memory of nobody

Posts

Showing posts from June, 2008

Reply for previous Purdue/CERIAS admission's pos taken from here Since the commenter using blogger's profile but I can't access his blog, this Prof might suits the profile > here What an honour to have his visit to my lair here.. anyway this were his words: All students are charged an application fee to help cover processing costs. As it is, there are many thousands of applications to the university each year. Applications for grad programs at Purdue are considered by committees of faculty. They look at issues such as transcripts of grades, quality of undergrad program, the student essays, and especially the recommendations. Scores on tests are examined -- especially TOEFL -- and some departments look at GRE scores. The admissions committee picks the students who the committee believes will do well in the program. If there are more qualified candidates than there are positions in the incoming class, then the students are ranked by the committee and the top ones taken to ...

hmm... in my dreamm..! The admission committee makes the decision in October for spring admission and in January for fall admission for applicants who have submitted their applicaiton. You must decide on your own whetherto apply or not. Make sure you met the admission requirements listed here : Regards, R ---------------------------------------- R Department of Computer Science Lawson Computer Science Building Room 1137 B Purdue University 305 North University Street West Lafayette, IN 47907-2107 USA Phone: (765)494-xxxx Fax: (765)494-xxxx E-mail: xxx@cs.purdue.edu www.cs.purdue.edu/academic_programs/graduate -----Original Message----- From: me Sent: Wednesday, June 25, 2008 6:25 AM To: R Subject: Re: Phd in CS/Cerias Hello, I would like to know how do you select the students, since I've to pay USD55 for the application-so I've to be sure that chances probability to get in. I ask this since CERIAS did not require GRE results for admission, but it seems that the it received qu...

[nepenthes] Using Anubis Python script We can use this python script to automate/mocking the automated submission triggered by Nepenthes... root@nuvox:~/binaries# ./submit_to_anubis.py * -e mailaku @ gmail.com Successfully submitted the sample. Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid =f474d3ae50475c6451031f37d2d283fd Successfully submitted the sample. Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid =357c926ee5bfeb6471185f4fb403b55c Successfully submitted the sample. Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid =0c75b6d90af30124155cf3c69cce504b Could not submit the sample. Successfully submitted the sample. Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid =fd7ca9e064aef6d499121a4956a2d9fa Could not submit the sample. Could not submit the sample. Successfully submitted the sample. Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid =639c...

[nepenthes] Screen shot of hex dumps

[nepenthes] Emulating physical nodes Since the higher number of sensor we get, the huge coverage of outbreak we can cover, so I opt to choose the Neil's and his pal way of doing things: for i in `seq 230 254`;do ip addr add X.X.X.$i/24 brd + dev eth0;done This of course just cover the range of X.X.X.230 until X.X.X.254 . Still finding method to simulate say 10,000 nodes since IPv6 address will be fine. Nobody really use ipv6 here, I guess. Run, ip add show You should see things similar like this: 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 inet X.X.X.139/24 brd X.X.X.255 scope global eth0 inet X.X.X.230/24 brd X.X.X.255 scope global secondary eth0 inet X.X.X.231/24 brd X.X.X.255 scope global secondary eth0 inet X.X.X.232/24 brd X.X.X.255 scope global secondary eth...

[darknet-cymru] meet ryan conolly I volunteering myself in any way for Cymru's Darknet Project . Actually before I attended Ryan's talk in Westin Hotel Imbi, I already read about the Cymru, IMS and CAIDA stuffs but hardly to get the picture. Now that since Ryan replying my emails and why not for a meetup. So I asked Sharuzzaman to accompany me and we met just 11am this morning. Wow, it lasts around 3 hours, as if there was a business negotiation (laugh). Ryan nicely shared his experiences and darknet's implementation stuffs. So I offered him whether it's possible for educational JV and why not for a "academic" talk on Darknet/security advosaries stuffs. Hope you'll arrive here in Gombak, I'll arrange a slot for, if possible. Students would be happy then. Script to create and resize to 640x480 resolution that I used for pix above: for i in *.jpg;do convert -size 640x480 -font helvetica -fill white -pointsize 16 -draw 'text 10,550 "Meeting with...

