Irregular Expressions:

September, 2010


September 26, 2010  11:28 PM

Sans reading room



Posted by: Dan O'Connor
Forensics

I like to look around the reading room from time to time looking for something to read and I found this one really interesting. http://computer-forensics.sans.org/community/papers/examining-unknown-image-analysis-compromised-honeypot_200 Forensics is so cool :) This has an excellent write...

September 26, 2010  10:54 PM

Creating sound disk images



Posted by: Dan O'Connor
Forensics dd mdd

What does that mean? Creating an image that is going to have all of the information that you are going to need and persevering as much of that information as possible. First capture a snap shot of the memory of the target, there is a lot of tools out there to do this. I prefer mdd.  If you...


September 26, 2010  9:57 PM

Stuxnet update



Posted by: Dan O'Connor
stuxnet cybercrime

This article is extremely interesting. Two quotes really sticks out "Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber...


September 26, 2010  9:10 PM

Sagan Update



Posted by: Dan O'Connor
sagan

Softwink has released an update, they are at version 0.1.5.  The rc script I created wont cut it anymore, it will have to be tweaked. You dont need to add & on the end of the command it has a deamonize option now. You can download it here http://sagan.softwink.com/download/ Enjoy.


September 26, 2010  8:47 PM

Casper RFI crack bot – Part 16 – Last Part



Posted by: Dan O'Connor
casper bot, casper rfi perl bot, perl bot, www perl bot

So looking over all of the scripts what do we have? What is in use here is a collection of scripts by varying authors from multiple nationalities in different languages.  This in a best case scenario is a script kiddie, also by the fact that he left his gmail address in the script that was...


September 26, 2010  12:50 AM

Casper RFI crack bot – Part 15



Posted by: Dan O'Connor
casper bot, casper rfi perl bot, perl bot, www perl bot

What this appears to be looking for is more machines to exploit, big surprise! I followed it back for a bit and this is what I ended up with.

sub se_yahoo {
  my ($chan,$key,$nf) = @_;

sub s_engine {
    my ($f,$se,$type,$chan,$bug,$dork,$ef) = @_;

sub s_cari {
  #Type: 1 = Cari...


September 26, 2010  12:23 AM

Casper RFI crack bot – Part 14



Posted by: Dan O'Connor
casper bot, casper rfi perl bot, perl bot, www perl bot

One more script listed at the top of the main one.

$filebotscan = "scan.txt";
It's full of all sorts of stuff nothing really caught my attention until I reached this.
##[ GOOGLE ]##
sub se_google {
  my ($chan,$key,$nf) = @_;
  my @daftar;
  my $num = 50; my $max = 5000; my...


September 25, 2010  9:21 PM

Casper RFI crack bot – Part 13



Posted by: Dan O'Connor
casper bot, casper rfi perl bot, perl bot, www perl bot

There is a few more things that are worth looking at.

 if ($funcarg =~ /^portscan (.*)/) {
             my $hostip="$1";
             my...


September 16, 2010  10:05 PM

Casper RFI crack bot – Part 12



Posted by: Dan O'Connor
casper bot, casper rfi perl bot, perl bot, www perl bot

So what is going on next,

my $line_temp;
while( 1 ) {
     while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
     delete($irc_servers{''}) if (defined($irc_servers{''}));
     &DCC::connections;
     my @ready = $sel_cliente->can_read(0.6);
     next...


September 16, 2010  9:13 PM

Fun anti-malware site



Posted by: Dan O'Connor

I found this stumbling around the Internets. http://wam.dasient.com/wam/infection_library_index Nice little list for starting research.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: