hakin9_04_2007(1).pdf

~ t q w ~

~ t q w ~

~ t q w ~

hakin9

Searching for hacking...

In brief

When you type hacking into the Google browser there are

about 36,100,000 results. You will have to spend quite a

while, though, to ind a neat, practical article or tutorial on

hacking techniques. There are not many sources that con-

tain technical articles with useful guidelines for IT Security

Specialists that presents methods for securing and breaking

computer systems and related security tools.

We highly recommend hakin9 magazine in your quest for

the above information.

However, do not resign from checking a few of the

36,100,000 search results. Some are really useful and/or

amusing.

There was one very interesting website that helps us to

become good hackers.

The author compares hackers with being a success-

ful athlete that gets motivation from working on their body

strength and shape and trying to break their own physical

limits. We get to know that to be a hacker we need to get a

basic thrill from solving problems, sharpening our skills, and

exercising our brains. If we are not the kind of person that

feels this way naturally, we will need to change to make it as

a hacker.

Otherwise we can ind that our hacking energy is

wasted by distractions like sex, money, and social approval.

Beware!!! Stop reading this author's note and move to some

practical hacking pages of this magazine.

Another "hacking" result I liked was a guide to becoming

a real hacker, written by a young and ambitious man. He

teaches us what we should do to dare call ourselves hack-

ers. The most important thing is not to hack any programs

or sites while we are at school or at work. Also, we shall

neither boast about being a hacker nor should we show to

our computer class teacher or colleagues that we are good

in computing.

Knowing all that, it is time to get to know what you can

ind in this issue of hakin9 bi-monthly.

We present an article on hacking Microsoft .Net Frame-

work (Microsoft's managed code programming model).

This magazine also contains text on defending Oracle (as

a continuation of a Hacking Oracle article from the previous

edition) and an interesting writing on User tracking. Turn the

pages to see what other articles we have prepared.

Take a look at page 10 to learn what applications (exclu-

sive versions that cannot be found on the Internet) that you

will ind on hakin9 CD.

When a bit tired of the practical texts, see an interview

with Mr Caleb Sima or a consumers test to ind out more on

routing for a home broadband connection.

We hope you will enjoy this issue of hakin9 magazine.

Section hosted by Zinho & www.hackerscenter.com team

Selection of news from the world of IT security

CD Contents

Magdalena Błaszczyk

What's new in the latest hakin9.live – BackTrack2 ver-

sion and what must-have applications you will ind .

Tools

Security Stronghold Active Shield 4 14

Eric S. Mueller

Author describes Security Stronghold Active Shield

4 that is a tool for protecting your computer against

adware and spyware, and other malware.

VIP Anonymizer

Chakravarthy S Devarakonda

The author presents a tool VIP Anonymity that pre-

vents everyone from knowing your IP address.

Basics

UserTracking2: Whodunit? 16

Fred Leelang

This article gives you as an administrator the possi-

bility to answer that question from Law Enforcement

when it comes 'Who is responsible for this action at

this time, from this IP address?

Suspicious registry key 22

David Maciejak

The article presents malware behavior detection that

can be automatically done by a vulnerability assess-

ment scanner that supports local testing script such

as Nessus.

Attack

Malware within the .NET-framework 34

Paul Sebastian Ziegler

This article will show you the possibilities .NET opens

up for a hacker by guiding you through the develop-

ment of a proof-of-concept worm.

Magdalena Błaszczyk

magdalena.blaszczyk@hakin9.org

Auditing and Fuzzing ActiveX 42

Jaime Blasco

This article is focus on ActiveX control, this kind of

controls can be automatically executed by a Web

browser and enables to embed interactive elements

in HTML documents.

