Random Links
Just adding a couple of random links I found interesting over the past few days
First of all - the nmap survey! Used as input for updates to nmap and to the sectools.org list. If you havent already get in there and vote!
http://nmap.org/survey/
More on malicious pdf analysis at the ISC Diary. This one analyses a pdf that is using some interesting new Javascript obfuscation methods.
http://isc.sans.org/diary.html?storyid=8587
And while we are on the subject of javascript obfiscation, heres another online tool that can be used to unpack Javascript. If you wish you can directly upload a PDF, pcap, HTML, or JavaScript file for it to grab the Javascript from. Might be a good alternative if you ever find a script that Wepawet wont decode...
http://jsunpack.jeek.org/dec/go
This is an interesting bit of software, that monitors API calls of a Windows process. Might be very useful for malware analysis....
http://jacquelin.potier.free.fr/winapioverride32/
Last but not least, and a subject dear to my own heart, a post on the Metasploit blog on the question of whether a penetration tester needs to know assembly. Yet another example of untrustworthy public exploit code is provided. If you use exploits, you need to know how they work people!
http://blog.metasploit.com/2010/04/penetration-testing-learn-assembly.html
Im still working (slowly) on the malware analysis post I promised a little while back, and as soon as my new laptop gets delivered I will start looking at the next of my buffer overflow tutorials. I am planning for the next entry in the series to be much more difficult than what has been covered already, so take this down time to make sure you understand everything in the first five entries!