Showing posts from October, 2010

Thunderbird Grammar Checker 0.5 is released


Now it's compatible with Thunderbird 3.x. The language for checking is correlated with the Spell Checker language. Sorry for delay, but my work load can't give me enough time to support it well.

Future plans:
Support inline highlighting. Backend is almost ready, but there are some problems with frontend - I just don't know how to properly modify DOM of the opened message compose window. Looks like I have to use/hook some JS-events, but my current research gives nothing.Move to After The Deadline server instead of LT server-mode. LT is integrated to AtD server (see the News section on However, there is a problem with the current AtD server - it doesn't work locally now: Until they fix the problem, I can't recommend to use it.Implement pure JS-based Grammar Checker engine. See below the notes. All of these require some time and e…

Shellcode detection using libemu

Shellcode can be seen as a list of instructions that has been developed in a manner that allows it to be injected in an application during runtime. Each security researcher face the shellcodes during their work, and in this article I'll show how to detect shellcodes using Python (via libemu Python binding).

Few words about libemu:
libemu is a small library written in C offering basic x86 emulation and shellcode detection using GetPC heuristics. Intended use is within network intrusion/prevention detections and honeypots. The information on the site is not actual in some places, so I'll give direct and clear instruction how to get and install libemu.

Clone the git repository:

$ git clone git://
Firstly, configure, make and install libemu itself (without binding):

$ autoreconf -v -i $ ./configure --prefix=/opt/libemu $ make $ sudo make install
If you set up prefix as shown above, you have to add the library path to /etc/ file. It should loo…

Metasploit Browser Autopwn module

In previous article I've shown the using of windows/browser/ms10_018_ie_behaviors exploit. In many cases trying exploits one by one is not acceptable, so the auxiliary modules have been created. One of these - server/browser_autopwn:

This module uses a combination of client-side and server-side techniques to fingerprint HTTP clients and then automatically exploit them. After successful attack it creates Meterpreter session, so you can gain a full access to target. Meterpreter is a set of tools for interacting with processes, networking, and the file system of the target. In this article we will dump the SAM hash of the target system and decrypt it using ophcrack.

Let's go directly to the actions (set the LHOST parameter according to your environment):

$ msfconsole

                _                  _       _ _
               | |                | |     (_) |
 _ __ ___   ___| |_ __ _ ___ _ __ | | ___  _| |_
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
| | | | | |  __/ ||…

Brief introduction to Metasploit

As a part of increasing IT-infrastructure security, penetration testing is one of the most valuable tools. Of course, system updates, using firewalls, IDS/IPS, right ACL and other methods are very efficient, but you can't be 100% assured that everything is fine. Security is a battle between defenders and attackers, and usually attackers are one step ahead in this battle.

To be a good security professional, you have to know how attackers work, which tools and methods they are using, you have to be an attacker (of course, white-hat) - embrace Dark Side, but not be dominated by it and stay with Light Side.

So, the Metasploit is one of must-be-known tool for every security professional:
Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools a…

Cross-compilation in Linux

Sometimes it is necessary to create Windows application from Linux. I will briefly introduce the method for it in the article.

The basic principle is simple and common for all cross-compilations (e.g., creating Symbian applications in Linux/Windows or other desktop OS):
Get and install a toolchain for target platform (compiler, linker and other tools);Compile all required frameworks using this toolchain (for example, GStreamer, Qt, wxWidgets etc)Compile your own project with this toolchain and precompiled frameworks. For creating Windows applications from Linux you can use MingWG: Minimalist GNU for Windows. The installation is pretty easy:

$ sudo apt-get install mingw32

As an example, let's compile a simple Windows application with a message box (msgbox.c file):

#include <windows.h>

INT WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
                   LPSTR lpCmdLine, int nCmdShow)
  MessageBoxW(0, L"Hello from Linux!\n", L"MinGW app", MB_ICONEX…