mnin.org

blog/

humor/

phish/

links/

vulns/

contact/

code/

challenge/

Security Literature

An in-depth, high-tech view from both sides of the phishing playing field

	Hacker Challenge Report (pdf)
	ANI 0-day Analysis (pdf)
	Firepass Security Advisory (pdf)
	eDir Remote Code Exec (pdf)
	ZERT & MS VML Patch (pdf)
	Python To Extract Malware (pdf)
	Torpig VMM/IDT Signatures (pdf)
	Vmware Shellcode Injection (pdf)
	Unpacking FSG (pdf)
	Hacking the Packer (pdf)
	Life and Times of Ddabx (pdf)
	W0rd 0-day Dissassembly
	Anatomy of a Phish IV (pdf)
	PE Local DoS Vuln (pdf)
	Cryptography of SSH2
	Anatomy of a Phish III (pdf)
	Upload Scripts & Toolkits
	Red-Headed Browsers & WMF
	Classic Trimode Exploit
	ISC Malware Quiz 5 (pdf)
	Access Log Analytics 2006
	Assorted Incidentals 2005
	Anatomy of a Phish II (pdf)
	Anatomy of a Phish (pdf)
	Scan of the Month 34
	MS JVMs ByteVerify Trojan
	Awstats Linux Rootkit
	Tri-Mode Browser Exploits
	Namibian TIBS Infection
	Bestfriends and Sdbot Rootkit
	Gwee Exploits Webmail
	XSS, Triple-encoded Exploit
	telnet:// used in IE Exploit
	Investigating CHM Exploits
	Investigating Netwin Malware
	Short Security Discussions
	Short Proof of Concepts
	Stack Buffer Overflows
	Attack Signatures and Analysis
	Threats, Attacks, Defenses
	First Trojan Tracking Journey

Presentations

	Manual Intrusion Detection
	Debugging with CVE-2007-0038

Current Events

Most of my website is security chit-chat, technical suspense, or forensic horror stories. You will find an interesting article or two, should you be looking for that kind of stuff. My (forums) no longer exist, I can't justify leaving such hackable software accessible to the public. If you're into tracking phishers and criminal hackers, some documents known as (Anatomy of a Phish I-IV) are available. You can also keep up with new information and releases via my RSS feed below, or better yet - (my new blog). I like hip hop and music you can't purchase in stores. Jeger bombs are pretty cool and the sun kicks ass. (Mal-aware.org) is a good thing to be. I'm most proud of some links (here).

As for other current events, I'll be attending (RSA in San Francisco), (Immunity training in Miami), (Blackhat and Defcon in Vegas), and (Winter Music Conference in Miami), (Toorcon in San Diego) and probably some others this year, so drop me a line if you want to meet up. My primary realm of research has shifted to binary analysis and creative exploit design. We'll be releasing security advisories on several high impact flaws in (F5 FirePass) a stack overflow vulnerability in (Tumbelweed MailGate), and a quite amusing remote, unauthenticated, cross-platform weakness in (Novell's HTTP protocol stack) very soon, so keep your eye out for those and the corresponding vendor patches.

External

2007	GPCode Evolution and Ransomeware Decryptor (by SSC)
2007	Internet Storm Center on ANI Cursor Vulnerability
2007	CVE-2007-0186, CVE-2007-0187, and CVE-2007-0188
2006	SSC & MNIN Encrypted Malware Case Study
2006	CVE-2006-5478 Stack Overflow in Novell eDirectory iMonitor
2006	Zeroday Emergency Response Team (ZERT)
2006	CVE-2006-4554 Compression Plus and Tumbelweed Overflow
2006	Buffer Overflow Against Novell eDirectory iMonitor
2006	Mal-aware Blog on Anatomy of a Phish Series
2005	Internet Storm Center Diary on Awstats Linux Rootkit
2005	University of Sunderland, U.K. Network Security Curricula
2005	Internet Storm Center Diary on Trimode Browser Attacks
2005	The Honeynet Project Scan of the Month 34 Winners
2005	GIAC Reverse Engineering Malware Analyst 0051
2005	Internet Storm Center Diary on Trojan Tracking
2005	Microsoft's Automated Web Patrol with Strider HoneyMonkeys
2005	Internet Storm Center Diary on Sony DRM Rootkits
2005	Bleeding-Snort Significant Signatures Contributions List
2005	Internet Storm Center Malware Analysis #5 Winner

Internal

I'm in I.T., working to put bread on the table. That's only partly true - anyone who knows me, knows that I don't even have a table (just a long desk). Anyway, I have a Bachelor's degree in Sociology/Psychology, and Master's degree in Forensic Computer Investigation. In April 2006, I made a job change from providing Internet security services for the financial industry to vulnerability research and ethical hacking for an insurance company in Chicago.

I routinely have the pleasure of working with some of the most talented people in our field. Research is an exercise that has the ability to reach out and benefit a large number of people, so this is something that I plan to continue for a while.

Short Articles

Using IDT for VMM Detection

Google Hacking osCommerce

Self-Incriminating Anti-spyware

Cross-Site Scripting Primer

Chaos & Order: ADS Malware

Unpacking The Dumpster

Detecting Promiscuous NIC

Cross-breeding Mytob/Hellbot

Escaping the Dust - Notepad

Introduction To Steganography

Panning For Gold - Grep Wget

The Salami Attack Analogy

Nmap Versus Iptables Battle

Investigate HTTP Based Exploits

Gedza - Incomplete VB Worm

Elementary Virus & Antivirus

Trial By Fire - Tiger Teams

Into To Password Guessing

Fingerprinting the Fingerprint

MSFT Advisory Analysis

Analysis of CVE-2007-0038
Analysis of CVE-2007-0211
Analysis of CVE-2007-0024
Analysis of CVE-2006-5994
Analsyis of CVE-2006-3730

Related URLs

Last Updated: October 06 2007 mnin.org is |00000101| years old.
Site design and layout with umm...a bash shell. Graphic by (Aaron Bieber)
Unless otherwise noted, this work is licensed with (Creative Commons Attribution License).