hakin9 4/2007

www.hakin9.org/en

~ t q w ~

Hard Core IT Security Magazine

Demystifying Windows

PE Caveats

Editor in Chief: Ewa Dudzic ewa.dudzic@software.com.pl

Executive Editor: Magdalena Błaszczyk magdalena.blaszczyk@hakin9.org

Editorial Advisory Board: Matt Jonkman, Shyaam Sundhar,

Clement Dupuis, Jay Ranade, Terron Williams, Steve Lape

DTP Director: Artur Wieczorek artur.wieczorek@software.com.pl

Prepress technician: Marcin Pieśniewski

marcin.piesniewski@software.com.pl

Art Director: Agnieszka Marchocka

agnieszka.marchocka@software.com.pl

CD: Rafał Kwaśny

Proofreaders: Kelley Dawson, Steve Lape, Neil „Pyro” Smith

Top betatesters: Wendel Guglielmetti Henrique, Justin Seitz,

Brandon Dixon, Chris Gragsone, Dwight Middlebrook, Matthew Sabin

Aditya K Sood

The article comprise of analytical methods that are

required to reverse engineer a Windows PE executable.

This intrinsic model follows the top to bottom approach.

Defence

President: Monika Nowicka monika.nowicka@software.com.pl

Senior Consultant/Publisher: Paweł Marciniak pawel@software.com.pl

Production Director: Marta Kurpiewska

marta.kurpiewska@software.com.pl

Marketing Director: Ewa Dudzic ewa.dudzic@software.com.pl

Subscription: subscription@software.com.pl

Defending the Oracle Database

with Advanced Security Features 56

Mikoláš Panský

The article provides general information on Oracle,

teaches a basic hacking Oracle method and basic

Oracle defense techniques.

Publisher: Software Media LLC

(on Software Publishing House licence www.software.com.pl/en )

1461 A First Avenue, # 360

New York, NY 10021-2209, USA

Tel: 001917 338 3631

www.hakin9.org/en

The Bleeding Edge

Episode 5

Software LLC is looking for partners from all over the World. If you are

interested in cooperating with us,

please contact us by e-mail: cooperation@software.com.pl

Matt Jonkman

News from the Bleeding Edge Threat. You wanna rant?

Print: 101 Studio, Firma Tęgi

Printed in Poland

Consumers Test

Distributed in the USA by: Source Interlink Fulfillment Division, 27500

Riverview Centre Boulevard, Suite 400, Bonita Springs, FL 34134

Tel: 239-949-4450.

Choosing a Router for

Home Broadband Connection 68

Distributed in Australia by: Europress Distributors Pty Ltd, 3/123

McEvoy St Alexandria NSW Australia 2015, Ph: +61 2 9698 4922,

Fax: +61 2 96987675

RouterTech.org Support Team Member, hakin9 team

Consumers tests on routers. Our goal is to help the

readers to make a right choice when buying, choos-

ing a router.

Whilst every effort has been made to ensure the high quality of the magazine, the

editors make no warranty, express or implied, concerning the results of content usage.

All trade marks presented in the magazine were used only for informative purposes.

All rights to trade marks presented in the magazine are reserved by the companies

which own them.

Interview with Mr Caleb Sima 76

hakin9 team

Mr Caleb Sima point of view on his career in the IT

security ield.

To create graphs and diagrams we used program by

company.

CDs included to the magazine were tested with AntiVirenKit by G DATA

Software Sp. z o.o

Self Exposure

by Mr Steven Bellovin

The editors use automatic DTP system

hakin9 team

Mr Steven Bellovin tells hakin9 readers about his IT

security career, passion and relections.

ATTENTION!

Selling current or past issues of this magazine for prices that are different than

printed on the cover is – without permission of the publisher – harmful activity

and will result in judicial liability.

Product Review

Dekart Secure Identity Storage 80

hakin9 is also available in: Spain, Argentina, Portugal, France, Morocco,

Belgium, Luxembourg, Canada, Germany, Austria, Switzerland, Poland,

Czech, Slovakia

Robert Zadrożny

Dekart's Secure Identity Storage is a software solu-

tion in a PIN-protected lash drive that will put an end

to the security risks you are exposed to every day.

The hakin9 magazine is published in 7 language versions:

EN PL ES CZ

IT FR DE

Upcoming

DISCLAIMER!

The techniques described in our articles may only be used in private,

local networks. The editors hold no responsibility for misuse of the

presented techniques or consequent data loss.

Magdalena Błaszczyk

Here we present the subjects that will be brought up

in the upcoming hakin9.

www.hakin9.org/en

hakin9 Nr 2/2006

~ t q w ~

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: