Author Archive for Aleksey Fateev

BackTrack 3: Demos of selected tools

Published
by
Aleksey Fateev
on April 8, 2008
in Operating Systems and Uncategorized
. Comment

BackTrack 3 (2007-12-14) is a penetration testing live Linux distribution. It is packed with plethora of tools organized by categories.

Bt_menu

With this large amount of utilities, it is sometimes hard to pick the correct one for the job. At Shmoocon 2008, a BackTrack representative gave a talk which was good, but focused on exploiting a Windows binary using Olly, not on showing off the features of the distribution. So I took it upon myself to click on every single link and find the awesome and the less awesome tools among the bunch. Note that the work that I did was for a presentation. There are videos which are self-explanatory but at times need commentary. I will provide some explanation in writing.

Continue reading ‘BackTrack 3: Demos of selected tools’

Reverse Engineering a PHP “Virus”

Published
by
Aleksey Fateev
on February 23, 2008
in Code, Forensics, Reverse Engineering, Targeted Attacks and Web
. Comments

In a recent incident a school server (not an ISIS server) was compromised. PHP code was injected that listened to and executed commands passed through a POST request with ‘www’ user privileges. Some of the commands that were run include id, pwd as well as directory searches and wgets of various files. The compromised machine also served as a hop in a pharmacy ad delivery scheme. It redirected HTTP requests for medications to a possible ‘mothership’ server. There is evidence that links to our server were posted as ads on websites like MySpace.

sample_ads

Continue reading ‘Reverse Engineering a PHP “Virus”’