The April issue of Hakin9 Mobile Security is out. This month’s magazine features the article “Cisco IOS Rootkits and Malware: A practical guide” by Jason Nehrboss:
Propagating the worm code into a new router can either be quite easy, difficult, or impossible. There are many variations of supported IOS code and hardware platforms. The author discusses the use of and demonstrates an IOS Embedded Event Manager rootkit and worm. When a router is infected it can be leveraged into a powerful malware platform. Capabilities demonstrated are network packet captures, reverse shell connections, a spam module, and a mini malware httpd server leveraged with ip address hijacking. In this article you will learn how to exploit critical network devices, network traffic traversing these devices and act as a launch point for further attacks into a network You will also learn about a self replicating IOS worm with stealth features and self defense mechanisms, all with platform independent code.
Also in this issue Craig Wright continues his excellent series on exploit creation. This month’s article is entitled, “Taking control, Functions to DLL injection“:
DLL injection is one of the most common methods used by malware such as a rootkit to load it into the host’s privileged processes. Once injected, code can be inserted into functions being transmitted between the compromised code and a library function. This step is frequently followed with API hooking where the malicious code is used to vary the library function calls and returns. This article is part of a monthly series designed to take the reader from a novice to being able to create and deploy their own shellcode and exploits. With this knowledge, you will learn just how easy it is for sophisticated attackers to create code that can bypass many security tools. More, armed with this knowledge you will have the ability to reverse engineer attack code and even malware allowing you to determine what the attacker was intending to launch against your system.
Other articles include:
- Deceiving Networks Defenses with Nmap Camouflaged Scanning By Roberto Saia
- Exploiting Software By Swetha Dabbara
- Cross Site Request Forgery – Session Riding By Miroslav Ludvik and Michal Srnec
- Data Logging with Syslog: A troubleshooting and auditing mechanism By Abdy Martinez
- Social Engineering – New Era of Corporate Espionage By Amar Suhas
Check it out!
The latest Hakin9 Exploiting Software issue is out!
This month’s issue features my article on “Easy Network Security Monitoring with Security Onion“:
Hackers and the malware that they create are getting much better at evading anti-virus programs and firewalls. So how do you detect or even defend against these advanced threats? Intrusion Detection Systems monitor and analyze your network traffic for malicious threats. The problem is that they can be very difficult to configure and time consuming to install. Some take hours, days or even weeks to setup properly. The Security Onion IDS and Network Security Monitoring system changes all of that. Do you have 10 minutes? That is about how long it takes to setup and configure Security Onion – a Linux Security Distribution based on the Ubuntu (Xubuntu 10.04 actually) operating system.
And Craig Wright continues his series on creating shell code with this month’s article, “Understanding conditionals in shellcode“:
This article is going to follow from previous articles as well as going into some of the fundamentals that you will need in order to understand the shellcode creation process. In this article, we are looking at extending our knowledge of assembly and shellcoding. This is a precursor to the actual injection and hooking process to follow. You will investigate how you can determine code loops, the uses of loops as well as acting as an introduction into how you can reverse engineer assembly or shellcode into a higher level language and even pseudo-code, all of which forms an essential component of creating and executing one’s own exploit successfully. By gaining a deep understanding just how code works and to know where to find the fundamentals shellcode programming language we hope to take the reader from a novice to being able to create and deploy their own shellcode and exploits.
Also in this issue:
- Creating a Fake Wi-Fi Hotspot to Capture Connected Users Information
- Accurate Time Synchronization with NTP. Hardening your Cisco IOS Device
- Penetration Testing Methodology in Japanese Company
Check it out!
The March issue of Hakin9 Mobile Security is out. This month’s magazine features an interview with Dr. Arun Sood by Zsolt Nemeth and Jeffrey Smith.
Dr. Arun Sood is Professor of Computer Science in the Department of Computer Science, and Co-Director of the International Cyber Center at George Mason University, Fairfax, VA. His research interests are in security architectures; image and multimedia computing; performance modeling and evaluation; simulation, modeling, and optimization.
He and his team of faculty and students have developed a new approach to server security, called Self Cleansing Intrusion Tolerance (SCIT). We convert static servers into dynamic servers and reduce the exposure of the servers, while maintaining uninterrupted service.
This research has been supported by US Army, NIST through the Critical Infrastructure Program, SUN, Lockheed Martin, Commonwealth of Virgina CTRF (in partnership with Northrop Grumman). Recently SCIT technology was winner of the Global Security Challenge (GSC) sponsored Securities Technologies for Tomorrow Challenge. Dr Sood leads a university spin-off called SCIT Labs Inc, which is commercializing SCIT technology under license from GMU.
Also in this issue is an article on “Android Mobile Security” by Vinay Gayakwad:
Android’s profound impact on the mobile market has made it a prime target for criminals. And the operating system, which powers over half of the 60.5 million smart phones sold worldwide in the third quarter of 2011, is less safe than its rivals. Juniper Networks’ Malicious Mobile Threats Report shows that Android malware instances increased by 400% between 2009 and 2010, while other platforms remained relatively secure, due mainly to fewer cybercriminals trying to break through their defenses, and in some cases, to stronger security features.
Other articles include:
- Mobile Device Security by Prashant Verma
- Virtualization Security by Amar Wakharkar
- Interview with Scott Gordon by Aby Rao
- Android Mobile Security by Vinay Gayakwad
- The Ultimate Hat Trick that Worked over the Last Couple of Thousand Years by Zsolt Nemeth
Check it out!