SecuraBit

Before It Bytes!

SANS CDI 2009 – Reverse Engineering Malware

So this coming Friday, December 11 – 14, I will have the privilege of attending  SANS CDI 2009.  It’s the largest SANS event that takes place every year in the heart of our nation’s capital.  Besides the horrendous traffic and the bitter cold I’m eager to learn from one of the best in our field, Lenny Zeltser.  Lenny’s been teaching the SANS 610 course for a few years now and has built up a reputation as being a true expert at reversing malware.  I currently hold the GCIA, GCIH, and the GSEC certifications from GIAC and the GREM will be a true test of skills as it’s said to be one of the most difficult to obtain.  I’ll post my experience with the course next week as I’m sure it won’t be a disappointing one.  In the meantime if you’d like more information regarding the SANS 610 course be sure to check it out here.

Be sure to check out the trailer below:

SANS Reverse Engineering Malware

If you’re attending the conference and want to meet up or just say hey, be sure to connect with me via Twitter!

-Jay

SecuraBit & The Academy Pro join forces!

As SecuraBit continues to grow and bring you the very best content in the security world, we figured it only made sense to join forces with The Academy Pro who accomplishes the very same from a different perspective.  The Academy Pro has an excellent repository of resources available at your fingertips from whitepapers, instructional videos, and forums where users can come together and share ideas.  We hope to broaden our listener base and bring fresh new content to both sites.  This isn’t a complete merger meaning our show will remain the same however with more visibility.  With that being said and the merger being in its infancy, our hopes are to continue to grow and refine our show to the likings of our listener base.  We want to thank all of you who have stuck with us since episode 1 as we’ve made massive improvements since.  Our backend team has put in countless hours to get us were we are today solely because we believe in giving back to those who gave to us when we were up and coming n00bz.  If you have any questions regarding the merger or just want to leave us a note, feel free to reach out to us at feedback[at]securabit.com.

Be sure to visit:  www.TheAcademyPro.com

Web 2.0 and common sense

Web 2.0 and cloud computing seem to be getting equal amounts of publicity as of lately however despite public press about vulnerabilities associated with such, users are either unknowingly or unwillingly changing their habits and therefore fall victim to easily preventable compromises that are taking place.

Twitter has had overwhelming success in the past year and has grown well beyond initial expectations.  Facebook is another social networking site that has surpassed MySpace with nearly 200 million users.  Although there are pros to utilizing such sites, users must be aware that anytime a site generates that much traffic, bad things are to come.

In steps the latest exploit that has taken to the masses, the twitter-botnet.  Jose Nazario of Arbor Networks was the first to report on this activity taking place and gave a very thorough break down of what was/is exactly taking place.  It’s to be noted that this isn’t a vulnerability in Twitter but nearly old obfuscation techniques used in the Web 2.0 environment.  To sum it up, as you can read the complete blog post here, the malicious user would post a bit64 link which in turn resolved to a bit.ly address.  For those of you who don’t know what bit.ly is, it’s a tool/site used to shorten URL’s to allow them to be posted within the 140 character limit imposed by Twitter.  Obfuscation at it’s finest!  The malicious link is wrapped twice before directing you to the evil site where a gbpm.exe file is downloaded and you can guess what happens from there.  Typical drive-by download techniques used by attackers for whatever reason it may be.

Tom Eston, who presented at DefCon17 with Kevin Johnson last month, helped me out exponentially as both have had a stake in the latest social networking attacks.  It’s worth noting that Tom has also created a whitepaper on how to secure your Facebook settings in order to prevent/deter attacks and I highly suggest taking a look at it no matter how 1337 you may think you are.

So what’s next?  Obviously social networking sites are here to stay and are on the rise, but how do we prevent attacks in the future?  You don’t….yes that’s correct.  You’d be lying to yourself if you truly believed that we’ll be able to rid the Internet of malicious activity.  But then again if you believe that then you also believe that 2pac, Elvis, and Michael Jackson are all still alive and their deaths were nearly publicity stunts.  User awareness is always going to be the number one way of reducing compromises.  There are many elaborate attacks and even the most educated users can sometimes, and I use that loosely, fall victim.  If you get a friend request from President Obama and accept, you should refrain from ever using a computer again much less anything else in life.  It’s disturbing when you look at the amount of compromises and after analysis is complete you’ve come to the conclusion that it could have been avoided if the person behind the keyboard exhausted some common sense….