To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

Tracking Intelligence Project

What is TIP? TIP stands for Tracking Intelligence Project. In my most beautiful dreams, TIP should be an information gathering
framework whose purpose is to autonomously collect Internet threat
trends. It's entirely written in Python using Twisted and bound to the Django framework in order to abstract the underlying database and to easily build a web interface to the data.

Confusion About Honeypots

Honeypots have been actively used by the security community for over ten years now.  They are used for a variety of purposes, but now a days primarily for information gathering.   When honeypots first were being used they generated a great deal of discussion about the legal issues.  However, through the years this debate has died down, most organizations feeling these issues are minor.  I just wanted to share an update on these thoughts.
 

Bison/Flex parser

This week I completed an important step which is to integrate a parser in Honeybrid. There are now two new files in the source code:

Free Honeynet Log Data for Research

UPDATE: the log data is posted here.  A notification group about new log sharing is here.
 

stack crash?

This phenomenon is first observed when I tried the NtReadFile test last week, sometimes when the postNtReadFile is called, the handle value, buffer address and buffer size got from the stack is quite different from values got in preNtReadFile. I didn't pay much attention to this problem that time, but, when I tried to debug the NtSecureConnectPort API with WinDBG today, this phenomenon appeared again. So I did a further study on it.
 
First, I set a break point at nt!NtSecureConnectPort:
 

QEMU dyngen

This is supposed to be the first Qebek blog, but unfortunately, it cannot pass the check of mod_security (even today), so I posted here.  

Parser Redux and Libraries

I know I said that I would post a screenshot a week ago, but it's been a little busy, but here's an older attached image. One of the reasons there was a delay is that the code that I was using was based on one of the wxPython demo programs, hence the RunDemo title bar. I'm in the process of revamping that code into something that's a little more standalone.

New features added !

Hi folks,
It took me a long time to work on the data model, the back-end, to setup all my framework(Tapestry+hibernate+Spring+ACEGI+Maven) but it's done right now.
So I will post once a week I guess about new features I added.
I'd like to speak a bit about how my webapp works. The main goal is to separate every layer of my web. e.g front-end/business/back-end :
Layers model
This week, you I added

Picviz 'Durian gostoso' 0.6 is out

Hello all!
In Last night we had released the newest version of PicViz suite (that contains all PicViz tools). Specifically for the GUI, now we can brush the lines dynamically and apply zoom in graph. To allow line brush has been necessary reimplement some important classes of PyQt used in the GUI. It wasn't easy. But now it works, despite of we must continually improve the line (event) selection.

A python object: It can be everything!

The code is like this:
class unknown_obj(object):
    def __call__(self, *arg): return unknown_obj()
    def __getitem__(self, key): return unknown_obj()
    def __getattr__(self, name): return unknown_obj()
 
The three methods are: __call__ for function calls (*arg means arg is the argument list), __getitem__ for the visit to members using '[]', such as a[3] and 3 is the key, __getattr__ just like we mentioned, for any visit to members using '.'. So almost every kind of codes is legal to an object like this. For example:

Syndicate content