Segurança da Informação Projeto Malwares-BR - Início O projeto malwares-br é uma idéia para criação de assinaturas para projetos opensources (especialmente regras do Snort e num futuro Clamav. Talvez correlacionamento/regras pro OSSEC quando possivel) para uso em especial de empresas nacionais contras as ameaças "Made In Brazil". O foco inicial será baseado em poucos samples que colhemos durante a semana de onde faremos a análise básica , com uma pequena explicação e assinaturas para Snort inicialmente. Dependendo da demanda e ajuda durante o passar do tempo também faremos algo para o Clamav visto que isso será de grande valia para eles também . Outra possibilidade é o projeto entrar como parte do ruleset do Emerging-Threats mas para isso temos que criar uma boa demanda de regras e mostrar que a comunidade nacional esta empenhada . Inicialmente o que mais precisamos é de amostras ou seja, se você receber algo de alguma empresa nacional por favor nos encaminhe o link ou email pois certamente retribuiremos com as assinaturas. Happy Snorting!
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code (9780470613030): Michael Ligh, Steven Adair, Blake Hartstein, Matthew Richard Hacking: The Art of Exploitation, 2nd Edition (9781593271442): Jon Erickson Software - CERT.at Bytehist A tool for generating byte-usage-histograms for all types of files with a special focus on binary executables in PE-format (Windows). ... DensityScout This tool calculates density (like entropy) for files of a any file-system-path to finally output an accordingly descending ordered list. Minibis Software and tips to easily build up an automated malware analysis station based on a concept introduced in the paper "Mass Malware Analysis: A Do-It-Yourself Kit". ... ProcDOT This tool processes Sysinternals Process Monitor (Procmon) logfiles and PCAP-logs (Windump, Tcpdump) to generate a graph via the GraphViz suite.
What is heap and stack? The stack is a place in the computer memory where all the variables that are declared and initialized before runtime are stored. The heap is the section of computer memory where all the variables created or initialized at runtime are stored. What are the memory segments? The distinction between stack and heap relates to programming. text (code) segmentstack segmentheap segment The text segment (often called code segment) is where the compiled code of the program itself resides. Now let's get to some details. What is stack? The two sections other from the code segment in the memory are used for data. Data is stored in stack using the Last In First Out (LIFO) method. What is heap? On the other hand, heap is an area of memory used for dynamic memory allocation. The stack is much faster than the heap but also smaller and more expensive. Heap and stack from programming perspective Most object-oriented languages have some defined structure, and some come with so-called main() function.
Heap: Pleasures and Pains Murali R. Krishnan Microsoft Corporation February 1999 Summary: Discusses common heap performance problems and how to protect against them. (9 printed pages) Introduction Are you a happy-go-lucky user of dynamically allocated C/C++ objects? What Is a Heap? (If you already know what a heap is, you can jump ahead to the section "What Are Common Heap Performance Problems?") A heap is used for allocating and freeing objects dynamically for use by the program. The number and size of objects needed by the program are not known ahead of time. A heap uses parts of memory outside of what is allocated for the code and stack during run time. GlobalAlloc/GlobalFree: Heap calls that talk directly to the per-process default heap. LocalAlloc/LocalFree: Heap calls that talk directly to the per-process default heap. COM's IMalloc allocator (or CoTaskMemAlloc / CoTaskMemFree): Functions use the default per-process heap. The Windows heap is a thin layer surrounding the Windows run-time allocator. Summary
Heap spraying Operation[edit] A heap spray does not actually exploit any security issues but it can be used to make a vulnerability easier to exploit. A heap spray by itself cannot be used to break any security boundaries: a separate security issue is needed. Exploiting security issues is often hard because various factors can influence this process. Exploits often use specific bytes to spray the heap, as the data stored on the heap serves multiple roles. History[edit] Implementation[edit] JavaScript[edit] VBScript[edit] Occasionally, VBScript is used in Internet Explorer to create strings by using the String function. ActionScript[edit] In July 2009, exploits were found to be using ActionScript to spray the heap in Adobe Flash.[9][10] Images[edit] Though it has been proven that heap-spraying can be done through other means, for instance by loading image files into the process,[11] this has not seen widespread use (as of August 2008). HTML5[edit] Detection and prevention[edit] See also[edit] References[edit]