29 Jan 2012

[Quick Notes] Various network scan types

A pentester performs several types of network scans during a test. These are usually sequential in nature, that is, we proceed with each scan, collect information and the move on to the next scan. With each scan, we gather specific information about our target environment.

Read more

25 Dec 2011

[Quick notes] Metasploit payload types

To start with, a vulnerability is a weakness in the target system which creates a security risk - that it can be exploited.
An exploit is a way, a piece of code that can trigger & take advantage of a vulnerability.
A payload is the actual component in the attack which 'do' things for an attacker.
Therefore, a payload must have at least 2 components in it:

1. Communications capability - set up communication channel for the attacker
2. Functionality - defines what all actions an attacker can perform
Metasploit provides 2 types of payloads:

Read more

06 Aug 2011

Analyzing Malware – Manually unpacking the specimen

In continuation to reverse engineering malware series, this is the fifth post. I will recommend that you read my first, second, third and fourth posts to be in sync with whole exercise. In previous posts, we performed behavioral and code analysis of the malware specimen - slackbot. We identified that the bot executable was packed with UPX packer. Since UPX has native unpacking capabilities as well, we had unpacked the specimen exe and learnt more about its code & operations during code analysis. Subsequently we were able to gain control over the bot.

Read more

31 Jul 2011

Analyzing Malware – Patching in the way!

This is in continuation to my previous posts on reverse engineering malware. Therefore, I would strongly recommend that you go through the posts one, two, and three, before moving forth with this one. If you recall, in the last post, we used disassembling and debugging techniques on the specimen to our utility and successfully identified the correct IRC login password. But is there a way to simply modify or bypass this whole password protection mechanism in the bot? If authentication process can be controlled, that'd be awesome. So, here it is; this post will show you just that.

Read more