Monday, September 03, 2007

Expanding my mind...Expanding my library

On My Mind

I really enjoy reading technical blog posts that provide a detailed walk-through of troubleshooting or advanced techniques.

These past two weeks have led me across these great walk-through's:

Mark's Blog : Vista Multimedia Playback and Network Throughput - Not really a "troubleshooting" post, Mark Russinovich uses Process Explorer, the Reliability and Performance Monitor (Perfmon), and Task Manager to show how a Vista kernel design feature impacts the Multimedia Class Scheduler Service (MMCSS) and causes network throttling during some audio or video playbacks.  Regardless if you feel this is a real issue or not, Mark logically and clearly traces down the observed behavior and how each of the components involved in the results are displayed. Fascinating.

Analyzing a Suspect WMF File « Didier Stevens - Security incident responder Didier Stevens turns his great analytical skills to showing how a WMF file can be examined for malicious shell code.  Lots of great screen captures to illustrate his step-by-step progress.  I won't pretend to understand much of it, but again, it is the process that is used that I find very useful to review.

Ingreslock Exploit: Alive and Well - Chris Mannon over at the Spywareguide blog posts a great article on how a trojan downloader works its bad-magic.  It is a quick read but provides a reminder just how these little buggers work.

The SpywareGuide Greynets Blog: Compromised Emails Lead To IE Exploiter Tool - Spwareguide contributor Chris "Paperghost" Boyd chases down a lead pointing to the source of a gigantic collection of email address, postal address, IP addresses, etc that was uncovered on the net.  It leads him to a exploit creation tool, and eventually, to Mr. Bean. Great trackdown.

Finally, we have SANS-ISC's weekend post Deobfuscating VBScript which illustrates how you can pick apart tightly wrapped up and convoluted malicious VBScripts.

On My Shelves

Having given up for the moment my pursuit of a new cell phone (still no "great" deals on the Samsung Sync) I've decided to re-task the money I had budgeted for it last month and this to picking up a few new things for my bookshelf:

Amazon.com: Winternals: Defragmentation, Recovery, and Administration Field Guide - I depend on the Sysinternals tools daily at work.  And though this appears to cover additional tools besides those Sysinternals ones and looks a bit dated, I think it would provide a good resource for getting into some of the more detailed usages and functions of these applications.

Amazon.com: Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000 (Pro-Developer) - I have been coveting this book for over a year.  Mark Russinovich has an amazing understanding of all things Windows.  I know this one is going to be grades above my understanding, but I like reading material that challenges and is beyond my current skill sets.  Event though I expect to struggle with much of the content, I hope to get some rudimentary understanding of the Windows landscape.

Amazon.com: Windows Forensic Analysis Including DVD Toolkit - Harlan Carvey has a great blog and frequently leaves great tips in my comments.  While I don't deal with "real" forensic's level responses, it is the techniques and methods that investigators use that help me hone and refine my own troubleshooting and malware response skills.  I'm really looking forward to reading this one.

Amazon.com: Air TV vol. 1: DVD - Apparently this is a real "niche" title as all my local DVD/Anime sources aren't bothering to stock this anime.  So I will be having to pick it up on Amazon as well.

Better than a new flashy cell phone?  Ummm....not 100% sure, but should help me expand my mind and skills...and I don't need to worry about batteries.

Besides...gives Lavie and Alvis something to maybe consider for me in a few months when my birthday comes around.

What kind of wife and kid gets their husband technical books for their birthday, anyway?

Wait, don't answer that....you might incriminate someone...

--Claus

No comments: