New Version of Duqu Found

On Tuesday, Symantec reported on their blog that they have found yet another variant of Stuxnet’s relative “Duqu”. Symantec lists 15 variants in their Duqu Whitepaper(PDF). This version is different as it uses a new infection technique. It installs via a loader file that executes on reboot. The loader file then decrypts and installs the remaining Duqu code from the hard drive.

With a compile date of February 23, 2012, it seems that the Stuxnet creators are still alive and well.

Security Onion Article Featured in Hakin9 Magazine

The latest Hakin9 Exploiting Software issue is out!

This month’s issue features my article on “Easy Network Security Monitoring with Security Onion“:

Hackers and the malware that they create are getting much better at evading anti-virus programs and firewalls. So how do you detect or even defend against these advanced threats? Intrusion Detection Systems monitor and analyze your network traffic for malicious threats. The problem is that they can be very difficult to configure and time consuming to install. Some take hours, days or even weeks to setup properly. The Security Onion IDS and Network Security Monitoring system changes all of that. Do you have 10 minutes? That is about how long it takes to setup and configure Security Onion – a Linux Security Distribution based on the Ubuntu (Xubuntu 10.04 actually) operating system.

And Craig Wright continues his series on creating shell code with this month’s article, “Understanding conditionals in shellcode“:

This article is going to follow from previous articles as well as going into some of the fundamentals that you will need in order to understand the shellcode creation process. In this article, we are looking at extending our knowledge of assembly and shellcoding. This is a precursor to the actual injection and hooking process to follow. You will investigate how you can determine code loops, the uses of loops as well as acting as an introduction into how you can reverse engineer assembly or shellcode into a higher level language and even pseudo-code, all of which forms an essential component of creating and executing one’s own exploit successfully. By gaining a deep understanding just how code works and to know where to find the fundamentals shellcode programming language we hope to take the reader from a novice to being able to create and deploy their own shellcode and exploits.

Also in this issue:

  • Creating a Fake Wi-Fi Hotspot to Capture Connected Users Information
  • Accurate Time Synchronization with NTP. Hardening your Cisco IOS Device
  • Penetration Testing Methodology in Japanese Company

Check it out!

Israel’s Iron Dome Automatically Intercepts Incoming Gaza Rockets

Great video of Israel’s new “Iron Dome” system intercepting an incoming rocket fired from Gaza. Israel’s three portable anti-rocket batteries have been very busy indeed the last few days as they have intercepted about 170 inbound rockets that targeted Israeli cities. So far the Iron Dome’s successful intercept rate is above 90%, and no Israeli civilians have been killed.

With the threat of a nuclear Iran and constant rocket attacks, it is more important now than ever to pray for the peace of Jerusalem.

Psalm 122:6 – “Pray for the peace of Jerusalem: they shall prosper that love you.