Volume 1, Issue 3, July 2010 www.hackinthebox.org
Chinese
Malware Factory 24
Url Shorteners
Made My Day! 68 Cover Story
Using Kojonet Open Source Low Interaction Honeypot 4
Advertisement
Editorial
Volume 1, Issue 3, July 2010
Dear Reader, Welcome to Issue 003 of the HITB Magazine! We’re really super excited about the release of this issue as it coincides with our first ever HITB security conference in Europe HITBSecConf2010 - Amsterdam! The design team has come up with (what we feel) is an even better and more refined layout and our magazine now has its own site! You’ll now find all the past and current issues of the magazine for download at http://magazine.hitb.org or http://magazine. hackinthebox.org/. Also in conjunction with our first European event, we have lined up an interview with Dutch master lock picker and founder of The Open Organization of Lock Pickers (TOOOL) Barry Wels. We hope you enjoy the issue and do stay tuned for Issue 004 which we’ll be releasing in October at HITBSecConf2010 Malaysia. In addition to the electronic release, we’re hoping to have a very ‘limited edition’ print issue exclusively for attendees of HITBSecConf2010 - Malaysia! Enjoy the summer and see you in October!
Contents
Dhillon Andrew Kannabhiran Editorial Advisor
[email protected]
Editor-in-Chief Zarul Shahrin Editorial Advisor Dhillon Andrew Kannabhiran Technical Advisor Gynvael Coldwind Design Shamik Kundu Website Bina Hack in The Box – Keeping Knowledge Free http://www.hackinthebox.org http://forum.hackinthebox.org http://conference.hackinthebox.org
Non-Invasive Invasion Using Kojonet Open Source Low Making the Process Come to You 48 Interaction Honeypot 4 IAT and VMT Hooking Techniques 62 A Brief Overview on Satellite Hacking 16 web Security URL Shorteners Made My Day! 68 Malware Analysis Chinese Malware Factory 24 book review ModSecurity Handbook 76 Windows Security Reserve Objects in Windows 7 34 interview Barry Wels 78 application Security Javascript Exploits with Forced Timeouts 42 information security COVER STORY
information security
Using Kojonet Open Source Low Interaction Honeypot to Develop Defensive Strategies and Fingerprint Post Compromise Attacker Behavior By Justin C. Klein Keane,
[email protected] In attempting to defend against intruders and protect assets using defense in depth principle it is critical to not only understand attacker motivations, but also to be able to identify post-compromise behavior. Utilizing data that identifies attacker trends it may be possible to prevent compromises. Furthermore, information about resource usage and patterns may allow system administrators to identify anomalous activity in order to detect compromises shortly after they occur. 4 HITB Magazine I july 2010
july 2010 I HITB