Skype (too much packets)

My experience with Skype as a sysadmin / security and a paranoid guy never was too good.

But I also never had too much patiente to reverse engineer it - but someone already did it, i believe with an older protocol, and its being sued :-), so decide to do some simple iptables rule to stop that annoying (and too much) traffic:

so, create a user called skype, then add in its .bashrc

export DISPLAY=":0.0"
alias skype='xhost +local: && su skype -c skype'

so now you have a skype user to run skype:

[root@natasha ~]# id skype
uid=505(skype) gid=505(skype)

and the command line for execute it:

alias skype='xhost +local: && sudo -u skype /usr/bin/skype'

this will stop all skype traffic, but we dont want this...

iptables -I OUTPUT -p all -m owner --uid-owner 505 -j DROP

so I let for you a bit more research for allow each nth packet or random packet or just a certain protocol with a rate limit for skype :-)

ATM Skimmer talk

In my last speak I became interested in ATM Skimmer devices, a new one (i had never saw it before) reverse engineered by me, just for researching purposes. I gave a talk in Silver Bullet conference, and I expect my next paper will be far more agressive :-)

http://www.sbconference.com.br/en

and photos...

https://plus.google.com/u/0/photos/114690300278038603312/albums/5674652963784155649 and sorry, no whitepaper will be avaiable for download, for security reasons.

OpenBSD 4.9 + arduino Duemilanove without Java

despite the java editor built-in with the Linux package, you can use vi and make to flash your arduino projects :-)

follow the instructions here: OpenBSD/CLI ... and instead of

..."Note that you can keep this directory in sync with the source by issuing the following command every so often in the ~/code/arduino/libs/hardware/cores/arduino/ directory:

~/code/arduino/libs/hardware/cores/arduino $ svn up"

due to an update that brokes Serial.begin(), you can get in compile troubles, revert to the 1076 revision by issuing a:

$ svn update -r 1076
At revision 1076.


mostly due to a change at revision 1077 - check here

Putty password stealer

Sometimes you need to hop between machines/users depending on the environment; this is old code, part of a bigger project. As I dont post nothing lately.. here it goes. Compiles under fasm. I didnt put the hole files, but anyone can figure out how to compile it.

psw.asm

Gray Hat Python

started reading this book. seems nice.

Malware Course [2]

I began to teaching another class to dissect malware. Lots of assembly, debugger, file format, drivers, packers, cryptology, and recent open source tools.
I am sure the students are enjoying the course like me.

Dropbox Hooker

Dropbox is an application to sync files between various computers and also share them with other users. you can view some of its features here: http://wiki.getdropbox.com/TipsAndTricks This program was created to handle files being pasted into dropbox folder, BEFORE they go to the wire, so your application can do any changes they want to on the fly, in the files being shared / sync'ed by the user. I create it for gpg integration with dropbox, but the use is wider - file analysis is one of them.

1) i assume you have dropbox installed (www.dropbox.com)

2) modify (or not, to see it working) secbox.asm, in the section "cfw_hook" to do what you want with the files. the argument in eax is the file path.

3) get debugview and install it: http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx

4) compile the source with fasm (or use precompiled version)

5) copy secbox.dll into dropbox "bin" folder

6) patch dropbox.exe - if patch is successfull, will appear in Debugview

7) past files in "My Dropbox" and see them being reported by secbox

git download link

Malware Course

I began to teaching in a course to dissect malware. Lots of assembly, debugger, file format, drivers.
I hope the students enjoy the course like me.