I dunno why on earth I have this blog.
Analyst Journal
This category is about any interesting events that I’ve faced in my work as a Security Analyst
New approach, old objective..
Mar 8th
img source: wearecentralpa.com
My email used to be bombarded with spam or phising emails either for Paypal, Maybank or CIMB and sometimes Amazon as well. Usually these emails are in the same format (sometimes even same wordings), same email subject and lil bit different header images and of cause different sender address. But today (the email actually received yesterday but I only open my trusted Thunderbird today) the content is lil bit different, convincing enough and yeah even the sender address seems like from legitimate source for the unsuspecting users.
Forensic Readiness Policy and watch your steps eh..
Feb 27th
Pic source: kellepcharles.blogspot.com
Greeting guys..
I’ve spent the past two weeks getting the draft for forensic readiness policy complete for submission to our client in Indonesia. To be honest this time around I need to assist our sister company there in designing an SOC for that particular client. In sense of security policy, bulk of the task was done by my colleague there. She’s very good in integrating the client’s security policies into ours. I really impressed with her works tho 
Good Doors but still you need CCTV
Jul 8th
Recently one of my friends performed penetration testing on one of our client’s networks. Well most of the times the penetration testing will be done based on “white box” testing technique and yeah sometimes the client of cause request “black box” technique as well. And sometimes we just performed both of these techniques also. During the “black box” session, he mentioned that it seems that this particular client has some sort of content filtering device or mechanism that managed to block most of his attack assessment techniques. I assume that this client has an IPS installed on their network. No, this is not IPS bashing posting from me OK?
Service for Hire… Interested?
Jun 15th
http://www.linux.org.au/projects/grants/
Nowadays, either people are getting lazier than before or the technology is becoming too convenient for us. We used to go to the bank for financial matters, to respective utility companies for settling our monthly utility bills, go to the shop/mall for shopping. Now everything (mostly) can be done via click of the mouse. In fact wifey once bought traditional food/cookies via internet and that goodies were sent via Pos Laju. By the time we receive that particular parcel, I think some of the cookies were not in their original shape and crushed 
And recently I received this in one of the posts comment section awaiting to be approved by me
On this Mourn-day
Jun 15th
I think somewhere around January, I did mention to my colleagues on the possible rise of cybercrime cases due to the world economy crisis. There will be more spam email than before, more phising emails than before and yes, this time the target has been shifted to client or user side Why? Because it is a “lucrative”, often overlooked, less controlled and high in numbers. Instead of controlling few servers in that particular organisation (and difficult as well because most of the times these servers will be highly protected, monitored as those machines are in the high priority list ) why not just concentrate on the users. 1% of let say 1000 users is not bad eh? My friend mel posted one of the trick of misleading the users at security.org.my
Chill out ;)
Jun 5th
It seems that my previous posting did offend some people. I want to take this opportunity to say sorry to whoever offended either directly or indirectly by that post and there are no malicious intentions in it. As most of the people in this particular industry I can call them as my friends and professional colleagues. But with that in mind, these people also entitled for their comments, views and opinions.
If it was me…
Jun 1st
http://www.dailystrength.org/people/110944/photos-videos/item/293887
As usual, Monday is a very bad day for me. Dun ask me why but perhaps I’m watching /reading too much Garfield and influenced by this fat lazy but adorable cat obsession on hating Mondays 
. So while doing my usual Monday activities (this of cause after reading my emails especially the ones in the inbox as I’ve filtered other emails to their respective mailing list folders, so the ones arrived in the Inbox are usually meant for me personally:)), one of my friends “buzzing” me via one of the Internet Messenger clients.
Perimeter defense is not enough
Apr 22nd
My friend’s gave a presentation on the mod_security usage last few weeks to a group of users from the government. In his presentation he gave a demo on how mod_security managed to prevent “blind sql injection” attacks on the application run on mod_security enabled web engine. He even received a thunderous applaud from the audience once he concluded his presentation. However one of the attendees asked one good question afterward.
“My friend said you do not need to installed any WAF (web application firewall). All you need to do is fine tune the firewall filtering policies and that’s it.”
Aint no April Fool…
Apr 1st
Again.. Sorry for the long Hiatus.. Anyway I did received an email from one of my friends at CyberSecurity Malaysia..
“maybe u can pos something useful & reminder in your blog & security.org.my to remind your blog visitors bout this malware.
thanks bro..”
Ahhh the link.. http://www.mycert.org.my/en/services/advisories/mycert/2009/main/detail/647/index.html
Yeah guys.. This ain’t no HOAX. In fact, there are few entries in SANS Handler’s diary regarding the increase of DNS polling performed by the infamous Conficker or Dowandup (from 250 different domain names per day to 500 ).
Read it here : April 1st – What Will Really Happen?
Btw Felix Leder, Tillmann Werner of The HoneyNet Project produced one good writeup “Containing Conficker“. I recommend you guys to download that paper and read it. Also read another good writeup of Conficker variants by SRI here.
Also you can now identify possible Conficker infected machines by performing network scanning via NMAP or NESSUS.
For NESSUS the related plugin description :PluginID 36036
How to scan using NMAP can be read from this site : www.skullsecurity.org
For removal instructions and tools, just follow the links provided in special Conficker page at Dshield site.
There you go folks. Sorry it’s lil bit late and yeah I’m lil bit tight right now..
p/s: Btw my friend mel already post an entry regarding Conficker worm at security.org.my
WebGoat: Exploit and Learn…
Mar 19th
Dun know about you guys but during my time (not that long ago lah), the only avenues for me to test my newly acquired skills and tools (most of the time to test the tools and scripts -yeah I used to be a script kiddie ) are servers, websites, routers belong to other people. Ahh forgot to mention that I used to test these tools on other PCs in the CyberCafe as well . In that time also IRC chatrooms can be the testing ground and learning centre as well. Mind you that at that time, VMWare just founded and the first product (VMWare Workstation) only delivered a year later Nowadays you only need a PC/laptop, internet browser (for WIMP users, no worries on this part) and you dun even have to be connected. Thanks to OWASP’s WebGoat Project
Recent Comments