Slashdot Mirror
A New Challenge from Honeynet
cjpez writes: "The people at the Honeynet have issued another challenge on the Bugtraq mailing list. Instead of hacking into a box, though, this time your goal is to submit the best analysis of a binary file they'll post on Monday, May 6th. Think you're good at reverse engineering? Then try it out! They're even offering actual prizes, so you can get something besides the feeling of personal fulfillment for your trouble. The post hasn't quite made it to SecurityFocus' Bugtraq Archive yet, but I did find it at another Bugtraq archive in Germany (slashdottings abound!). The URL included in the email, http://project.honeynet.org/reverse/, doesn't seem to be active yet, so presumably we can assume it'll go up on Monday. The post fails to address other concerns, though: will the winner be in violation of the DMCA? :P The challenge was also issued, obviously enough, on SecurityFocus' Honeypot mailing list."" In a later note, he points out that the announcement has finally made it to the Bugtraq archive page." (And that URL is active now.)
or are they just asking what the purpose of binary is? Reading from their challenge, that pretty much summing it up..or I could just need a nap
Slashdot Hypocrisy at work?
Anyone know where I can find a newbie's guide to reverse engineering? Although I've done a bit of low level programming, I never got beyond the basics, and all I've done recently is modify the 'START' string in explorer.exe using ultraedit-32.
SpamNet - a spam blocker that really works
This seems like a really cool contest to raise awareness on security matters. This feels kind of like an ACM problem, except less programming and probably a lot more real-world experience. Anyway, I've never tried to figure out what binary files do...I always refer to source files. Are there many tools available for looking at or figuring out what binaries do? Any reference pages? (the one linked on the article page isn't very helpful). Can someone provide more information about forensics with binaries? Thank you.
I drink to prepare for a fight; tonight I'm very prepared. -Soda Popinksi
I think you are wrong there. When you gzip or tar or gpg a file, it isn't actually operating on the original file, it creates a new one. Then it deletes the old one.
So even if you encrypt all your files, there are probably still unencrypted versions that are findable on your drive.
An encrypted file system might be away around this, or use some program to repeatedly write and erase random data to the "blank" portions of your disk.
On Windows systems there are many 'shredder' tools such as Norton Wipespace that go along and 0 fill all the unused space on a machine
And when you delete a file what happens is the files entry in the rootsector is removed, the rootsector has a list of all files on the drive (that the OS knows about) and where they are. It can also hold other information such as in FAT32 filesystems the official filesize is 8.3 (a clone of fat16) but using a 'comment' sector of the root and other 245 or so odd bytes are stored.
A way to get around the normal FBI or investagtor problems searching in your disks without getting in trouble (for not giving pword) is to get a laptop that has security hard drives. These drives will only work when connected to that computers BIOS. And you can do your work on the laptop, take the hard drive out, and hide the laptop until problems blow over
Medevo