[clamav] submission added source Submission-ID: 3571791 Sender: me Added: Trojan.Kolabc.BFY Virus name alias: Net-Worm.Win32.Kolabc.bfy (Kaspersky AVP)

[clamav] Submission not added source Erk.. somebody else already made it. Submission-ID: 3026528 Sender: me Submission notes: Already detected as Worm.Kolab-284 Added: No Virus name alias: Net-Worm.Win32.Kolabc.sd (Kaspersky AVP), Trojan.Packed.470 (Drweb), Packer.XComp.A (Bitdefender)

[nepenthes] New binary notification Description Risk Autostart capabilities : This executable registers processes to be executed at system start. This could result in unwanted actions to be performed automatically. Changes security settings of Internet Explorer : This system alteration could seriously affect safety surfing the World Wide Web. Joins IRC Network : The executable connects to an IRC network, most probably functioning as a zombie in a botnet. Performs Address Scan : The executable scans a range of IP Addresses. In most cases these scans identify more potential vulnerable targets. The analysis of your file is finished. You can find your report at http://analysis.seclab.tuwien ....

[CWsandbox-mannheim and nepenthes] Just this morning I was being alerted by the email sent by CWsandbox-mannheim. At last I received analysis email from them. It seems that one of these malwares which they analyzed considered *known* already since I already sent the binary manually to ClamAV: click here analysis details for Sdbot-8639 analysis from different AV vendors

[clam-av and nepenthes] Sharuzzaman mentioned to me that instead of using virustotal, we can help clam-av (which however given on Windows, I prefer to use AVG since Clam-av definition considered pretty much obselete), to update clam-av's virus definition. However, if you refer to my previous post, AVG on Linux detect less malware compared to Clam-av. This is awesome! Means that, the new malware that I got from the junkyard in /var/lib/nepenthes, given it was/*they were* signaled by Clam-av as "OK" I must send them straight away. (Well, if you have spare time. Consider this as your social community service ;) ). Though the submission per person restricted only up to TWO files only, you can manually email the personnel to send more than that. Interested to help? Send using this form Sample submission report (both malware accepted), click here Submission-ID: 3434478 Sender: nama aku Added: Trojan.SdBot-8639 Virus name alias: Net-Worm.Win32.Kolabc.aws (Kaspersky AVP), Packer....

[nepenthes] scanning with AVG root@nuvox:/var/lib/nepenthes/binaries# ls -l total 280 -rw-r--r-- 1 nepenthes nepenthes 41928 2008-06-09 07:43 0c6734accaf1d500a388f690a1ef3a76 -rw-r--r-- 1 nepenthes nepenthes 41928 2008-06-05 20:16 381dd5ff2ef3993bd92923626ee7948a -rw-r--r-- 1 nepenthes nepenthes 51664 2008-06-04 14:03 3d39a29913a2fe54009d491b89b01ab4 -rw-r--r-- 1 nepenthes nepenthes 41936 2008-06-03 11:04 8e072862754ef6e80831d2fd50376b43 -rw-r--r-- 1 nepenthes nepenthes 41928 2008-06-02 16:38 ba106399aad8b515319f52fac4794a73 -rw-r--r-- 1 nepenthes nepenthes 51664 2008-06-02 16:00 c2f699282a7a16ecf554cfbaa2724204 root@nuvox:/var/lib/nepenthes/binaries# avgscan * AVG7 Anti-Virus command line scanner Copyright (c) 2007 GRISOFT, s.r.o. Program version 7.5.51, engine 442 Virus Database: Version 270.0.0/1491 2008-06-09 License type is TRIAL for WORKSTATION. Number of days to expiration: 30 3d39a29913a2fe54009d491b89b01ab4 Virus found Win32/Virut c2f699282a7a16ecf554cfbaa2724204 Virus foun...

