Journal Issues
| Vol.5, No.1, 2008 | | Vol.4, No.2, 2007 | | Vol.4, No.1, 2007 | | Vol.3, No.2, 2006 | | RECON2006 Conf. Proc. | | Vol.3, No.1, 2006 | | RECON2005 Conf. Proc. | | Vol.2, No.1, 2005 | | Vol.1, No.2, 2004 | | Vol.1, No.1, 2004 |
Statistics
Members: 1927
News: 293
Web Links: 1
Visitors: 3932667
Who's Online
|
 Damn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [ CLICK HERE FOR MORE INFOS! ]
|
Featured Conference Video
 OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!
|
Home  Articles - White Hat Methods CodeBreakers Journal RECON2005 Conf. Proc.
RECON2005 Conf. Proc.
 The CodeBreakers Journal deals with IT-Security & IT-Anti-Security and Attack & Defense. The CodeBreakers
Journal is publishing articles after full peer review. All articles are
published, without barriers to access, immediately upon acceptance. The
CodeBreakers Journal is published frequently.
| Visual Analysis: 2D Does it Better in Color
| Visual Analysis: 2D Does it Better in Color
IDS Analysts today - as
well as anyone else trying to parse large volumes of information - have
a significant problem dealing with issues of context and correlation.
Looking at thousands of lines of text just doesn't do it for them.
Keeping all of the relevant details of the traffic in your head at once
is just not efficient (or, in many cases, possible).
Visualizing IDS events (as a solution to this problem) is often
attempted but never really seems to catch on. This talk will expl...
Read More >> |
| |
|
|
| The Dark Side of Winsock
| The Dark Side of Winsock
The Winsock SPI, or Service Provider Interface, has been a part of
Winsock since the advent of version 2.0. It enables providers to extend
the Winsock API transparently, by installing their own hooks and chains
to application API calls. However, its formidable capabilities are not
put to widespread use... aside from spyware.
This lecture begins with a brief overview of the Windows TCP/IP Stack -
reviewing the terminology, From NDIS to Winsock 2. We then delve
further to explore Winsock,...
Read More >> |
| |
|
|
| Syllogistic Application Testing
| Syllogistic Application Testing
Most of what the industry is providing in "black box" application
security testing today is invalid. This talk will attempt to
demonstrate ways we can be more consistant, more thorough, and more
honest about the results from "black box" application security testing.
At this talk we will provide insights we've learned from performing
application testing, writing application testing tools, and the OSSTMM
(3.0) methodology for for application testing.
This will be...
Read More >> |
| |
|
|
| Auditing Source Code
| Auditing Source Code
The objective of the talk
is to understand the common problems when developing code written in
C/C++. It can be used as starting point to identify security problems
when writing applications. The overall focus will be on the prevention
of security vulnerabilities and the implementation of technical
countermeasures.
Reviewing code to find vulnerabilities is becoming more and more
common. Reviewing code is not only useful from a developers point of
view but also from an attacker's po...
Read More >> |
| |
|
|
|
|
| Binary Protection Schemes
| Binary Protection Schemes
The presentation will cover various issues regarding:
* protecting binaries against analysis
* license code implementation schemes
* modifications that can be made against a binary
* watermarking a binary
This presentation will mainly focus on the Linux operating system,
however, the ideas presented are applicable for other operating systems
as well. The presentation is aimed to give a general high level
overview with some examples to demonstrate the case in point.
An indepth pape...
Read More >> |
| |
|
|
| Passive Asset Detection System
| Passive Asset Detection System
Network scanners are a valuable resource in the security practitioner.s
toolkit. They are used to actively probe a network in order to generate
a snapshot of the current environment. However, they are not without
limitations; they can be loud, resource intensive, and the results can
be quickly outdated. During this presentation I will discuss how a
passive scanner can be used to identify network traffic.
Passive Asset Detection System (PADS) was designed to supplement active
scanners ... Read More >> |
| |
|
|
| Packet Mastering the Monkey Way
| Packet Mastering the Monkey Way
For some silly reason,
people commonly think that libraries like "libpcap", "libdnet", and
libnids" are difficult to use, yet they're not. developing skills with
these libraries and combining them with "libevent" allows you to
develop many networking tools and widgets such as scanners, sniffers,
and other recon toolkits. this talk will introduce these libraries and
show how they can be combined using event driven programming paradigms.
the developm... Read More >> |
| |
|
|
| Using honeyclients to discover new attacks
| Using honeyclients to discover new attacks
People who are interested in maintaining situational awareness often
deploy honeypots. However, there are whole classes of attacks for which
honeypot devices are not very useful, due to their passive nature.
