Cyber Security, IT Security, Cyber Defence

MS Office Open XML formats security (docx, xslx, pptx, ...)

This article describes the Microsoft Office Open XML file formats (docx, xlsx, pptx), related security issues and useful resources. [WORK IN PROGRESS]

Using ExeFilter against PDF exploits and zero-days such as CVE-2009-4324

This short article shows how ExeFilter can be used to disable JavaScript in PDF files, which is effective against many Adobe Reader exploits discovered in 2009, including the recent zero-day CVE-2009-4324.

OVALdi - an open-source local vulnerability assessment scanner

OVALdi, also named the OVAL Interpreter, is an open-source tool developed by MITRE to demonstrate how the OVAL language may be used to scan a computer for vulnerabilities. This article provides a few hints about how to use this tool.

SSTIC08 - Dynamic Malware Analysis for Dummies

This article (written in French) was presented at the SSTIC symposium on the 6th June 2008.

It describes several methods to perform malware analysis, especially on Windows platforms. It focuses in detail on dynamic analysis, also called runtime analysis or sandboxing. Dynamic malware analysis consists in running malicious code on a dedicated system, configured to record all its actions to determine its behaviour. It is then possible to quickly determine the nature of the malware and decide how to respond to an incident. The article also shows how to build a simple dynamic malware analysis lab at low cost, provides details about the methodology and suggests how to go further.

How to create X509 certificates for testing

This page provides a few methods to create X509 certificates for testing purposes.

OpenOffice / OpenDocument and MS Office 2007 / Open XML security

Article and presentation about security issues in OpenDocument and Open XML formats (OpenOffice and MS Office 2007) - published in the Journal of Computer Virology in Oct 2007 and presented at the PacSec 2006 conference.

BlindFTP - one-way file transfer for a network data diode

BlindFTP is a simple and portable tool for file transfers through unidirectional network connections (without acknowledge), for instance an optical network diode.

pyClamd - use ClamAV antivirus from Python

pyClamd is a portable Python module to use the ClamAV antivirus engine on Windows, Linux, MacOSX and other platforms. It requires a running instance of the clamd daemon. pyClamd is more portable than pyClamAV because it does not need to be compiled, so it works on Windows.

This is a slightly improved version of pyClamd v0.1.1 originally created by Alexandre Norman and published on his website:

XML Canonicalization (C14N) in Python using lxml

XML Canonicalization (C14N) is useful in some cases such as digital signature.
lxml provides a very easy way to do it in Python. However, the current version lxml 2.1 does not give access to all C14N parameters. Here is a simple patch to improve its C14N support.

Using XML-DSig and OpenSSL in Python

Using XML-DSig (XML Digital Signature) and OpenSSL from Python scripts is not straightforward, but there are solutions. Here are a few links to useful libraries and articles.

Syndicate content