[nepenthes] New malware coming in I just wondering why my ClamAV did not detect the fetched malware as "malware", instead just OK. But then since nepenthes already classified it as "suspicious binary".. and why would a binary being sent to my honeypot anyway? I also create a cron job to ensure that ClamAV updates its definition, sixth times per day. This is the first time I was being alerted by the malware submission after I enabled the submit_norman.so line. my very own 1st automated malware submission The other links was being redirected to joebox.. it just shows this stuffs along with the zip file contains reports of the analyzed malware: The attached zip document contains all kind of behaviour information which Joebox has detected. Please note that Joebox currently only analyse file system, registry system and process system behaviour. Analysis information about network, services and thread activities will be added in the next months. The analysis machine which ...

[nepenthes] submit_norman.conf config file This was sent by Lucas submit-norman { // this is the address where norman sandbox reports will be sent email "email_aku gmail.com"; urls ("http://onlineanalyzer.norman.com/nepenthes_upload.php", "http://luigi.informatik.uni-mannheim.de/submit.php?action=verify", "http://147.86.135.178/joeboxservlet/submit", "http://anubis.iseclab.org/nepenthes_action.php"); };

[Nepenthes] GOT CHA! Living in protected LAN.. I thought I am pretty safe.. not so! I rarely checked my nepenthes /var/lib until today.. after I upgraded my Ubuntu Gutsy to Hordy... wooow... root@nuvox:/var/lib/nepenthes/binaries# ls -l total 192 -rw-r--r-- 1 nepenthes nepenthes 51664 2008-06-04 14:03 3d39a29913a2fe54009d491b89b01ab4 -rw-r--r-- 1 nepenthes nepenthes 41936 2008-06-03 11:04 8e072862754ef6e80831d2fd50376b43 -rw-r--r-- 1 nepenthes nepenthes 41928 2008-06-02 16:38 ba106399aad8b515319f52fac4794a73 -rw-r--r-- 1 nepenthes nepenthes 51664 2008-06-02 16:00 c2f699282a7a16ecf554cfbaa2724204 Lemme check...! Doesn't seems that it is clean as expected root@nuvox:/var/lib/nepenthes/binaries# clamscan * 3d39a29913a2fe54009d491b89b01ab4: W32.Virut.ca FOUND 8e072862754ef6e80831d2fd50376b43: Trojan.DsBot-15 FOUND ba106399aad8b515319f52fac4794a73: OK c2f699282a7a16ecf554cfbaa2724204: W32.Virut.ci FOUND ----------- SCAN SUMMARY ----------- Known viruses: 306262 Engine version: 0.92.1 Sc...

Phd Quest? :=p It's royal pain in the back (weh, it should be harsher). Sent e-mails to the prospective supervisor.. asking for updates.. Edith Cowan Univ: My friend said better go for public univ in Western AU.. but I did checked in Wiki ECU is a public univ.. well said, since ECU having good time doing research in network security ... asked and the Dr said please apply.. Victoria Wellington: NOT YET! RMIT: Dear mnajem, Sure.... I am happy to supervise you . Have you already applied to RMIT International? As you will starting in next year, it would be great to do some english courses for reading and writing, even if you have a good IELTS. I am currently a research project in the area of security in "X" systems (with other schools - Engineering and Maths), sponsored by the university. It involves the protection of entreprise//"X" networks again all the various attacks. IDS are one of the techniques, but there are other ones. The security researchers in RMIT...

Nice Updates -I'm in the office of Deputy Dean Student Affair now. For some unknown reason I was being appointed. Work as usual. -Will attend marriage course this week.. pfft I chose to go outside which worth RM80 because I'm too shy for RM20 course provided along with the student. Well, you know, I might get my face red ... blushing haha. -For the Phd Quest(as what Usin said), yesterday Dr Colin told me he will ask for Dr George Mohay consideration for my application... hopefully I can get the answer faster. Victoria Wellington still yet to answer my email.. be patient. To my fellow friend, I'll be happy if you can come to my hometown in Perak.. ;) (Well, just wondering who'll drop to my blog anyway.. the traffic feeds seems so busy but hardly to get my writings commented) EOF.