Just some simple notes on Computer/Database/Network Security.
My own simple notes:
⇒ Malware types:
A quick and simple (and incomplete) overview on malware types
⇒ SQL Injection:
A quick (and incomplete) answer to what "SQL Injection" is
⇒ Hardening and Inspecting Windows systems:
Just a few tips for Home PC users (very short)
A short listing of "points/keywords" to consider in Hardening Windows systems (very short)
Just a few simple pointers in Hardening and Inspecting Windows systems (Somewhat longer text, but not so terrific)
⇒ Info on boot/rootkit:
A very simple note on boot-initiated malware, and boot/rootkits
⇒ Simple note on how to Repair bootstructures:
A simple note on how to repair bootstructures
⇒ Security Certifications:
A simple listing of the possible Security Certifications (not complete)
A simple note on the SSCP and CISSP security professional Exams
1. General Repositories of Security bugs/exploits:
lists from: www.cvedetails.com
lists from: cve.mitre.org
National Vulnerability Database: nvd.nist.gov
IT security database: itsecdb.com
2. Current Alerts/notifications from US Cert:
www.us-cert.gov
3. Microsoft Repositories: bugs/exploits/malware:
"Recently published" at "Malware Protection Center" of Microsoft
Quick link to All Microsoft KB's/Bugs/Updates plus Descriptions
4. Recent Malware lists from some AV Manufacturers:
Kaspersky: virus watch
Spyware: spyware guide
from Mcafee
from Bitdefender
from Panda
from Microsoft
from Symantec
Global view from securelist
5. General Boot / root kit articles and example studies (old and new):
Bootkit threats (general paper)
ESET article: The Evolution of TDL (TDL4) (1)
TDSS - TDL4 (2)
ESET article: Root of Evil (general paper)
Download Kleissner's pdf on Stoned
Short description Sinowal
Short description Vbootkit 1.0 (PoC on Vista architecture)
Short announcement on release Vbootkit 2.0 (PoC on Win7 architecture)
XPAJ trojan/bootkit variants
Trojan.Mayachok.2: analysis of a VBR-bootkit
Mebromi: The first BIOS ROOTKIT in the wild
Analysis of a MBR rootkit
6. Articles on how to remove Boot / Root kits:
7. Bootkits and/or BIOS kits on VMWARE and other Hypervisors:
A PoC on VMWARE
A short note on Blue Pill
8. Microsoft descriptions on how to protect software:
msdn: Windows ISV Software Security Defenses
9. Microsoft EMET:
Description EMET (1) (microsoft)
Description EMET (2) (microsoft)
Description EMET (2) (other)
10. Port scanning:
Techniques described by nmap.org
Techniques described by exploit-db.com
Techniques described by wikipedia
11. Table of some general Documents and links, geared towards Windows exploits:
Could be of interest for study of general but
*OLDER*
techniques.
General docs
The Art of Computer Virus Research and Defense (html)
Adware / Malware
Techniques of Adware and Spyware (very easy reading)
AppInit / DLL injection
General doc from wikipedia
Short blog arcticle
Microsoft KB arcticle
Windows heap exploits
Pre XPSP2: Windows heap exploits (1)
Pre XPSP2: Windows heap exploits (2)
Pre XPSP2: Windows heap exploits (3)
Pre XPSP2: Windows heap exploits (4)
Post XPSP2: Windows heap exploits
Vista/2008: : Windows heap exploits
Win 7 (IE8): Windows heap exploits
Win 7: Windows heap and other exploits
Win 7: Understanding the Win7 LFH
ASLR in Windows
ASLR in Windows (1) (Symantic)
ASLR in Windows (2) (Symantic)
ASLR general discussion
Windows heap sprays
heap sprays (1) - Good article, but lengthy and not easy
heap sprays (2) (microsoft research)
heap sprays (3)
heap sprays (4) (general info, but focused on javascript)
