Today, I would like to present the fifth issue of the well-known Hack In The Box e-magazine, originally brought back to life by Zarul Shahrin, in January last year (see the complete release history here). As usual, every Windows Internals maniac can find something for himself: this time, I described some of the most interesting parts of the Windows Subsystem (commonly known as CSRSS) internals, or more precisely, the potential advantages one can take from the undocumented mechanisms found in the subsystem (e.g. obfuscating a local thread creation). Besides this one article, you can also find another five write ups, related to Linux and Network Security, as well as professional development. Most of all, however, I would like to recommend the Interview section, where a well known RE community figure – Rolf Rolles – talks about his current occupation and shares his thoughts about the current state of the reverse engineering world.
Additionally, I happened to be one of the issue’s Technical Advisor, meaning that I was reviewing the incoming submissions and rejecting some ;) Here, I would like to thank the HITB crew (especially Zarul) for their patience and persistence – keep the fire burning!
Now, to the point:
The current edition is available to be downloaded from here (HITB-Ezine-Issue-005.pdf, 3,99 MB)
Contents Table:
Linux Security
Investigating Kernel Return Codes with the Linux Audit System (4)
by Steve Grubb, Principal Engineer/Security Technologies Lead, Red Hat
Network Security
Secure Shell Attack Measurement and Mitigation (14)
by Christopher P. Lee, Kevin Fairbanks
ARP Spoofing Attacks & Methods for Detection and Prevention (25)
by Supriya Gupta, Dr lalitsen Sharma
Exploiting Web Virtual Hosting – Malware Infections (32)
by Aditya K Sood, Rohit Bansal, Richard J Enbody
Windows Security (Cover Story)
Windows CSRSS Tips & Tricks (38)
by Matthew “j00ru” Jurczyk
Professional Development
CISSP Corner – Tips and Trick on becoming a Certified Information System Security Professional (50)
by Clement Dupuis
Interview
Rolf Rolles (52)
by the Editorial Crew
Enjoy the issue!
j00ru, are you sure that lead of your article is correct? I don’t have Vista nor 7, so I am like blind here. Since XP POSIX subsystem is no longer part of the system, but it was and is available in superior form as separate package called Services for Unix (SFU, last version is 3.5 available for 2K, XP and 2K3). I even played with this some time ago, but don’t remember much to be honest.
Nowadays, according to Wikipedia, it’s called Subsystem for Unix-based Applications (SUA) and is shipped with Enterprise and Ultimate editions of Vista and 7.
See:
http://en.wikipedia.org/wiki/Windows_Services_for_UNIX
http://en.wikipedia.org/wiki/Interix
@przemoc: yes, I am pretty sure that the lead of the article is correct. It clearly describes the state of things mentioned by you:
In this case, I simply put all of the separate packages and options (SFU, SUA etc) into a single word: optional, i.e. you have to implicitly download and install these utilities, in order to take advantage of the POSIX subsystem.