In Part 1, Intro to Reverse Engineering - No Assembly Required, we extended the series of coding articles for non-programmers with an area of high interest in the infosec community. We're proud to be able to bring you the highly anticipated follow-up complete with screen shots, sample code and applications. This one is long and detailed, so strap yourselves in for some great educational content.

This paper is designed to outline some essential reverse engineering concepts, tools and techniques - primarily, debuggers and using the debugging process to reverse engineer application functions and algorithms. It is assumed you have knowledge of basic assembly and C programming. An understanding of Win32 programming and API calls is also helpful. This tutorial does not necessarily have to be read in order (although it is strongly advised), as some sections do not contain information that directly relates to subsequent sections. However, if you begin skipping around and find that you have trouble understanding a concept, or feel like you missed an explanation, it would be best to go back to previous sections of the tutorial and read them first.  

del.icio.us

Discuss in Forums (11)

This is the first part of a series of articles chronicling my ChicagoCon experience. I use these words specifically, because this is meant to give you a view of ChicagoCon from my perspective. So I will readily admit that it is a biased opinion. But I also wanted to give you a look into some of the ideas behind how we came to make the decisions we did and also a behind the scenes look into running a complex event.

ChicagoCon 2007 is a unique event with its focus clearly on the students, their education and career development. We obviously want them to gain knowledge while going through the classes, but we also want them to see a wider view. With that in mind, we intentionally crammed some extracurriculars into the event like morning keynotes, evening presentations and hacking contests. This way, you can take what you learn in class, get industry insights from the speakers, compare that to what your other classmates are doing in the real world and eventually go back to your place of work with practical ideas that can be truly implemented. It's a lofty goal, but worthy of effort.

del.icio.us

Discuss in Forums (1)

The best offense is a good defense.  This is a very famous phrase most often attributed to football, but it can be applied to many areas of life especially information security.  Diligent patching is a must, but even when done religiously (in conjunction with faithful anti-virus updates), vulnerabilities still exist.  There has never been more of a need for an Intrusion Detection System (IDS) than right now.  Attackers are more skilled and the tools they use more elaborate. We simply can't be everywhere at once and need IDS to be the eyes in the back of our head.

del.icio.us

Discuss in Forums (4)

Last time we went over the C programming language in an introductory article specifically focusing on getting the security professional on the road to coding (or at least the road to understanding). This time around we extend the series of coding articles for non-programmers with an area of high interest in the infosec community, reverse engineering.

This paper is intended as an introduction to reverse engineering for someone who has no experience whatsoever on the subject. You should have some basic knowledge of C programming, and access to a Windows or Linux box (preferably both) using the x86 architecture (i.e., your average computer). No knowledge of assembly code, registers, or the like is assumed, although it helps. The "Introduction" section of the paper is intended for the newcomer who has little or no understanding of what reverse engineering is and may be skipped by those looking for more technical details.

del.icio.us

Discuss in Forums (14)

*Challenge Extended to Nov 19, 2007!*

No one got the challenge 100% correct, and only 1 person found the hidden message.
So let's keep it going... I know you all can do this one!!

Woohoo! I'm delighted to announce that we have a brand-new ethical hacker challenge for you. This one was written by Kevin Bong, or as I like to call him "K-Bo", who was the creative winner of the Charlotte's Web Site challenge earlier this year. K-Bo always does great work, and this Simpsons-themed challenge is awesome, from its self-deprecating title to its format. It's called, "Worst. Ethical. Hacker. Challenge. Ever." How's that for managing expectations, setting the bar pretty low? It features Jeff "Comic Book Guy" Albertson from the Simpsons. One of the things I love about having my friends write these challenges is that each brings a different style to the endeavor, from Tom Liston's Netcat rhyming to Mike Poor's Kill Bill martial arts references to Matt Carpenter's Serenity malware analysis skills. Each has taken the basic idea of these challenges and expanded it in their own quirky way. This month, K-Bo doesn't disappoint, with this very whacked view of Comic Book Guy getting hacked, all written in comic book format. Sheer genius! Do'h!