heap sprays (5)
Boot/Root kit
Bootkit threats (general paper)
ESET article: The Evolution of TDL
ESET article: Root of Evil
Download Kleissner's pdf on Stoned
Short description Sinowal
Short description Vbootkit (Vista architecture)
XPAJ trojan/bootkit variants
Analysis of a MBR rootkit
Blended Attacks
Blended Attacks (1)
Blended Attacks (2)
Blended Attacks (3)
Weakness DCOM
General doc on DCOM security
Windows RPC DCOM exploits
Windows Netbios null sessions
Windows Netbios Null sessions (1)
Windows Netbios Null sessions (2)
Windows Netbios Null sessions (3)
Windows Netbios Null sessions (4)
LSP & Winsock
LSP wikipedia
Obfuscation viruses
Entry point and Obfuscation viruses (1)
Entry point and Obfuscation viruses (2)
Microsoft Sites
Malware Protection Center
MS Safety & Security Center (us english)
MS Safety & Security Center (international)
Remote Access attack vector
www.ncp-e.com
Keyloggers
wikipedia
To get an impression: Some popular keyloggers
12. Additional explanations of Heap structures and controls from Wikipedia or Microsoft:
"PEB" (typical for XP/Win2003)
"DEP" (XPSP2/Vista and higher)
"ASLR" (Vista/2008/Win7)
If of interest: search on some keywords like LFH, PEB, DEP, ASLR, Heap exploits, Heap overflow.
13. DEP: Data Execution Prevention, NX mode:
Data Execution Prevention (wikipedia)
msdn art.
MS art.: How to determine if DEP is available on your system.
14. File signatures:
Signatures (1)
Signatures (2)
Signatures (3)
15. Some notes, or leads, for Hardening a Windows Server or other systems:
Sort of Portal to guidelines (technet.microsoft.com)
Hardening advice 2008 plus infra (technet.microsoft.com)
Hardening checklist Win2K8 servers (wikis.utexas.edu)
Easy listing from a blog
16. Some possibly interesting sites related to Win internals:
MBR/EFI Win Boot process
Examination of the Win7 VBR
Teach Your Apps To Play Nicely With Windows Vista User Account Control
skypher.com
undocumented.ntinternals.net
undoc.airesoft.co.uk
msdn.microsoft.com
notes (1)
notes (2)
notes (3)
notes (4)
17. Some public Tools:
Process Hacker (a process viewer):
Description of Process Hacker
Get Process Hacker (sourceforge.net)
MS EMET:
Download EMET from Microsoft
Portscanners:
Download the more advanced "nmap" portscanner
Download the easy "radmin" portscanner
hex Diskviewer/editor:
With HxD, you can hex open files and disks (e.g. read GPT, MBR)
SysInternals (a "must have" on Win systems):
Download Microsoft Technet "Sysinternals suite"
Other:
Cygwin linux for Windows (no VM)
Download the limited but free Moonsols memory toolkit
xvi32 hexeditor
hexdump32 hexviewer
18. Remarkable:
⇒ Stuxnet:
Stuxnet (and comparable) (ppt)
Stuxnet (and comparable)
Stuxnet (and comparable) (ppt)
⇒ Duqu:
Duqu (1)
Duqu (2)
Duqu (3)
Duqu (4) (MS11-087)
Duqu (5)
Duqu (6)
⇒ Flame:
Flame (1)
Flame (2)
Flame (3)
⇒ Bamital:
Bamital (1)
Bamital (2)
Bamital (3)
19. BIOS & ACPI & EFI exploits:
Mebromi: (one of the) first BIOS bootkits in the Wild (1)
Mebromi: (one of the) first BIOS bootkits in the Wild (2)
Mebromi: Symantic analys (3)
BIOS bootkits: BlackHat presentation (2006)
A PoC on VMWARE
Possible routes to ACPI/EFI exploits (blackhat.com)
UEFI and the TPM: Building a foundation for platform trust (infosecinstitute.com)
20. Drive-by installs:
Short explanation of "drive-by installs"
Example of a site with "drive-by installs"
Simple, effective, analysis of "drive-by install"
21. Information on an OpenSSL leak: Heartbleed
US-Cert
Wikipedia
Scientific American
heartbleed.com
Appendix 1:
Last update: 7 May, 2014