Phrack #68 is finally out. Android Kernel Rootkit – dong-hoon you Happy Hacking – anonymous author Practical cracking of white-box implementations – sysk Single Process Parasite – Crossbower Pseudomonarchia jemallocum – argp & huku Infecting loadable kernel modules: kernel versions 2.6.x/3.0.x – styx^ The Art of Exploitation: MS IIS 7.5 Remote Heap Overflow – redpantz [...]

read full post »

pcap_compile() is used to compile a string into a filter program. The resulting filter program can then be applied to some stream of packets to determine which packets will be supplied to pcap_loop(), pcap_dis- patch(), pcap_next(), or pcap_next_ex(). The filter expression consists of one or more primitives. Primitives usually consist of an id (name or [...]

read full post »

I tweeted it but forgot to tell it here … Phrack #67 is there. What is Phrack? Phrack is an ezine written by and for hackers, the longest running hacker magazine first published in 1985. Here the TOC Introduction The Phrack Staff Phrack Prophile on Punk The Phrack Staff Phrack World News EL ZILCHO Loopback [...]

read full post »

O’Reilly and also Galileocomputing publish some of their books besides the print version also as PDF. Means you can download them legally from the Inet and use them for your work. Of course you can also download other titles that are not listed in their Openbook directory from the web, bittorrent, emule, etc. The legal [...]

read full post »

I found an intresting article on the symantec blog why the old pattern matching AV method fails more and more and how they face this situation. A recommended reading during a coffee break. Reputation-based Security: Suspicious.Insight detections on Virus Total We recently upgraded our scanner on Virus Total to include our new reputation-based security engine. [...]

read full post »