Thursday, July 31, 2008

Am I really fit to that_great_school

Response from one prof that I emailed:

I am no longer taking PhD students in the area of security. My suggestion is
that you apply to Purdue, Dartmouth, George Mason, Johns Hopkins.

Best wishes on your education.

Oh boy!
Coming soon

Thank you very much for interest in our program.
congratulation , your paper entitled:

1. Effective Malware Analysis with Nepenthes

has been accepted and approved by our committee to present for our

as for the presentations , shall you have any
notes/handouts(ie:power point slides) to be distributed, please submit to
us at least a day before the actual presentation day for preparation.

to remind you, the fee for each paper is RM650.00 payable on the
registration day.

thank you very much and congratulation again


MyEduSec 2008
Striving Towards Secured Information

Wednesday, July 30, 2008

KDE revisited

I just went through bulks of my previous papers and what not and I found my previous writings on KDE localization, and presentation slides. I edited few old stuffs (such as email, because it was not being used anymore.. and also updated the blog address). The rest just remain, including my English level at that time.

If you have time to read, or simply just want to read it then you refer here:

KDE to Malay report [pdf]

KDE to Malay presentation [converted to pdf]

Monday, July 28, 2008

Libang-libu (the lemma of choices)

Don't ask me what it meant, it just words that I think it fun to put as my topic today.

I am pretty much snowed under with tremendous workload ... teaching 3 sections with ~120 students, meetings, seminars in the workplace.. and what not. Alas, I'm not forgetting my pursuit for Phd ... despite I'm worrying whether I'm on par with the rest of the CS scientist (wannabe).

Thinking about go to States, looking that_many people from Asia going there, and lotsof them even become the faculty members. Not I'm thinking to become like them(though I admit it is kinda pride working as a faculty member in a place where CS was borned). Now that one thing I don't really like about applying to States is that you_have_to_spend_USDs_for_just_applying.

Unlike applying for .AU, where you just simply go to IDP, and send your letters, etc and *they will take care most of the stuffs for you for FREE*...

If I'm applying for States, means I've to sit down for GRE... and I spend some times to surf to CS dept's overview/requirement... it's very comprehensive in a sense it carefully tells you what to do, what to expect etc. Some CS schools mentioned that if the applicants have deficiencies in some subject, the candidate can take the undergrads subject there... this is awesome. But of course if applying for good school, why they should care teaching more loads if they can have off the shelf, ready to go candidate?

Thursday, July 24, 2008

Tuesday, July 22, 2008

API Hooking

Ok, I admit it. I stumbled to these words once I read literatures on CWSandbox from Mannheim. Since in Nepenthes we can simply send the newly fetched binaries to the sandboxes, I was like triggered to know what was executed behind them.

The method being called as API hooking. The other similar solution being used by Joebox, developed by postgrad student from Switzerland.

Anubis from Vienna in the other way around use QEMU ... but if you google around you will see there is one paper written by Symantec researcher refuting on the usage of virtual machines.

Since I got this tiny meenie D430 Lattitude now I always "read" downloaded PDF files while I rest on the sofa, or simply on the floor back home.

Usually I checked for Mannheim PDF reports... seems they actively put their research works for e.g in the recent DIMVA 2008 . Apart from that UC Davis, or some other institution which have works on botnet/malware countermeasure, honeypot/net, security visualization (just recently since Bro Adli point it out) .. etc.

I'm hardly to understand cryptographic stuffs due to several reasons..though I already took it once. It seems very theoretical which some other geeks might find that interesting, but not me. Usually I'll focus on the application part... but of course who knows I'll find the love on cryptography soon.

Monday, July 21, 2008

Interesting Computer/Network Security Paper Links

Usually I just marked by FF bookmark, or just tag with Delicious add on. Now I think I want you guys to read this and comment them out. A lot, by Dawn Song of Berkeley.

click here

Friday, July 18, 2008

Afterglow visual from Amun sensor

Splendid, awesome.. whatever....!




Thursday, July 17, 2008

Lynis rootkit detector

I just tried Lynis, a pretty cool tool developed by a Netherlands security evangelist. Nice ...

The checking is pretty thorough.. I think neater compared to rkhunter and chkrootkit.

Tuesday, July 15, 2008

From Aachen to Mannheim

Well, it seems the Germanians did pretty good job on the lightweight honeypot. I just stumbled to the Thorltz's blog, and it seems that I missed something. Yet another honeypot.. amun!

Download here

Written in Python, I just got it work in seconds, prior to that you've to install python-psycho module.

See, the verbose output:

.::[Amun - Decoder] compiling siegburg xor decoder ::.
.::[Amun - Decoder] compiling plain1 shellcode ::.
.::[Amun - Decoder] compiling plain2 shellcode ::.
.::[Amun - Main] ready for evil orders: ::.

Among the services (mixed with my valid ssh service)

21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
42/tcp open nameserver
105/tcp open csnet-ns
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
554/tcp open rtsp
587/tcp open submission
617/tcp open sco-dtmgr
623/tcp open unknown
631/tcp open ipp
1023/tcp open netvenuechat
1025/tcp open NFS-or-IIS
1521/tcp open oracle
1533/tcp open virtual-places
1900/tcp open UPnP
2105/tcp open eklogin
3268/tcp open globalcatLDAP
3306/tcp open mysql
3372/tcp open msdtc
5000/tcp open UPnP
5432/tcp open postgres
5900/tcp open vnc
6101/tcp open VeritasBackupExec
7100/tcp open font-service
8080/tcp open http-proxy
8118/tcp open privoxy
9050/tcp open tor-socksport
9999/tcp open abyss

All the best, luring malware ;-)

Friday, July 04, 2008

It's so 2000

I bought my first very own desktop PC when I was in my undergrad.. this machine.. still rock on.. doing some funny stuffs. Now part of it already being replaced... new CPU.. new graphic card.. new AC device(I replaced them twice, of course since they're broke already).. and new motherboard(not so new.. I guess it's around 2004). Perhaps the only artifact if I can call them are my Philips 15" monitor and the Low Yat rock solid casing (perhaps, legacy serie).

Well, the other part is my laptop.. that's the other new machine.. just 2 years back(almost) and at that time it wasn't el cheapo you know.. RM4,399 (this including the Shell's Petrol Card cost around RM300 voucher). So it's around RM4,100 (USD1500). Not so cheap at that time as well. The stressed part nowadays with the less costs I can get dual core machine.. LoL.

This old machine now running the Nepenthes sensor.. emulating few virtual nodes.

Next part is my D-Link 5 ports Ethernet switch.. well this gizmo being bought simply because I want to wire more machine (most of the time I do not prefer wireless, since it's always disconnected).

Wednesday, July 02, 2008

Phd Phone Interview

I was interviewed by Dr Maria Papadaki from Plymouth Univ, UK regarding my Phd application. There were several Malaysians, and my officemate is doing her research phd there as well.

It took for about 45 minutes to discuss things related to the research, the process, funding etc. At first I forgot that UK is included in country which uses DST for their time. Somehow the discussion was OK, but of course given the communication distance, there was jitters.

Reminded me to Maxis's ad where people only yelled GOAL after a shortwhile. Same goes .

Hopefully I'll get conditional offer, prior to taking IELTS. Now that I can't confirmed the place, there's possibility of going places taking GRE/TOEFL, though it's tough.

Are you the like of taking *hard* problem as breakfast?