”A CLoser Look ato the Worm_MiMail.A” (written by C.Hornat) is a good analysis about techniques you see used in many malware . This analysis show how these things work.
“On August 1, 2003, I encountered several emails from my email admin account informing me that my email address will be expiring and that I should read an attachment for further details. Being suspicious, I analyzed that file and the affects of it. This is a short overview of what I have found so far.”
Read the rest of this entry »
A Closer Look at the Worm_Mimail.A
February 18, 2007 by hessamHacking The Malware
February 16, 2007 by hessamThis paper attempts to document an approach on how the hackers make use of the vulnerabilities to install malicious software on the vulnerable machine. A comprehensive reverse code engineered analysis of the malicious software (Win32.Qucan.a) and the various protection schemes against the worm by various security products are also discussed.
The Science of Malware Analysis
February 15, 2007 by hessamThis paper about reversing malware written by Mad_guy.
Malware . . . it’s all over. It has been successful in attracting world wide attention by infecting systems and causing damage world wide. We try as hard as we can to scan it, detect it, and monitor activities on the internet. But alas, no box is perfectly secure.
read more …
Read the rest of this entry »
win32 Buffer Overflow
February 8, 2007 by hessamReal Life Vuln-Dev Process of a Win32 Stack Buffer Overflow
Introduction from the paper:
Many times Sergio has been asked for writing a paper about how to code an exploit for win32, for two reasons, first because there are many papers about exploitation on *nix, but few about how to exploit on win32 world, and second because papers about win32 exploitation get very difficult to be understood by people without a good understanding of ASM, C languages. So Sergio thought that the best way to do something clear he had to write something as simple as possible, without leaving nothing to guess by the readers. Well this is what Sergio think is the easiest that he could do. And explaining the hole process of finding, debugging and exploiting a black box application. For this purpose Sergio has chosen ‘War-FTPd v1.65′ a known stack b0f bugged software, which is gonna be used in this tutorial.
Detect Your Web Application’s Vulnerabilities Early with Ruby
January 31, 2007 by hessamWeb application fuzzing is a method of detecting a web application’s vulnerabilities prior to deploying the application on a production system. Users of this approach send several malicious requests to the application and, based on the responses received, determine the application’s security posture. Users also can apply fuzzing to perform tests on several different attack vectors such as SQL, XPATH, and LDAP injection, and error handling.
Read Here
SimSafer RC2 (edited)
January 27, 2007 by hessam 
this text edited .
————————
SimSafer is a Small Software To Safe your PC (windows xp sp1 & sp2 ) .
Is not firewall or anti-spy or Stable anti-virus .
It Is emergency Software :
1- IT do fixed 45 security Option In windows
2- Have Live Antivirus (with bitdefender Engine) & Delete Viruses from Kernel Level & Mark kernel Class like antibody .
3- check MS windows security patchs and …
4- (In RC3 ) Check Open Port & Allow manage IT .
Simsafer can active your windows for “auto-update” . it is free for all and it can run on all windows xp.
enjoy …
SimSafer RC2 Download : http://simorgh-ev.com/download/Setup.exe
Screenshot 1 (start), ScreenShot 2(check patchs)
Simorgh Security Team
My website !
January 27, 2007 by hessamMy website started again .
www.hessamx.net
Uninformed 6 released
January 20, 2007 by hessam after long time uninformed volume 6 has been released !!
read this volume on Uninformed.org
ElseNot Project
January 18, 2007 by hessamThe ElseNot Project went public on September 26, 2005. Currently it is a one-man operation focusing on Microsoft products. The goal is to find the public exploits for Microsoft Security Bulletins. The ElseNot Project is updated every patch Tuesdays.
Website : ElseNot.com
The Art of Software Security Assessment
January 18, 2007 by hessamThis blog provides running commentary from Mark Dowd, John McDonald, and Justin Schuh, the authors of the book: The Art of Software Security Assessment. You can purchase a copy from Amazon, or directly from the publisher, Addison-Wesley, and peruse the sample chapter on C Language vulnerabilities.
Website : taossa.com
