Monday, November 27, 2006

New NBTEnum version

Those who perform penetration tests probably already know this tool. Ok, a new version was just released. Even if you don't use it, visit Reed Arvin site, there are lots of great tools there.

Friday, November 17, 2006

Bejtlich and SANS Top 20

I thnk that Richard Bejtlich is being a little picky about this subject, but he still got his point. Even in a work with such good content as the Top 20, basic concept mistakes can jeopardize its value. A document like this is read and used by lots of people, spreading the mistakes throughout the field. Hey SANS guys, instead of criticizing, why not try the CISSP? It won't hurt, it'll only add value (and it's not even something that Bejtlich will agree with me, given his opinion on this cert).

Mistakes with vulnerabilities and threats concepts is something that a CISSP doesn't usually do, even if with very bad technical skills. Mix the technical skills provided by SANS with solid fundamentals from the CBK. That's the source of an incredibly valuable Top 20 document.


Should I still need to say that this one is critical (well, MS already did that)?

Every time that there is a vulnerability in core Windows services, like "Server" and "Workstation", it smells like worm spirit. There is a relatively new fact that needs to be remembered these days...

Microsoft is pushing its processes to find illegal copies of Windows inside its updating system. I believe that in the last months several illegal copies that were being regularly updated are not doing that anymore. I know that personal firewalls and SoHo routers are more present, but I won't be surprised if a new worm finds more success than the last ones because of this.

New sysinternals tool

Those that constantly need to study trojans and viruses behaviour, or to debug "LUA bugs" in Windows applications, probably already know Sysinternal tools Filemon and Regmon. I always wondered why there wasn't a tool combining both. Now there is.

Wednesday, November 1, 2006


It have been more than two months since I posted here. I was visiting Canada and California on vacations, and now I'm a bit overflowed with duties from my job and the local ISSA chapter (I'm president since July). I hope to be able to translate some things that I wrote this week and to resume posting here more regularly in the next few weeks.

A quick note, I went to ToorCon in San Diego during my vacations. It was a bit too technical comparing to what I'm used to do now, but the presentation from Dan Kaminsky is always something worth to watch. I was expecting to see David Maynor and Johnny Cache doing a live presentation of their famous wireless exploit, but I believe you all already know what happened there.

Its funny how we stil have a lot of people bashing at Microsoft about security while we have companied like Apple and Oracle, with their terrible security behaviour. Microsoft has a huge security improvement in its products (can anyone remember the last vulnerability in IIS?), it's releasing good security products (the new ForeFront product lie has some interesting concepts), buying companies with good security products and professionals (Sysinternals...) and promoting security awareness everywhere. If there is a company "at our side" about this subject nowadays, it's Microsoft.

I really have hope on seeing Oracle following the same path. Still have doubts if Apple will try or if it will just close its eyes and pretend nothing is happening.