Hi folks, it's Will again. In my last blog entry, I discussed a behavior of NX on the Linux platform. Given that NX (or DEP as it's known on the Windows platform) and Address Space Layout Randomization (ASLR) work hand-in-hand, it's worth looking into how ASLR works on Linux. As it turns out, the implementation of ASLR on Linux has some significant differences from ASLR on Windows.
Hey, it's Will. I was recently working on a proof of concept (PoC) exploit using nothing but the CERT BFF on Linux. Most of my experience with writing a PoC has been on Windows, so I figured it would be wise to expand to different platforms. However, once I got to the point of controlling the instruction pointer, I was surprised to discover that there was really nothing standing in the way of achieving code execution.
Hi, this is Vijay Sarvepalli, security solutions engineer in the CERT Division again. In the earlier blog entries for this series, I introduced set theory and standard deviation. This blog entry is about entropy, a physics principle that has made its way into many mathematical applications. Entropy has been applied in many informational science topics. In this blog post, I introduce a way to use entropy to detect anomalies in network communications patterns.
Hey folks, it's Will. Every now and then I encounter an app that doesn't play well with FOE. You don't have to throw your hands up in defeat, though. Because FOE (and BFF) are written in Python, it's pretty easy to modify them to do what you like.
Hi, this is Jose Morales, researcher in the CERT:CES team. In early 2012, a backdoor Trojan malware named Flame was discovered in the wild. When fully deployed, Flame proved very hard for malware researchers to analyze. In December of that year, Wired magazine reported that before Flame had been unleashed, samples of the malware had been lurking, undiscovered, in repositories for at least two years. As Wired also reported, this was not an isolated event.
Hi, Timur Snoke here with a description of maps I've developed that use Border Gateway Protocol routing tables to show the evolution of public-facing autonomous system numbers.
Organizations that route public internet protocol (IP) addresses receive autonomous system numbers (ASNs), which uniquely identify networks on the Internet. To coordinate traffic between ASNs, the Border Gateway Protocol (BGP) advertises available routing paths that network traffic could take to access other IP addresses. BGP tables select and advertise the best routes for network traffic. Consequently, BGP data often provide better insight into traffic ownership than the physical or the logical layer. This blog post describes maps that I have developed that use BGP routing tables to represent the evolution of public-facing ASNs.
Hi, it's Timur Snoke of the CERT NetSA group, posting on behalf of Deana Shick and Angela Horneman. It's not every day that 9.6 terabytes of data is released into the public domain for further research. The Internet Census 2012 project scanned the entire IPv4 address space using the Nmap Scripting Engine(NSE) between March and December of 2012. The engineer of this data set (identity unknown) saved and released the collected data in early 2013. The data is broken down into seven types of scan results: ICMP ping, reverse DNS, service probes, host probes, syncscan queries, TCP/IP fingerprints, and traceroute.
The 19th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 19: Close the doors to unauthorized data exfiltration. In this post, I discuss how organizations are vulnerable to data exfiltration and offer potential mitigation strategies.