mysql subqueries bug

Setelah projek pkaji, kami cuba menambahkan maklumat/profile untuk setiap serangan RFI. Ketika menulis kod untuk menggali maklumat yang tersimpan dalam database yang mempunyai hubungan many-to-many, didapati mysql mengambil masa yang terlalu panjang. Dari penilitian yang dibuat, sql yang paling luar ketika penggunaan subqueries tidak optimize kerana enjin mysql gagal menggunakan index yang sesuai. Kod yang […]

ruby mysql blob

Recently, one of mycert’s internal project required that PDF files to be saved into the database (MyQL). Since its is not easy to find the sample code via Google,  here’s a quick note for future reference.

Another thing is that the max file size for blob is 64k. To store more than that, one […]

pKaji: The PHP Analyzer

pKaji is a free service provided by MyCERT that allows one to analyze  PHP codes.  It facilitates detection of network activities and other potentially malicious activities within the code by using the ‘hooking’ technique. Basically, it uses the APD (Advance PHP Debugger) extension to hook the original PHP built-in function. Using pKaji To use pKaji, […]

Bashing The Wildcard

This is quick note about wildcard usage for the  Linux command line particularly on  how to select/include some files among the others. Let say you have a directory  that contains the following files: $ls mh apache-log.tar.gz.00 apache-log.tar.gz.01 apache-log.tar.gz.02 apache-log.tar.gz.03 apache-log.tar.gz.04 apache-log.tar.gz.05 apache-log.tar.gz.06 apache-log.tar.gz.07 apache-log.tar.gz.08 apache-log.tar.gz.09 apache-log.tar.gz.10 apache-log.tar.gz.11 apache-log.tar.gz.12 apache-log.tar.gz.13 To copy the first 10 files,  […]

Hooking pBot

I’m working on analyzing remote file inclusion (RFI) code. For pBot class which uses  an IRF server as their command and control (C&C) ,  we are interested to get the IP addresses of the C&C,  the channel name and  the nickname used to connect to irc server. Below are sample of output:

Log Files: Dealing with Inconsistent Field Delimeter

Salam, Log files are big. Processing  it  would be cumbersome especially if the field separator are not so unique. Take a look at contain of file example.log below :

At first sight, anybody would agree to use ‘ as field separator. But hey, the third field contain that same character. If we insist to […]