AntiOnline Spotlight: Freshly Baked Security Tutorials
Technology evolves at a brisk pace, so why aren't your tutorials keeping up? Get up-to-the-minute tips on securing your systems from experts in the field.
Like most, your first instinct when researching a topic is to Google it. Unfortunately, you may find yourself taken to a stodgy old tutorial that may have worked great a few years ago but falls flat today.
Luckily, there's AO's Tutorial Forum.
Sure, many lack the polish of an O'Reilly book, and yes, some are hastily written. But few other resources pack as many, up-to-date tips on combating today's threats. What's more, they are peer reviewed and updated frequently by admins just like you.
Start safeguarding your systems by visiting some of the latest how-to's, fresh from the minds of AO's members.
Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.
This Week's Spotlight Threads:
Advanced ClamAV Signatures - Link
Soda_Popinsky delivers this tutorial on creating anti-virus signatures.
...It will cover new signature syntax included in ClamAV .80rc 1, 2, and 3. New features include extended wildcards, MD5 signatures, and an extended signature format. Stable versions of .80 are not released at the time of this tutorial, so this serves as a preview and may not be identical to the signature syntax at the time of its release.Practical Guide to Alternative Data Streams in NTFS - Link
The Clam Antivirus Project (http://www.clamav.net/ http://clamav.sourceforge.net) is an open source virus scanner available for free. Clam allows its users to create their own virus signatures, which is helpful if you discover a piece of malware that is not currently detected by Clam. This tutorial will show you how to create an advanced signature file that can be used by any virus scanner based on the ClamAV .80 engine, with methods to detect minimal polymorphism. Necessary files to complete this tutorial are attached.
Irongeek authors a smart guide on how ADS should be of concern to security professionals.
Alternative Data Stream support was added to NTFS (Windows NT, Windows 2000 and Windows XP) to help support Macintosh Hierarchical File System (HFS) that uses resource forks to store icons and other information for a file. While this is the intended use (as well as a few Windows internal functions) there are other uses for Alternative Data Streams that should concern system administrators and security professionals. Using Alternative Data Streams a user can easily hide files that can go undetected unless closely inspected. This tutorial will give basic information on how to manipulate and detect Alternative Data Streams.Virus Research Information Part Two: Greater Threats - Link
Spyder32 takes a look at some malicious code that's keeping many an admin up at night.
Now, trojans and backdoors are basically synonymous. A trojan can basically BE classified as another type of backdoor program (another type of backdoor program is a rootkit, RAT, etc). Both are meant for malicious purposes, both have caused script kiddies worldwide the ability (with a little social engineering skills) to take control over a poor victims PC. Now, trojans don't just give you control. THEY GIVE YOU CONTROL. By that, you are given access to the systems files, the ability to disable the keyboard, disable the mouse, shutdown/reboot the system, print something from the system, open and close the CD-ROM drive, and MUCH more.Basic things you can find from an IP - Link
Irongeek describes some of the sometimes surprising things you can find by employing the simplest of tools.
Basic things you can find from an IP
Here I will outline some use full Unix and NT commands for finding out more information about a given COLOR=purpleIP. Some of these techniques will fail depending on firewall rule sets.
Items to be covered:
How do I find my own IP?
How do I find out if an IP is contactable?
How do I find out what organization owns an IP?
How do I find out what OS a box is running?
How do I find out what ports are open/services are running?
How do I tell who is logged in to that box?
Any good all-in-one tools?
How Do I find the NetBIOS name from the IP?
How Do I find the IP from the NetBIOS name?
How can I see the traffic going between two IPs on a switched network?