SecurityRatty: tag: dll

Zango's in your Face(book)

2008-01-03 21:23:00 by Russ McRee in HolisticInfoSec.org

...dll)=762c0000 762ec91d RegOpenKeyExA (HKLMSoftwareMicrosoftCryptographyOID 77ddecaf RegOpenKeyExA (SOFTWAREMicrosoftCryptographyProvidersType 001 77dded3f RegOpenKeyExA (HKLMSOFTWAREMicrosoftCryptographyDefaultsProvider TypesType 001 77ddee3b RegOpenKeyExA (HKLMSOFTWAREMicrosoftCryptographyDefaultsProviderMicrosoft Strong Cryptographic...

Tags: 41996b regopenkeyexa, hkey local, hkey local machinesoftware, zango, software installation programs, software, software installation, user knowingly installs, analysis

Storm-Bot stripshow analysis

2007-12-23 22:06:00 by Russ McRee in HolisticInfoSec.org

...dll)=71a50000 71a5716a LoadLibraryA(C:WINDOWSsystem32mswsock.dll)=71a50000 71aa14eb GlobalAlloc 40da1b bind(8c, port=26790 77e7ac53 CreateRemoteThread(h=ffffffff, start=404b05 40da1b bind(b8, port=7018 40d9c7 listen(h=b8 40a262 WaitForSingleObject(d4,2710 Nice, do a little time sync, allow ourselves through the firewall, then bind, listen,...

Tags: 40d9f1 connect, w32tm config syncfromflags, config, time, quick time check, w32tm config, exe, src78, dst192

STRIDE chart

2007-09-11 23:18:00 by sdl in The Security Development Lifecycle

...dll.dll Integrity T ampering Modifying data or code Modifying a DLL on disk or DVD, or a packet as it traverses the LAN Non-repudiation R epudiation Claiming to have not performed an action I didnt send that email, I didnt modify that file, I certainly didnt visit that web site, dear Confidentiality I nformation Disclosure Exposing...

Tags: threat, stride, windows, windows source code, web site, stride mitigations, code, user, remote internet user

Training People on Threat Modeling

2008-03-14 23:11:12 by sdl in The Security Development Lifecycle

...dll.dll T ampering Integrity Modifying data or code Modifying a DLL on disk or DVD, or a packet as it traverses the LAN R epudiation Non-repudiation Claiming to have not performed an action I didnt send that email, I didnt modify that file, I certainly didnt visit that web site, dear I nformation Disclosure Confidentiality Exposing...

Tags: web site, site, threat, windows, windows source code, code, people, degrade service, non-repudiation

The Commoditization of Anti Debugging Features in RATs

2008-09-03 07:46:00 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...DLL Injection, The DLL is Never Written to Disk Decent Strong Traffic Encryption Try to Unhook UserMode APIs No Plugins/3rd Party Applications 4 Startup Methods (Shell, Policies, ActiveX, UserInIt Set Maximum Connections Built In File Binder Multi Threaded Transfers Anti Debugging (Anti VMware, Anti Sandboxie, Anti Norman Sandbox, Anti...

Tags: anti, anti vmware, anti norman sandbox, common malware tools, malware, anti virtualpc, malware coders, anti anubis sandbox, malware modulators

WireShark...Adware? (...Not!)

2007-02-16 13:53:21 by Editor in Endpoint Security: Translating Policy Into Reality

After verifying WinPcap & dependent .dll's in question the first time I ran across the error (and subsequently verifying that they were good-to-go), I just told them not to worry about it...just another False Positive from McAfee

Tags: false positive, dependent, time, question, subsequently, winpcap, dll, error, mcafee

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle

...DLLs provided by another company. The SDL refers to these as "giblets," a term coined by Steve Lipner, a Senior Director at Microsoft and my co-author on " The Security Development Lifecycle ." Giblets are of real concern because they are pieces of code that are used by your product but that you did not produce, and hence have little, if any...

Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle

...DLL redirection; in-memory start-stop-rewind, etc Implementing the appropriate delivery mechanism and conducting the test Stage 4: Monitoring of application under test for signs of failure What should we look for What do we do when we see it Stage 5: Triaging Results How can we classify and analyze issues found Stage 6: Identify root cause,...

Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions

Grayware?

2007-03-07 07:11:45 by RaviC in Musings on Information Security

...DLL files that are often installed as part of a software application to allow the program to control the behavior of Internet Explorer. Not all BHOs are malicious, but the potential exists to track surfing habits and gather other information stored on the host Toolbar: Toolbar grayware applications are installed to modify the computer's...

Tags: grayware, dangerous grayware applications, joke, joke grayware, p2p grayware, toolbar grayware applications, bho grayware applications, applications, toolbar

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo