Thursday, May 27, 2010

SURFIDS

I read about SURFIds long, long time ago but never actually tried it. Today I managed to download the demo image which basically a Debian image, 500MB+ file.

Here goes. I open up the file using first, Virtualbox (but since I do not know how to redirect the web server to the host browser, I simply use QEMU since I got the experience of redirecting the TCP connection on QEMU).

Wednesday, May 26, 2010

Malaysian Open Source Conference 2010 (MOSC 2010)

My talk has been accepted by MOSC 2010, entitled "Internet Malicious Miscreant. This annual event will be held in Berjaya Times Square, Kuala Lumpur, Malaysia from 29th June until 1st July 2010. At first I was very reluctant to participate as a speaker since for security domain, there are many people out there who are actually working for their bread and butter for this. Anyway, since not to disappoint Fazli, I'll give what I've done throughout these years.

Seems from the list of speakers, some of them are international speakers, so don't miss the chance to attend this talk!

Register here, discounts waiting for the early birds!

Friday, May 21, 2010

SQLite and Dionaea


Markus shared that in order to use SQLite which manipulates loqsql.sqlite in the default /opt/dionaea/var/dionaea/logsql.sqlite, sqlite3 should be used. Also instead of using the creepy SQLite statement, use sqlman instead as follows:


also, since Markus already upgraded the Dionaea code, you don't need to use XMPP client either PSI or Pidgin based, instead just invoke  /opt/dionaea/bin/dionaea -l all,-debug -L 'logxmpp'

Thursday, May 20, 2010

Psi and Pidgin with Dionaea Honeypot (XMPP support)



Monday, May 17, 2010

XOR Problem

Recently I offered to the members of mypenguin99, to get my encrypted with XOR file decrypted. (I was using xor-analyze, and never mentioned the keylength, and the tool that I chose to encrypt). Bro Bahathir unsurprisingly  managed to solve the problem in no time (yeah, need some time to google and decrypt). In this case we need a collision from a dictionary of widely used words, so that the real message can be guessed. 

Although XOR considered a primitive cryptography, it is being used by malware writers to encrypt part of their payloads, as being written here

Thursday, May 13, 2010

Dionaea with XMPP

I was actually wonder why Nepenthes sensors and Dionaea did not catch any malware since 8th April. It's more than a month now. So I decided to look to the other way despite looking at the empty, boring folder.

But I'm not sure whether my config is correct, although I guess I already able to login.


You might also want to use XML Console within Psi

Tuesday, May 11, 2010

Books: Computer Worms by Jose Nazario
I borrowed a book from my employer's resource center and this book seems seminal for a malicious code research, especially on computer worms.

A security professional educated in Biochemistry (PhD), Jose Nazario who is currently working with Arbor Networks needs no introduction. Worth to read, although it was published in 2003.

Thursday, May 06, 2010


I bought several books for my study literature, one of them is
"Botnets, The Killer Web App" which covers the technical parts of botnet. At first I doubt the book actually cover the common botnet that people talk about, but after I read the book, yes sure it is. I suggest the word "killer web app" to be phased off, since it is not always dealing with Web... port 6667 isn't Web, port 80 and 443 always Web.

Virtual Honeypots: From Botnet Tracking to Intrusion DetectionPrior to that I already got Provos and Holz's
Virtual Honeypot's book. This is also a technical book, finely grained covered on howtos of the honeypot including the popular Nepenthes (although now it's already dead, succeeded by Dionaea).