http://security.over-blog.com/ fr over-blog.com RSS 2.0 Generator http://security.over-blog.com/article-15899846.html

Blog discontinued...1000 sorry!
Hope that visitors have enjoyed the stuff...

Visit kareldjag.over-blog for more news in a near futur :)
]]> Tue, 22 Jan 2008 18:13:00 +0100 http://security.over-blog.com/article-15899846.html http://security.over-blog.com/article-3548107.html Rootkit technologies detection and prevention:

- with Rootkit Demo1.2: this russian demo uses is designed to hide its presence and to make speakers beeps.
RKDemo does not use particular hidding method, but take advantage of Windows functions (returs an "error control " to the system).
More over, this demo uses...]]> Sun, 30 Dec 2007 22:34:00 +0100 http://security.over-blog.com/article-3548107.html http://security.over-blog.com/article-1633967.html
 
PART 2: IN THE WILD WITH REAL MALWARES
7) Boot Sector/Bios/MBR protection: MBR virus

When a computer is not protected with a Bios password, and neither by an antivirus (only HIPS), an ill-intentioned person can easly...]]> Sun, 30 Dec 2007 22:30:00 +0100 http://security.over-blog.com/article-1633967.html http://security.over-blog.com/article-3740592.html
For some tests, we consider the HIPS as disabled.
These tests cover scenario where ill-intentioned person wants to install a malware (backdoor, spy tools like keyloggers etc) in a computer directly with a physical access.
We consider that this person:

- have no access to the admin....]]> Sun, 30 Dec 2007 22:22:00 +0100 http://security.over-blog.com/article-3740592.html http://security.over-blog.com/article-2210628.html


CLIENT/SERVER SIDE ATTACKS and other tests: here we distinguish attacks which occur via browser from malwares which infect the system:


NB.As some vulnerabilities could be patched as soon as possible, the tests are run on Windows XP2[...]]]> Sun, 30 Dec 2007 22:00:00 +0100 http://security.over-blog.com/article-2210628.html http://security.over-blog.com/article-2915915.html FIRST PART based on the behaviour (more screenshots here)


1a.Execution protection

-with the TaskManager launched via Ctrl+Alt+Del

-via start and[...]]]> Sun, 30 Dec 2007 20:34:00 +0100 http://security.over-blog.com/article-2915915.html http://security.over-blog.com/article-4066034.html

This rootkit is a pure "hider" (intrusion or hacker tool): it acts as an hidden service/driver.
But it does not hide its registry keys, that makes it easy to detect for users who know their system well.
In this example, we purposefully take the side and point of view of classical users who are...]]> Sun, 08 Oct 2006 18:00:00 +0200 http://security.over-blog.com/article-4066034.html http://security.over-blog.com/article-3548331.html Data theft via sniffing:


f. with a command line sniffer (currently detected by none antivirus on Virus Total):

We run (locally) the sniffer and connect to the web mail.



g. with Sniffer (Renamed, not...]]> Sun, 20 Aug 2006 22:10:00 +0200 http://security.over-blog.com/article-3548331.html http://security.over-blog.com/article-3462648.html
Here we illustrate some data theft attacks which can really be used in the wild.


a. with trojan demo:

This demo illustrates an "in the fly data theft attack" : once executed, it launches calc.exe, lists My Documents folder files and reports them (HTML) to Trustware...]]> Mon, 07 Aug 2006 22:28:00 +0200 http://security.over-blog.com/article-3462648.html http://security.over-blog.com/article-3088768.html ...]]> Tue, 27 Jun 2006 18:30:31 +0200 http://security.over-blog.com/article-3088768.html