue reading
As I have explained earlier, I’ve had to write a crude password stealer as part of an information security course.
The right approach was to write the entire thing by myself, with the hash dump and smtp login coupled within my program. This however would take quite a lot of time, and between work and studies and my life, I was not in the right mood to write this myself. Thus, I’ve found myself looking at available tools of the trade and how to use them.
I decided to do it with two very simple command line tools, one being PwDump, a program that simply dumps your windows pass hashes. The other being blat, which despite it’s funny name (to us Russian speakers) is a very useful tool – It allows you to send files from the CLI via smtp. If you don’t see why you would need it, clearly you’ve never worked as a system administrator.
As part of the information security course I’m taking in college I’ve had to steal a user’s OS password and mail it to me.
I’ve decided not to write much code of my own and rather used pwdump to generate a password dump, and then blat to mail it to myself.
I wrote an app that lunches in a hidden console window, then downloads the main stealer app that in turn downloads pwdump and blat and then runs them in succession.
The dropper file then deletes all files generated.
In order to hide my app, I’ve injected it with inpect into a mahjong game installer. I’ve not implemented any type of fuzzing to avoid AV as it was not in our scope. But it wouldn’t have been hard.
The file to download is part of this post, but is password protected. I will post sources in a later post.
I’ve delivered a talk on DC9723 on the subject of “Automatic Anomaly Detection”.
Attached are the presentation slides of the talk.
I hope you find this presentation informative.
It’s been a busy week here in Israel. With security “experts” spreading FUD about the the coming infocalypse, management types all around the country entered a national state of panic. So after all this is over, it’s time to look back at what we had and what we can learn from this.
Prelude to the storm
For weeks prior to April 7th, various (mostly Arab/Muslim) “hacking groups” have been threatening to “Wipe Israel from the Internet” – why anyone thought this is even possible still remains a mystery, with Israeli ISP bandwidth in the Tbps range, at least an order of magnitude more than even the largest DDoS volumes to date.
All that didn’t matter to security experts, who were quick to warn of anything between critical infrastructure failing to internet being slow, and the mass media that devoted and incredible amount of attention to the issue. One “security company” even suggested users uninstall their browser on April 6th and re-install on April 8th, a suggestion that in my opinion earns them a triple face-palm. Continue reading