|
|
posted in Tools & sources on Apr 30th, 2009
Tool name : IEBrowserHistory version 0.2 Description : Internet Explorer maintains a history file where it stores every URL you visited. The entries in this history file have a specific structure and are only partially saved in a human readable form. The tool IEBrowserHistory locates browser history files, parses them and prints out the [...]
posted in Stuff on Apr 29th, 2009
I’ve decided not to release another article this week but to kee the focus on the source code section instead. I think it was a little unorganized from the beginning on and was actually only created not to forget to stuff it with code one day. This day arrived and I restructured the section a [...]
posted in Articles on Apr 21st, 2009
In the first part of this series we had a closer look at the basic precondition how an attacker prepares his own computer to eliminate telltale traces when surfing the Internet. In this second part we will go into the details how they connect to the Internet anonymously without leaving a betraying IP address which [...]
posted in Articles on Apr 15th, 2009
When analyzing the code of a Trojan horse it often contains methods and functions that can be assigned to typical function groups and modules. Even if the code and inner organisation seems to be chaotic and hard to understand because of its structureless appearance you can assign a function to at least one of these [...]
posted in Tools & sources on Apr 11th, 2009
Below, you can find a link to the source code to a simple HTTP proxy server script. It’s written in PERL and requires a connection to a database to store the intresting data. But you can easily comment the lines in the code where the functions newConnRec() and connectDB() are called. This is the script [...]
posted in Articles on Apr 9th, 2009
As already mentioned in a previous posting I stumbled upon an old proxy server code that attracted my attention again. Driven by the same idea as at the first time, out of curiosity how the spammers and hackers do their job and who else is using this anonymizing srvices I modified and installed the script [...]
posted in Articles on Apr 7th, 2009
It is a critical moment when hackers unleash their malware into the wild and have to get in touch with the outside world. They expose themselves for a short moment and risk to leave traceable tracks that may reveal their identity. We read and see regularly in the media malware is spreading successfully and unnoticed [...]
posted in Stuff on Apr 6th, 2009
About one year ago I coded a simple HTTP proxy server with the objective to propagate my own proxy server among the anonymizing proxy server providers to analyze the traffic coming from their network. I hoped collecting account information that way. They didn’t disappoint me. Yesterday I’ve stumbled uppon this small PERL script again and [...]
posted in News & media on Apr 5th, 2009
No doubt the thing that received the most attention this week was the conficker worm and the long expected fingerprint to recognize its presence. After several months Dan Kaminsky finally finished the hunt and cures are at hand now. Read more here … After the chinese celebrated the 50th aniversary of tibets liberation the world [...]
posted in Stuff on Apr 2nd, 2009
I wanted to give a rough overview how a Trojan horse is organised in itself and visualise its structure a little. It took me some time and after some hours of work the result is the diagram below. It shows a Trojans install and start routines and the three main modules with its functions. You [...]
© 2010 all rights reserved.