This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

Software Spotlight: Sysinternals RootkitRevealer

So, I'm surprised I didn't know about this little gem of software until today.

Sysinternals has a wonderful piece of software called "RootkitRevealer" which shows "oddities" in the registry and filesystem, indicating a possible hidden rootkit.

Unfortunately, it appears to only support Windows XP/2003.

If anyone knows of similar software which supports Linux/Mac/Vista/7/etc, I'd be very interested to hear about it.  Always looking for new resources for my bag of tricks!

How I cracked the NSA Crypto Challenge in Record Time

The NSA recently released an Android App called the "NSA Crypto Challenge".

Being in the security field, I was very interested in this app.  So of course I decided to give it a try, and see how quickly I could break the codes.  Being ambitious, I decided to jump straight into Advanced mode.  My score? 2 minutes, 43 seconds.


Now for those of you who have played this game on advanced mode, you're probably amazed by the speed which I was able to decode this.  For those who haven't played it yet, let me show you an example puzzle on "Advanced" mode.


London 2012 Olympics Malware and Scam Alert

It's important to note that with the London 2012 Olympics rapidly approaching, computer users should be on the lookout for spam message as well as malicious web search results featuring the London 2012 Olympics.

TrendMicro has already found some scams in the wild advertising supposed "free tickets" to the London 2012 Olympics.

An Olympics-themed trojan has already been spreading through social networks.

AVG has a preview of additional malware threats which may be associated with the London 2012 Olympics, as well as some important tips for avoiding an Olympic-themed malware infection.

It is very important to make sure your friends and family know how to look for suspicious links, messages, or emails regarding the Olympics.

Remember the old saying "If it's too good to be true, it probably isn't true."




Printer Malware - The Next Big Threat?

Does your organization secure their printers?

Many modern multi-function printers have their own mini-servers built in, offering web, ftp, and file share access.


These printers, when not properly secured, can pose just as high a security risk as unsecured, non-isolated SCADA devices.

Related Reading:
Indian businesses also affected as office printers hit globally by 'gibberish' computer virus
SANS: Auditing and Securing Multifunction Devices

QR Code Analyzer - Android for the Paranoid

Sometimes, you find that some apps just aren't enough for the paranoid.  Sometimes available apps in the marketplace just aren't sufficient for a paranoid person to fulfill their security obsession.

One gap I've found is that there appears to be no app out there to analyze QR codes for malware, outside anti-virus software.


In response to this, using MIT App Inventor, I have created an app which uses VirusTotal.com's API in order to submit QR code URLs for scanning.

Note that this app does NOT address possible security flaws with QR codes themselves.  However, it does submit any URL a QR code contains to VirusTotal, and provides a link to the resulting report.

I encourage you to try out this wonderful new app.

The latest version can be downloaded here:

http://code.google.com/p/caffsec-malware-analysis/downloads/list

Source code is also available:
http://code.google.com/p/caffsec-malware-analysis/source/browse/trunk/tools/QRAnalyzer

New Hacktool Found on my Honeypot "nt"


A script kiddy dropped off a new hack tool on my honeypot today.

Today's guest hails from 77.28.151.190 which is in Macedonia, The Former Yugoslav Republic of(MK) in Eastern Europe.



The file dropped off "rdp.tgz" is a Linux hack tool for remotely cracking Windows FTP and NT file shares.

I was somewhat disappointed that the hack tool isn't more complex, however, since it is still a new hack tool which isn't detected by an antivirus software, I figured it was worth mentioning.

I've uploaded a full analysis at:
http://code.google.com/p/caffsec-malware-analysis/source/browse/trunk/nt

Watch my Honeypot LIVE!

I've decided to start streaming my honeypot on UStream.

No set hours for this yet, but it should be interesting when it is live!


Please feel free to check it out over at my UStream Channel.

Also, keep an eye on my Twitter for when I go live!