Skip to main content


Showing posts from July, 2008
Am I really fit to that_great_school

Response from one prof that I emailed:

I am no longer taking PhD students in the area of security. My suggestion is
that you apply toPurdue, Dartmouth, George Mason, Johns Hopkins.

Best wishes on your education.

Oh boy!
Coming soon

Thank you very much for interest in our program.
congratulation , your paper entitled:

1. Effective Malware Analysis with Nepenthes

has been accepted and approved by our committee to present for our

as for the presentations , shall you have any
notes/handouts(ie:power point slides) to be distributed, please submit to
us at least a day before the actual presentation day for preparation.

to remind you, the fee for each paper is RM650.00 payable on the
registration day.

thank you very much and congratulation again

MyEduSec 2008
Striving Towards Secured Information
KDE revisited

I just went through bulks of my previous papers and what not and I found my previous writings on KDE localization, and presentation slides. I edited few old stuffs (such as email, because it was not being used anymore.. and also updated the blog address). The rest just remain, including my English level at that time.

If you have time to read, or simply just want to read it then you refer here:

KDE to Malay report [pdf]

KDE to Malay presentation [converted to pdf]
Libang-libu (the lemma of choices)

Don't ask me what it meant, it just words that I think it fun to put as my topic today.

I am pretty much snowed under with tremendous workload ... teaching 3 sections with ~120 students, meetings, seminars in the workplace.. and what not. Alas, I'm not forgetting my pursuit for Phd ... despite I'm worrying whether I'm on par with the rest of the CS scientist (wannabe).

Thinking about go to States, looking that_many people from Asia going there, and lotsof them even become the faculty members. Not I'm thinking to become like them(though I admit it is kinda pride working as a faculty member in a place where CS was borned). Now that one thing I don't really like about applying to States is that you_have_to_spend_USDs_for_just_applying.

Unlike applying for .AU, where you just simply go to IDP, and send your letters, etc and *they will take care most of the stuffs for you for FREE*...

If I'm applying for States, means I've to si…
Get me out of here

Pretty much a joke
API Hooking

Ok, I admit it. I stumbled to these words once I read literatures on CWSandbox from Mannheim. Since in Nepenthes we can simply send the newly fetched binaries to the sandboxes, I was like triggered to know what was executed behind them.

The method being called as API hooking. The other similar solution being used by Joebox, developed by postgrad student from Switzerland.

Anubis from Vienna in the other way around use QEMU ... but if you google around you will see there is one paper written by Symantec researcher refuting on the usage of virtual machines.

Since I got this tiny meenie D430 Lattitude now I always "read" downloaded PDF files while I rest on the sofa, or simply on the floor back home.

Usually I checked for Mannheim PDF reports... seems they actively put their research works for e.g in the recent DIMVA 2008 . Apart from that UC Davis, or some other institution which have works on botnet/malware countermeasure, honeypot/net, security visualization (just recently since Bro Adli point it out) .. etc.

I'm hardly to understand cryptographic stuffs due to several reasons..though I already took it once. It seems very theoretical which some other geeks might find that interesting, but not me. Usually I'll focus on the application part... but of course who knows I'll find the love on cryptography soon.

Interesting Computer/Network Security Paper Links

Usually I just marked by FF bookmark, or just tag with Delicious add on. Now I think I want you guys to read this and comment them out. A lot, by Dawn Song of Berkeley.

click here
Afterglow visual from Amun sensor

Splendid, awesome.. whatever....!

Lynis rootkit detector

I just tried Lynis, a pretty cool tool developed by a Netherlands security evangelist. Nice ...

The checking is pretty thorough.. I think neater compared to rkhunter and chkrootkit.
From Aachen to Mannheim

Well, it seems the Germanians did pretty good job on the lightweight honeypot. I just stumbled to the Thorltz's blog, and it seems that I missed something. Yet another honeypot.. amun!

Download here

Written in Python, I just got it work in seconds, prior to that you've to install python-psycho module.

See, the verbose output:

.::[Amun - Decoder] compiling siegburg xor decoder ::.
.::[Amun - Decoder] compiling plain1 shellcode ::.
.::[Amun - Decoder] compiling plain2 shellcode ::.
.::[Amun - Main] ready for evil orders: ::.
Among the services (mixed with my valid ssh service)

21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
42/tcp open nameserver
105/tcp open csnet-ns
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
554/tcp open rtsp
587/tcp open submission
617/tcp open sco-dtmgr
623/tcp open unknown
631/tcp open ipp
1023/tcp open netvenuechat
It's so 2000

I bought my first very own desktop PC when I was in my undergrad.. this machine.. still rock on.. doing some funny stuffs. Now part of it already being replaced... new CPU.. new graphic card.. new AC device(I replaced them twice, of course since they're broke already).. and new motherboard(not so new.. I guess it's around 2004). Perhaps the only artifact if I can call them are my Philips 15" monitor and the Low Yat rock solid casing (perhaps, legacy serie).

Well, the other part is my laptop.. that's the other new machine.. just 2 years back(almost) and at that time it wasn't el cheapo you know.. RM4,399 (this including the Shell's Petrol Card cost around RM300 voucher). So it's around RM4,100 (USD1500). Not so cheap at that time as well. The stressed part nowadays with the less costs I can get dual core machine.. LoL.

This old machine now running the Nepenthes sensor.. emulating few virtual nodes.

Next part is my D-Link 5 ports Ethernet switch…
Phd Phone Interview

I was interviewed by Dr Maria Papadaki from Plymouth Univ, UK regarding my Phd application. There were several Malaysians, and my officemate is doing her research phd there as well.

It took for about 45 minutes to discuss things related to the research, the process, funding etc. At first I forgot that UK is included in country which uses DST for their time. Somehow the discussion was OK, but of course given the communication distance, there was jitters.

Reminded me to Maxis's ad where people only yelled GOAL after a shortwhile. Same goes .

Hopefully I'll get conditional offer, prior to taking IELTS. Now that I can't confirmed the place, there's possibility of going places taking GRE/TOEFL, though it's tough.

Are you the like of taking *hard* problem as breakfast?