j-j.co.za
Sharing thoughts and ideas on business, security and photographyThe lurking dangers hidden in .PDF’s
Posted on June 13, 2010A couple of days ago there was some noise around some nasty payloads being delivered through .PDF’s. So just in-case you thought that opening a PDF file was safe, take a read of the blog post that Z0nbi put together on the actions of a spam PDF that he received :
” Today I was trawling through my Gmail spam folder like a good little mail monkey when I came across a rather strange bit of spam. Usually you just get rubbish about making your manhood the size of a small country or the latest twitter/gmail support/facebook AV malware. Most of the time I just ignore the messages due to them being very boring and not really worth a coffee and a few hours in Terminal…Today’s message was a little different. It was a very simple email with the subject line “New Resume” and one line in the body of the email saying “Please review my CV, Thank You!“. So, seeing as I have NO idea who the sender was and that there are no issues with the PDF format that I know of, I saved the PDF document to my desktop as I had a virtual machine I just knew the PDF would love immediately. ”
Read the rest of his great post here
ISG (Whitehat) Durban June meeting : Information Warfare
Posted on June 13, 2010The details for the next ISG Durban (White Hat) meeting :
Title: Information Warfare
Speaker: Brett van Niekerk
Date: 17 June 2010
Time: 18:30
Venue: Elephant Room, M Block, UKZN Westville Campus
If you have any problems or need help getting to the venue, email ralfepoisson@gmail.com or drop me a mail and I will provide you with whatever details you need.
To get to the Elephant Room, first follow the map to get to M block, then go through the door to the right, in front of you there will be the access the LANs (light blue turnstiles and a door), the door will be open, go through and listen for the voices 
Reminder : ISACA KZN Chapter meeting 17th June
Posted on June 13, 2010Region: Durban, KZN
Date: 17 June 2010
Time: 2:30pm for 3pm
Topic : Compliance Services (Financial Risk Management) will be presenting: “Privacy – Protection of Personal Information”
Importing NMAP .xml output into MS Access part 2
Posted on June 13, 2010As in the previous post, our initial NMAP scan produced an XML file over 600mb in size. To finish the scans we split the remaining ip ranges into more manageable chunks and ended up with another 20+ xml files of around 50mb each.
Running all of these through Exult XML to get a single consolidated access database was a bit problematic. The tool didn’t have the functionality to add additional scans to our original database, so all of the XML files had to be selected together and run through the tool to produce a single database. The conversion ran for 24hrs without completing so we had to come up with a better plan. Initially we considered running the conversion on a more powerful machine with much faster disk, but when trying to install the tool discovered the license key wouldn’t work. It used some (undisclosed) technique to ensure single install only. An email off to the developers and they sent us a new key (about 6 hours later – thanks to time differences, not any delay on their part). In the meantime plan B was in place.
Looking through the raw XML files I saw that the vast majority of the IP’s were non responsive and those few lines indicating this were taking up an awful lot of space when looked at collectively. A quick search and replace to remove these lines and the XML files were reduced to about 1/20th of their original size. With the new reduced file sizes Exult happily produced our Access database in less than half an hour and we were ready to continue with the exercise. The old sayings about better planning and new strategies certainly applied here.
Using access we were then able to produce great summary reports to pull out details on top active ports, numbers of machines in each class, active IP ranges etc etc. Next step choose our samples for more detailed scanning.
What people say
Close block