Hosted by Darren Kitchen and Shannon Morse. New episodes Tuesdays.
Put together by a band of IT ninjas, security professionals and hardcore gamers, Hak5 isn't your typical tech show. We take on hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the homebrew scene. Then we wrap it all up with a... Read More
Following up with last week's desktop sandboxing challenge Darren's taking a look at another kind of sandbox -- one for malware analysis. Shannon thinks your VNC and SSH servers are pretty spiffy, but how about controlling your computer over twitter? Free text messaging to your PC anyone?
CWSandbox is an automated malware analysis sandbox. It works by running suspected malware samples in a simulated Windows OS. So as opposed to trying to break into the malware code to see what it does, we simply run it in a live environment. That way we can monitor all the network traffic that the malware generates. All of the processes that are created, the DLLs that are loaded, any changes to the Windows registry and even what itís doing to the file system.
This is achieved by using a technique called API hooking. That basically means that when the malware calls the Windows application programmersí interface to say something like "connect to this IP address" or "modify this file" itís actually going to CWSandboxís monitoring software, which logs the action and goes ahead and makes the change.
Itís kind of like an operating system man-in-the-middle. For malware. So once a suspected malware sample is run through the tool you get a computer generated report of what the executable is actually doing. And this can be fed into anti-virus and intrusion detection systems to monitor for similar behavior.
While there is no denying the power of running your own SSH, VNC server at home for remote access, wouldnít it be nice if you could simply text message your computer something simple like "Hey, whatís your external IP address" or "Send me a screenshot" or "Go download this file"
And if Robin Wood has taught us anything with KreiosC2 ñ commanding your computer, or even a large botnet for that matter, over social networks is quite possible.
But now itís time for something a lot more user friendly. This week Snubs investigates TweetMyPC
9 days ago
Employers want social media passwords, US gets a #CPO, and #TheOnion! All that and more this time on #ThreatWire! http://t.co/SrZpicvnt6
12 days ago
#Installing #Solar panels, #Google #Chrome #extensions, and more on @Hak5! http://t.co/QppYLgZpi5
12 days ago
Legalizing #Internet eavesdropping, #LivingSocial is #hacked, and more on this weeks #ThreatWire! http://t.co/xyIxzy8kes
12 days ago
@thescribe I didn't! They were disabled and enabled throughout the segment. Each one has a different icon. - @Snubs
12 days ago
@myraitnetwork thank you!
27 days ago
#PGP #Encrypt your email, back up your #Gmail Account with #Ubuntu, text #messaging your #WiFi #Pineapple On #Hak5! http://t.co/KSZeO4GEPU
