Bing Vs Google

Nampaknya, google mungkin akan ada pesaing baru bernama Bing.. Bing adalah product baru dari microsoft yg akan dilancarkan 3 Jun ni.. Tak berani nak komen banyak2 psal product microsoft ni, kang bahaye.. tp ikut rekod lame, Blue Screen of Death (BSOD), Red Ring of Death (RROD), adakah akan wujud juga istilah baru dalam produk ni? kite tunggu dan lihat..hehe

Berbanding google yg menggunakan "advertising-based search model" yg mane menghasilkan item yg paling popular mengikut query, Bing ni menggunakan ‘decision engine’ yg katenye bukan maen ikut popular je, die akan serahkan kat user untuk buat keputusan.. camtulah bunyinye..

“We are introducing a new level of organisation to search results, and our differentiator will be the best results for query,” Satya Nadella, senior vice- president (R&D , online services division) Microsoft.

Menurut diorg, sebagai contoh.. kalau kite search British Airways, Bing akan kuarkan nombor talipon service centre, harga tiket dan maklumat2 lain (walaupun kite just nak cari wikipedia..)

die kate.. “Google is great, but I think you still have to run multiple search queries to get that right answer. If Bing can change that, I will surely shift my search engine,”

[Paper] Know Your Enemy: Containing Conficker

Download

By Felix Leder, Tillmann Werner

Paper ni mmg best utk memahami cara conficker infecting, tersebar dan cara mengesan n mengatasinya.

Gimmiv.A analysis~example010

Sorry for any mistake in this simple analysis.

Download

system call table

Windows: http://www.metasploit.com/users/opcode/syscalls.html
Linux : http://example010.googlepages.com/unistd_32.h

Waledac analysis references

http://www.honeynet.org/node/325
http://www.honeynet.org/node/348
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081231
http://www.nnl-labs.com/cblog/index.php?/archives/7-Waledacs-Communcation-Protocol.html

"..You gotta love humans. When everything sticks to the scripts, they can put on a great ack, But as soon as something unexpected happens, they react completely true to their nature.."

Interesting Conficker Analysis - Sourcefire VRT

Link

Credit: Sourcefire VRT

how shellcode works.

http://example010.googlepages.com/how_shellcode_work.txt

thanks to SEVIC3

Public key problem when update - Ubuntu

gpg --keyserver keyserver.ubuntu.com --recv-keys $KEY

then

gpg --export --armor $KEY | sudo apt-key add -

$KEY = key value we have missed.

hex to unicode shellcode converter

How to use:

python ushellcode.py hex-file output-file

Download:ushellcode.py.tar.gz

Windows tu yahudi punye??

http://www.stormfront.org/forum/showthread.php?t=557249

Upgrade to OpenOffice 3.0

1. Go to System -> Administration -> Software Sources...
2. Open "Third-Party Software" tab, and click add
3. Paste this: deb http://ppa.launchpad.net/openoffice-pkgs/ubuntu intrepid main
4. Download this: key
5. Open "Authentication" tab and import the downloaded file.
6. Close the Software Source and click reload.

Conficker Downup analysis

Episode 1
Episode 2
Episode 3

Python: Simple URL extractor

def url_finder(data):

all =re.findall("http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+",data)

for i in all:
outpt = i.strip('"').strip("'") + "\n"
print outpt


inpt = "aaaaaaaaaaaaaa http://www.google.com bbbbbbbbb http://example010.blogspot.com ccccccccc http://google.com dddd http://a.b/a/a/a/index.html"

url_finder(inpt)

This code will simply find url using regular expression and output it.

Python: UCS2 to hex converter

When analyzing javascript that contain shellcode, I really need a UCS2 to Hex converter before running the shellcode via libemu's sctest because the shellcode are in UCS2 format when directly convert the hex into ascii, it means nothing, for example:

UCS2 : %u3341

if i remove the %u and directly convert the 3341 to ascii, it will produce 3A in ascii. But this may bring a false meaning if we run the shellcode. Because the real hex is 4133. So, before we convert the ucs2 into hex, we need to remove the %u and swap the 33 and 41. To make our life easier, we a have python code that automate our job:


def ucs2hex(self, match):
s = match.group()
return "".join([s[4]+s[5],s[2]+s[3]]) # swap the 4th and 5th char with 2nd and 3rd char

def find_word(self,data):
p = re.compile(r'\%u(\w{4})') #regular expression to search for %u and 4 char after it
return p.sub(self.ucs2hex, data)

ucs2_string = "%u3341"
hex_string = self.find_word(ucs2_string)

print hex_string

this code will simply sear the string for %u and 4 chars after it, swap the char no 4 and 5 with char no 2 and 3.