Honeyclients are client-based applications that actively seek malicious
servers to gather data for further analysis. This talk will focus on
honeyclients, how they can be used, and will share interesting data
that has been gathered with a honeyclient. As part of this
presentation,... Read More >> |
| |
|
|
| CUTLASS - Encrypted Communications for Everyone
| CUTLASS - Encrypted Communications for Everyone
Users on the internet are doing more and more of their daily work over
peer-to-peer applications. Existing protocols such as SMTP and IRC are
being replaced by peer-to-peer file transfer, voice chat, and text
messaging systems. Unfortunately, the popular protocols are not secure,
and the secure protocols are not popular.
In this talk, we will talk about the security properties of the
existing peer-to-peer systems, as well as describing an open-source
system in development, CUTLASS. CU... Read More >> |
| |
|
|
| Anonymous Blogging Submission
| Anonymous Blogging Submission
Adam Shostack was once Most Evil Genius for Zero Knowledge systems. He
is now coordinating a project to set up anonymous blogs for people in
repressive nations, and would like to tell the folks attending Recon
about it, and get some of them involved.
Read More >> |
| |
|
|
| Analyzing Malicious Code - Disassembly with a time constraint
| Analyzing Malicious Code - Disassembly with a time constraint
One of the most common
examples of reverse engineering is malicious code analysis. In order to
clean up after, and prevent further infection by a piece of malicious
code, it must be analyzed. Such analysis is often used for generating
IDS signatures, detemining exploits used (and hence which patches would
be required) and writing detection modules for antivirus software.
Usually, this must be done in as little time as possible.
This presentation will cover two examples of popular Wind... Read More >> |
| |
|
|
| Attacking WiFi networks with traffc injection - Why open and WEP 802.11 networks really suck
| Attacking WiFi networks with traffc injection - Why open and WEP 802.11 networks really suck
This presentation aims at
showing WiFi trafic injection applications in order to practically
demonstrate weaknesses of commonly deployed WiFi environments, aka WEP
or open networks such as hotspots, for network itself and also for
stations connected to it. A practical point of vue is adopted instead
of giving another "WiFi is insecure" theorical brief.
The first part will briefly present 802.11 basics so everyone can
understand the whole stuff (management vs. data, how injec... Read More >> |
| |
|
|
| Practical Attacks on a Proximity Card
| Practical Attacks on a Proximity Card
Proximity cards' are
commonly used as high-tech replacements for magstripe cards or metal
keys: you hold the card within a few inches of the reader, and the door
clicks open. They are interesting because they are routinely used to
control access to property or services. These cards contain electronic
circuitry that authenticates them to the reader using a radio link.
Many such systems are designed with no security at all. This means that
the only barrier to entry is the complexity... Read More >> |
| |
|
|
| Process Stalking - Run-Time Visual Reverse Engineering
| Process Stalking - Run-Time Visual Reverse Engineering
Process Stalking® is a term coined to describe the combined process of
run-time profiling, state mapping and tracing. Consisting of a series
of tools and scripts the goal of a successful stalk is to provide the
reverse engineer with a intuitive interface to run-time block-level
trace data.
The Process Stalking suite is broken into three main components; an IDA
Pro plug-in, a stand alone tracing tool and a series of Python scripts
for instrumenting intermediary and GML graph files. The... Read More >> |
| |
|
|
| Hard. Registration Number Protection Schemes against Reverse Code Eng. with Multith. Petri Nets
| Hard. Registration Number Protection Schemes against Reverse Code Eng. with Multith. Petri Nets
This paper proposes a new
technique for hardening registration number protections by using
multithreaded Petri nets. Using this technique one is able to prevent
reverse code engineering attacks, which consist of protection scheme
analysis and reengineering. We come to the conclusion that using such a
technique leads at minimum to an enormous reverse code engineering and
analysis process for the attacker and that the proposed technique is
therefore an amelioration in registration number ... Read More >> |
| |
|
|
| Wizard searching: reversing the commercial web for fun and knowledge
| Wizard searching: reversing the commercial web for fun and knowledge
Like a skilled native, the able seeker has become part of the web. He
knows the smell of his forest: the foul smelling mud of the popups, the
slime of a rotting commercial javascript. He knows the sounds of the
web: the gentle rustling of the jpgs, the cries of the brightly colored
mp3s that chase one another among the trees, singing as they go; the
dark snuffling of the m4as, the different sounds and the rustling of
the databases, the pathetic cry of the common user, a plaintive cooing
... Read More >> |
| |
|
|
|