Friday, June 18, 2010

Friday Link Trifecta

Here are some cool things I ran into this week.

koto's Ultimate String override
koto gave a presentation to a polish owasp meeting describing how to detect and evade jsunpack. He also presents some ways to fix those evasions in Ultimate toString override. Great work!

Paul Makowski's Blog
In this post, Paul uses his hacked sshd (it logs attempted usernames and passwords) in order to track down the tools used against his server. I was investigating some similar tools, so it was great to see this. One of the interesting tools Paul found was a Mac OSX IRC bot. They all seem to have some connection to "trance". I even found some new files "trance.pdf", which isn't really a PDF if you were wondering :)

SWF Disassembler Plug-in for IDA Pro [PDF]
This looks like a great plugin for IDA. If you want to try it with some live samples from jsunpack, monitor this rss feed.