Remember, as always, we’ll award three prizes: One for the best technical answer, one for the most creative answer that is technically correct, and one awarded to a winner chosen randomly. Thus, if you can’t answer all of the questions, still send something in to qualify for the random winner. This month’s prize is my book, Malware: Fighting Malicious Code, which I authored with Lenny Zeltser.

--Ed Skoudis, Intelguardians
Author, Counter Hack Reloaded

del.icio.us Slashdot It!

Discuss in Forums (7)

Presented by the Ethical Hacker Network, ChicagoCon combines a professional security conference, certification training and a hacker con into a single, unique event from September 17 - 23, 2007.

Westchester, IL (PRWEB) July 23, 2007 -- Presented by the Ethical Hacker Network (EH-Net) and its parent company, The Digital Construction Company (TDCC), ChicagoCon is poised to become the premier security event in the industry by bringing together the biggest names in education and certification under one roof for a week of security training like no other. With boot-camp style, hands-on classroom training, ChicagoCon will host 11 courses featuring a cross-section of the security landscape. From the novice, to the ultimate techie to those reaching for the CISO chair... everyone interested in a career in security will find something at ChicagoCon, your one-stop shop for security training and certification.

The city of broad shoulders was once the king of the hill when it came to technology conferences. Even before the death of COMDEX, the show had abandoned our city. Many others have left for warmer climates and more supportive communities. Since that time, security has taken the IT world by storm and rightfully so. Chicago has a great community of security professionals, and it's time for that community to come together to bring high caliber events back to the Windy City.

del.icio.us

Discuss in Forums (1)

del.icio.us

Discuss in Forums (13)

Editor's Note: We're proud to be able to bring you the first article in this great, new column from Craig Heffner. This column is aimed squarely at those in the InfoSec field who are tired of hearing that you truly can't be a security professional without knowing how to code.

Why even learn to program at all?

Not everyone will have a need to learn programming. I'm sure there are many people who are quite accomplished in the field of computer security and have never written a program. Personally, I constantly find myself modifying programs to add or change their functionality, or just writing my own. And needless to say, if you are going to be doing any type of exploit discovery, you will need some programming knowledge.

Without raising the "to code or not to code" argument, here is the way I look at it: hacking is about controlling a computer and making it do what you want - often when it is not designed to do so. A computer by itself is nothing but a bunch of silicon, wires, and metal. Software controls the computer, and, if you can control software, well...there ya go. :)

Learn BackTrack Inside & Out
Directly from Mati at ChicagoCon 2008s

The Ethical Hacker Network (EH-Net) proudly releases the only Official Version of BackTrack 2 that not only adds Metasploit 3 to the toolset but is also packaged as a VMware Virtual Appliance. Here are just a few of the features added by the projects lead developer, Mati Aharoni, specifically for the EH-Net Community:

• Metasploit updated to latest svn, all dependencies upgraded
• Added fabs patches for msfgui
• Aircrack-ng updated to 1.0 svn, all dependencies upgraded
• Tcpdump patched (security fix)
• Firefox updated to latest
• Firefox links, favorites and home page
• A few more lib fixes for old nasties in BT2 final

del.icio.us Slashdot It!

Discuss in Forums (30)

For those of you who are not familiar with BackTrack, here's a brief description directly from the project's web site, http://www.remote-exploit.org/:

BackTrack is the result of merging the two innovative penetration testing live linux distributions Auditor and Whax. Backtrack provides a thorough pentesting environment which is bootable via CD, USB or the network (PXE). The tools are arranged in an intuitive manner, and cover most of the attack vectors. Complex environments are simplified, such as automatic Kismet configuration, one click Snort setup, precompiled Metasploit lorcon modules, etc. BackTrack has been dubbed the #1 Security Live CD by Insecure.org, and #32 overall.