Cisco Blogs


Cisco Blog > Security

Adding Data Segment Cross References in IDA

Recently I was working on reverse engineering a 16-bit MS-DOS binary to better understand a network transport protocol used for modem communication in some software I was looking at. I was using the IDA Pro tool for this purpose.

However, to my dismay, after looking at the string table and finding a string that seemed relevant to the particular section of code which I was interested in, I noticed that none of the strings in the string table contained cross reference information, and I was therefore unable to easily jump to the instructions in which it was used.

Upon further analysis, I determined that the reason the cross reference information for the strings in the table was not populated is because the strings resided in the data segment and referenced using the ds segment register.

Read More »

Tags:

Unified Data Center IQ Challenge : The Learning Experience

October 19, 2012 at 10:42 am PST

As a quick reminder , to participate to this 6 weeks challenge and have a chance to win every week a new iPAD , you want to visit our Facebook page. The questions are submitted on Sunday midnight PST, and answers have to be provided not later than Friday 12:00PM  PST.  Participation is easy and fun and allow you to collect points to compete for the highest IQ score. This best Unified Data Center “brain” will be the winner of the Grand Prize (valued US $2000).  Every week-end (Friday noon to Sunday) you can answer bonus  questions, which give you additional points to catch up for the Grand Prize.

The winner of week 2 (questions about Cisco Open Networking Environment) was Mohamed Fawzy Saleh from Egypt  who won a new iPAD. Mohamed is a student, very passionate by network technologies . Congratulations Mohamed!
From my point of view , one of the best quality of the high tech population is the thirst to keep learning in a fast changing and demanding environment . One of the intention of this challenge (game?) is to suggest every week questions to stimulate your curiosity.

My ask this week for you as we are moving to the next bonus questions for this weekend  (Security -- See below) and week 4 (Virtualization) of the challenge is to tell us what you think about the set of questions. Did you learn? Did you find the questions interesting ? Just as a reminder, and for the new participants, here are the topics we covered so far.  

Contest

Topic

Solution

Blogger

Week 1
Oct 1-  Oct 4

Low Latency Switch

Algo Boost Technology – Nexus 3548

Berna Devrim
Gabriel Dixon 

Bonus
Oct 5- Oct 7

Mission Critical Application

SAP Oracle Microsoft on UCS

Rick Speyer
Chip Lawson
Rex Backman

Week 2
Oct 8- Oct 11

SDN

ONE (Open Newtorking Environment)

Omar Sultan 
Gary Kinghorn

Bonus
Oct12- Oct 14

Desktop Virtualization

VDI/VXI with Citrix and VMware

Tony Paikeday –
Jonathan Gilad

Week 3
Oct 15 – Oct 18

Unified Management

Intelligent automation for Cloud – SAP IT Process Automation – Cloud Management

Rodrigo Flores –
Wayne Greene –
Carolina Fernandez

Read More »

Tags: , , , , , ,

Cisco and Citrix –Better Together Across Networks, Clouds and Mobility

Early this week, there was much buzz and speculation about how Cisco and Citrix will be doing business differently. The news was finally unveiled at Mark Templeton’s keynote, when he introduced Cisco CTO, Padmasree Warrior, and they jointly announced the expansion to the two companies’ current partnership on three strategic areas: cloud networking, cloud orchestration and mobile workstyles.  Details are outlined in this press release.

Read More »

Tags: , , , , , , , , , , , , ,

Tracking Malicious Activity with Passive DNS Query Monitoring

Ask anyone in the information security field they will tell you:

Security is not fair. There is essentially an unlimited supply of attackers that can test your defenses with impunity until they eventually succeed.

As a member of the Cisco Computer Security Incident Response Team (CSIRT) I’ve seen this asymmetry up close, so I can tell you that good security is really hard. Besides the normal security practices like deploying firewalls, IDS sensors, antivirus (AV), and Web Security Appliances, CSIRT is increasingly looking to the network as a data source. We have been collecting NetFlow for years but we have always wanted additional context for the flow data. While it is true that the Internet is built on TCP/IP, Internet services—both good and bad—are found by name using the Domain Name System (DNS). For years infosec has been network-address-centric and the attackers have adapted. Today it is very common to see malware command and control (C&C) use domain generation algorithms (DGAs), Peer-to-Peer (P2P), or even fast-flux DNS to evade IP address-based detection and blocking. It has become absolutely clear that to keep up with the latest attacks and attackers you must have a view into the DNS activity on your network.

CSIRT has been struggling with limited DNS information for a while now, so I am pleased to say we finally have comprehensive visibility into the DNS activity on our network. Before I dive into how we tackled this problem I should back up and explain a bit more about DNS…

Read More »

Tags: , , , , ,

SIO Portal: Tell Us What You Think!

The Cisco Security Intelligence Operations (SIO) Portal is the primary outlet for Cisco’s security intelligence and the public home to all of our security-related content. This content ranges from Event Responses () to IntelliShield Alerts () to Cisco product Security Advisories (). The SIO Portal is intended to be the first place you visit when looking for security information from Cisco.

Customer input is very important to us. With this in mind, we’ve launched two new customer listening tools on the SIO Portal: an enhanced feedback mechanism and a short six-question survey.

Read More »

Tags: , , , , ,