First, thanks for all the comments in the previous articles (Part I and Part II). I decided to analyze one the crash I experienced during registry analysis. I could reproduce all the time a BSOD with Regshot. I thought it would be nice to see what I could get with WinDBG. I had my environment set up…
Continue Reading
I finished checking the RAM with Volatility and… I found nothing. Nada. It’s a lot of fustration. There must be something just there, but my findings are certainly limited by my skills. I attach here some of the main outputs of Volatility. As far as I can tell: no evidence of injection or kernel hooking…
Continue Reading
Context For now, I can’t tell much about the context, mainly because it may – or may not – involve other people. The only thing I am interested in is to spot the issue and understand precisely what is going on. What makes the case really interesting though, is that it occurred on a fresh…
Continue Reading
Soktspy is a small script that may be helpful for some investigation. Sometimes, you may detect that some suspicious network traffic coming out from a machine. In general, it is easy to spot the process from which the packets originate. You somehow connect to the PC and look for open sockets. But sometimes, the behavior…
Continue Reading
I have yet to test it, but I was impressed by the demo: Opensvp is a security tool implementing attacks to be able to the resistance of firewall to protocol level attack. It implements classic attacks as well as some new kind of attacks against application layer gateway (called helper in the Netfilter world). Download…
Continue Reading
The other day I was shocked to find this entry in my Apache logs: [error] SSL Library Error: 336068931 error:14080143:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled It occurs appears when I try to use a SSL client certificate with Safari. Of course, authentication is broken as it just fails on an 403 error page. So it seems…
Continue Reading