LebahNET 2.0 – Distributed Honeypot Network

Author:(Nasim/Ramadhan/Hafiz/Shuaib) Introduction Security practitioners develop ways to detect cyber attacks that are of potential risk to Internet users. This is to secure computer system vulnerabilities, provide alerts to the community, as well as to learn on ‘the how to’ of such an attack occurring. One of the ways in detecting such malicious attack, is developing […]

mysql subqueries bug

Setelah projek pkaji, kami cuba menambahkan maklumat/profile untuk setiap serangan RFI. Ketika menulis kod untuk menggali maklumat yang tersimpan dalam database yang mempunyai hubungan many-to-many, didapati mysql mengambil masa yang terlalu panjang. Dari penilitian yang dibuat, sql yang paling luar ketika penggunaan subqueries tidak optimize kerana enjin mysql gagal menggunakan index yang sesuai. Kod yang […]

ruby mysql blob

Recently, one of mycert’s internal project required that PDF files to be saved into the database (MyQL). Since its is not easy to find the sample code via Google,  here’s a quick note for future reference. fContent = File.open(“/path/file”, “wb”).read() db = Mysql.new(‘localhost’, ‘user’, ‘password’, ‘database’) st = db.prepare(“insert into tableA( fieldBlob) values (?)”) st.execute(fContent) […]

pKaji: The PHP Analyzer

pKaji is a free service provided by MyCERT that allows one to analyze  PHP codes.  It facilitates detection of network activities and other potentially malicious activities within the code by using the ‘hooking’ technique. Basically, it uses the APD (Advance PHP Debugger) extension to hook the original PHP built-in function. Using pKaji To use pKaji, […]

Bashing The Wildcard

This is quick note about wildcard usage for the  Linux command line particularly on  how to select/include some files among the others. Let say you have a directory  that contains the following files: $ls mh apache-log.tar.gz.00 apache-log.tar.gz.01 apache-log.tar.gz.02 apache-log.tar.gz.03 apache-log.tar.gz.04 apache-log.tar.gz.05 apache-log.tar.gz.06 apache-log.tar.gz.07 apache-log.tar.gz.08 apache-log.tar.gz.09 apache-log.tar.gz.10 apache-log.tar.gz.11 apache-log.tar.gz.12 apache-log.tar.gz.13 To copy the first 10 files,  […]

Hooking pBot

I’m working on analyzing remote file inclusion (RFI) code. For pBot class which uses  an IRF server as their command and control (C&C) ,  we are interested to get the IP addresses of the C&C,  the channel name and  the nickname used to connect to irc server. Below are sample of output: ok! (host=irc.server_name.net, port=6667, […]

Log Files: Dealing with Inconsistent Field Delimeter

Salam, Log files are big. Processing  it  would be cumbersome especially if the field separator are not so unique. Take a look at contain of file example.log below : “”,6667,”Rembau, NSembilan,Malaysia”,”GET /phpmyadmin “,404 “”,80,”Selangor”,”GET /phpmyadmin/ ,200 “”,9090,”A. Star, Kedah, Malysia”,”GET /phpmyadmin/favicon.ico,404 “”,6667,”Malysia”,”GET /phpmyadmin/print.css,404 “”,993,”A. Star, Kedah, Malysia”,”GET /phpmyadmin/phpmyadmin.css.php?lang=en-utf-8,404 At first sight, anybody would agree to […]