Malware Analyzer for Android ( Anubis, NVT, URLVoid & Comodo, All in One )
Feb 25th
I have always been a fan of Anubis binary analyzer, though I prefer Sandboxie in some serious situations. As Anubis is an online analyzer, running a binary there is totally risk free. Hence, it surely is time saving than going for Sandboxie where I have to boot into the separate VM I use, dedicated for Malware Analysis (just for extra security).
Anyway, for those who are unaware of Anubis:
Anubis is a tool for analyzing the behavior of Windows PE-executables with special focus on the analysis of malware.  Execution of Anubis results in the generation of a report file that contains enough information to give a human user a very good impression about the purpose and the actions of the analyzed binary. - http://anubis.iseclab.org/?action=about
Anubis recently added support for Android APKs, branding itself the first binary analyzer to do so. Hence, now it is possible to submit an APK files and get them analyzed by Anubis to identify what the APK file actually does in Android system. This service seems to use TaintDroid internally, could be in combination with several other tools.
An example report of is available at below link.
In the report, it is clearly mentioned that phone number, IMEI/IMSI number, and other database information (TAINT_PHONE_NUMBER, TAINT_IMEI, TAINT_IMSI and TAINT_OTHERDB) have been leaked during the execution of application. Further details related to network communication carried out, file operations, crypto operations, usage of permissions and services are also detailed.
Though it is possible to get the kind of report when you are setting in-front of a computer, it could be an exacting process if you are using a mobile device. Moreover, uploading an APK of an installed application could be a problem as it is required to get the APK out of /data or /system.
Recently, I came across an useful Android application named Malware Analyzer which supports Anubis, Comodo Malware Analyzer, NoVirusThanks and URLVoid all in one.
Home Screen Screenshot
This application supports submitting files (APK / EXE), installed Android applications or URLs to Anubis analyzer, as well as other scanning engines it supports.
Also the application not only allows utilizing the power of Anubis APK analyzer just with the Android mobile or tab that you are having, but also allows scanning any file that is accessible to the Android device or any URL through 14 to 30 virus / malware scanning engines with NoVirusThanks / URLVoid. Scan results and reports are directly accessible through the application itself.
Anubis for Android, Anubis Mobile, NoVirusThanks for Android, NoVirusThanks Mobile, URLVoid for Android, URLVoid Mobile, Comodo Malware for Android, Comodo Malware Mobile, Multi Virus Scanner, Multi Virus Scanner for Android, Mobile Multi Virus Scanner, Android Multi Virus Scanner, Free Multi Engine Scanner Android, Free Multi Engine Scanner Mobile, Multi Engine Virus Scanner for Android, Multi Engine Virus Scanner for Mobile, Online Multi Engine Scanner for Mobile, Malware Scanner Mobile, Malware Multi Scanner Mobile, Malware Scanner Android, Malware Multi Scanner Android, Multi Scan Engine for Android, Multi Scan Engine for Mobile
Yii Vertical Operations Menu (CMenu)
Aug 19th
Yii framework provides a nice, dynamic “Operations Menu” with CRUD views generated by Gii application. In one of my projects I wanted to change vertical nature of the operations menu and make it horizontal to match with the template. Below image illustrates the change I wanted. Basically it is all about changing horizontal nature of Yii Operations Menu into a vertical arrangement.
Just to be sure that none of the CSS changes affect other components, DIV containing the CMenu (found in “views/layouts/column2.php”, unless you have moved it elsewhere) was modified as shown below:
Note the new class “operations_ads” added to the wrapper DIV.
<div class="span-5 last operations_ads">
<div id="sidebar">
<?php
$this->beginWidget('zii.widgets.CPortlet', array(
'title'=>'Operations',
));
$this->widget('zii.widgets.CMenu', array(
'items'=>$this->menu,
'htmlOptions'=>array('class'=>'operations'),
));
$this->endWidget();
?>
</div><!-- sidebar -->
</div>
Finally flowing CSS was added:
.operations_ads ul {
/* transform horizontal <UL> into a vertical UL*/
display: inline !important;
}
.operations_ads li {
/* transform horizontal <UL> into a vertical UL*/
display: block !important;
float: left !important;
padding-right: 10px;
margin-right: 10px;
/* Styling */
border-style:solid;
border-color:#80CFFF;
border-width:1px;
background-color:#CEEDFF;
}
.operations_ads li:hover {
background-color:#80CFFF;
}
.operations_ads {
width: 100% !important;
}
.operations_ads .portlet-content {
position: absolute;
width: 732px;
}
XSS (Cross-site scripting)
Jun 9th
Cross-site scripting is a vulnerability that exists in many web applications. It is rated as a top threat for web application developers and also rated as one of the famous types of exploits among web application hackers. Before moving ahead, I’d like to point out few examples that prove how common cross-site scripting is, even in nowadays, after 11 years from February 2, 2000 when the first advisory about Cross-Site Scripting (XSS) was published, namely “Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requestsâ€.
Drupal is a famous open source content management system. Shown below is a screenshot of Drupal, Security Mailing list (2011 February).
Fetch-execute cycle and impact of operation types.
Jun 9th
What is a fetch-execute cycle in a processor.
Conventional processor consist five units called ALU, Controller, Internal Storage, Internal Interconnections and External Interface. These units are designed to work in a collaborated environment continuously. What should processor and mentioned components do at a moment is decided by the program that is currently being executed. The way processor is going to read next instruction, execute, produce and store result of computation is called Fetch-Execution cycle. Steps of fetch-execution cycle can be further described as shown below:
Fetch:
CPU has a special register named Program Counter (PC) (also referred as Instruction Pointer) which is a part of Internal Storage. CPU reads the memory address stored in this Program Counter (PC) in to Memory Address Register (MAR). This process can be denoted as “[MAR] <= [PC]†More >
Guessing Game in Assembly
Jun 9th
This assembly language program is designed to create a very simple game where user is allowed to guess a hard coded number between 1 and 255. This hard coded number can be replaced by a randomly generated number using a “random number generator” for EMU8086, which is bit complex because EMU8086 do not contain an instruction to do this implicitly. Program will output if guess is higher or lower than the input number. The code is well commented so that it can be used by anyone who is interested in learning assembly language.
Assembler
This code is written for EMU8086
http://www.emu8086.com/
