If you like this, you can use flattr. ;)
- Quickpost: Inspiring Windows software profilers and checkers
- 0x41 - back to bugs
- low footprint/hardware assisted virtualization with Linux and GrSec
- Postfix troubleshooting - a security nightmare
- New content soon
- 0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge
- 0x41 - weekly exploitation matters - Shellcode and frameworks
- Explicit and implicit security in software development - measures and change
- 0x41 - weekly exploitation matters - Heap overflow fundamentals
- 0x41 - weekly exploitation matters - About
- wishinet: checking out GDB with Dtrace support for OS X... (1.9.2). Should be interesting.
- wishinet: RT @bfoo: Worth reading: http://merbist.com/2010/08/22/discussion-with-a-java-switcher/
- wishinet: nächstes Jahr Taikai in Nürnberg (http://www.taikai.de/) - und nu aus Nürnberg total groggy in die Falle! ;)
UnprotectedHex - about formal software verification
Sean's blog
Xecurity - a security feed collecter
Reddit RCE group
Freedom To Tinker
Emergent Chaos
Woodmann RCE forums
OpenRCE community forums
SecViz - security data visualization
DAVIX Live - for security metrics
Hex Live
Security Metrics
Immunity's Free Software
Core Security's OpenSouce research
Zynamics Blog
Security Tools
low footprint/hardware assisted virtualization with Linux and GrSec
Sun, 05/30/2010 - 02:21 | wishi
In short
I used
- a 2.6.32.12 Linux Kernel (newly introduced: Kernel Samepage Merging can lower a virtualization solution's memory consumption)
- patched it with the Linux-VServer grsec patch
- applied the standard Ubuntu 10.4 Lucid Server configuration
- applied grsec "High" preference and customized it (details are in the Kernel config section)
- optimized it for KVM, VMware (software binary translation gets switched on by internal heuristics - chpax is still necessary if you want that feature and that is intended that way), and of course Vserver (just works). KVM Qemu works due KVM works.
wishi's blog | 
Add new comment | 1+[encrypted]+#b94+ | 
Tags: Configuration, Linux, Security Tools, Setup
A practically secure mail setup - counter spammers with Linux mail-servers
Wed, 02/24/2010 - 23:03 | wishi
Who needs this?
Yay, free mails in a sustaining setup!
This is a tutorial on how to practically setup a relatively secure mail-server.
It's supposed to be as minimal as reasonable nowadays, and for a small amount of users (standard root server, max. ~20 mail-users at once). Without a real DB backend. It doesn't scale business-needs, however it's supposed to be extendable.
The reference system this setup works with is a Debian GNU Linux with:
- Maildrop - instead of Procmail for more flexible filter rulesets
- Postfix and Postfix-pcre ~ 2.7
wishi's blog | Add new comment | 1+[encrypted]+#b94+ | Tags: Configuration, Debian, Internet Protocols , Linux, pwnage, Security Tools, Unix
Windows Integrity Control - a model of trust and classification
Tue, 01/05/2010 - 17:15 | wishi
Malicious Office Documents
On very common entry point these days are malicious office documents. If you've got no idea on how interactive these "documents" can get, take the test at decloak.net (Start button). You'll get a .doc file that's performing network connections and in this case bypassing antonymization technologies.
Best of securitytube for RE and security
Sun, 09/13/2009 - 14:22 | wishi
A collection of tutorials, videos and fun
I think it's an amazing site. There're many video tutorial sites these days. However the quality differs a lot. In the following I listed stuff I like so far. Feel invited to watch everything:
Programming
Python programming course from MIT - the advanced stuff may be of some interest, however it starts of with fairly trivial and introductorily mentioned stuff.
Safari Sandbox 0.2
Sat, 08/22/2009 - 22:16 | wishi
A slight update
Here's a slight update on my sandbox-exec script for Safari 4.x. I prefer Safari for browsing for numerous reasons, however as a security minded individual I couldn't stand the access-permissions Safari by default has.
- (version 1)
- (debug deny) ; Use (debug all) to see every action)
- (allow network-outbound)
- (allow signal)
- (allow ipc-posix-shm) ; Needed for POSIX shared memory
- ;; if that is your Safari path
- ;(allow process-exec (regex #"^/Applications/Safari.app/*"))
- (allow sysctl-read)
- (allow file-read-metadata)
- (allow signal)
- (allow process*)
- ;(allow mach*)
- (allow mach-lookup)
- ;(allow process-exec (regex "^/System/Library/CoreServices/*"))
- ;;
MacOS Software Auditing - some ways
Tue, 08/04/2009 - 15:50 | wishi
Apple developers left doors open. Threats come out.
About the idea
Currently I'm doing some research on vulnerability discovery techniques, speaking of black-boxing, white-boxing and yes... gray boxing, too. These are general code-review techniques for source-code auditing, automated function-auditing and formal software verification.
Security researchers who care
Wed, 06/17/2009 - 08:53 | wishi
Teaching?
What took the most of us to learn,
is what we teach best.
I found a good collection of IT security specific learning materials. Even if you're an old hand in the fields, you might catch something new, nevertheless I guess it's a university course intended for starters.
Introduction and Source Code Analysis, Dan Guido
Reverse Code Engineering, Stephen A. Ridley
Memory Corruption, Dino Dai Zovi
Fuzzing, Mike Zusman
Client-side attacks and Post-Exploitation, Dean De Beer
Web Hacking, Erik Cabetas
