Hack In The Box (hitb) Magazine - Vol 1 Issue 3 - Jul 2010

Preparing link to download Please wait... Download


E-Book Content

Volume 1, Issue 3, July 2010 www.hackinthebox.org Chinese Malware Factory 24 Url Shorteners Made My Day! 68 Cover Story Using Kojonet Open Source Low Interaction Honeypot 4 Advertisement Editorial Volume 1, Issue 3, July 2010 Dear Reader, Welcome to Issue 003 of the HITB Magazine! We’re really super excited about the release of this issue as it coincides with our first ever HITB security conference in Europe HITBSecConf2010 - Amsterdam! The design team has come up with (what we feel) is an even better and more refined layout and our magazine now has its own site! You’ll now find all the past and current issues of the magazine for download at http://magazine.hitb.org or http://magazine. hackinthebox.org/. Also in conjunction with our first European event, we have lined up an interview with Dutch master lock picker and founder of The Open Organization of Lock Pickers (TOOOL) Barry Wels. We hope you enjoy the issue and do stay tuned for Issue 004 which we’ll be releasing in October at HITBSecConf2010 Malaysia. In addition to the electronic release, we’re hoping to have a very ‘limited edition’ print issue exclusively for attendees of HITBSecConf2010 - Malaysia! Enjoy the summer and see you in October! Contents Dhillon Andrew Kannabhiran Editorial Advisor [email protected] Editor-in-Chief Zarul Shahrin Editorial Advisor Dhillon Andrew Kannabhiran Technical Advisor Gynvael Coldwind Design Shamik Kundu Website Bina Hack in The Box – Keeping Knowledge Free http://www.hackinthebox.org http://forum.hackinthebox.org http://conference.hackinthebox.org Non-Invasive Invasion Using Kojonet Open Source Low Making the Process Come to You 48 Interaction Honeypot 4 IAT and VMT Hooking Techniques 62 A Brief Overview on Satellite Hacking 16 web Security URL Shorteners Made My Day! 68 Malware Analysis Chinese Malware Factory 24 book review ModSecurity Handbook 76 Windows Security Reserve Objects in Windows 7 34 interview Barry Wels 78 application Security Javascript Exploits with Forced Timeouts 42 information security COVER STORY information security Using Kojonet Open Source Low Interaction Honeypot to Develop Defensive Strategies and Fingerprint Post Compromise Attacker Behavior By Justin C. Klein Keane, [email protected] In attempting to defend against intruders and protect assets using defense in depth principle it is critical to not only understand attacker motivations, but also to be able to identify post-compromise behavior. Utilizing data that identifies attacker trends it may be possible to prevent compromises. Furthermore, information about resource usage and patterns may allow system administrators to identify anomalous activity in order to detect compromises shortly after they occur. 4 HITB Magazine I july 2010 july 2010 I HITB