HITB E-Zine Issue 005 finally made public

Today, I would like to present the fifth issue of the well-known Hack In The Box e-magazine, originally brought back to life by Zarul Shahrin, in January last year (see the complete release history here). As usual, every Windows Internals maniac can find something for himself: this time, I described some of the most interesting parts of the Windows Subsystem (commonly known as CSRSS) internals, or more precisely, the potential advantages one can take from the undocumented mechanisms found in the subsystem (e.g. obfuscating a local thread creation). Besides this one article, you can also find another five write ups, related to Linux and Network Security, as well as professional development. Most of all, however, I would like to recommend the Interview section, where a well known RE community figure – Rolf Rolles – talks about his current occupation and shares his thoughts about the current state of the reverse engineering world.

Additionally, I happened to be one of the issue’s Technical Advisor, meaning that I was reviewing the incoming submissions and rejecting some ;) Here, I would like to thank the HITB crew (especially Zarul) for their patience and persistence – keep the fire burning!

Now, to the point:

The current edition is available to be downloaded from here (HITB-Ezine-Issue-005.pdf, 3,99 MB)

Contents Table:

Linux Security

Investigating Kernel Return Codes with the Linux Audit System (4)
by Steve Grubb, Principal Engineer/Security Technologies Lead, Red Hat

Network Security

Secure Shell Attack Measurement and Mitigation (14)
by Christopher P. Lee, Kevin Fairbanks

ARP Spoofing Attacks & Methods for Detection and Prevention (25)
by Supriya Gupta, Dr lalitsen Sharma

Exploiting Web Virtual Hosting – Malware Infections (32)
by Aditya K Sood, Rohit Bansal, Richard J Enbody

Windows Security (Cover Story)

Windows CSRSS Tips & Tricks (38)
by Matthew “j00ru” Jurczyk

Professional Development

CISSP Corner – Tips and Trick on becoming a Certified Information System Security Professional (50)
by Clement Dupuis


Rolf Rolles (52)
by the Editorial Crew

Enjoy the issue!

3 thoughts on “HITB E-Zine Issue 005 finally made public”

  1. j00ru, are you sure that lead of your article is correct? I don’t have Vista nor 7, so I am like blind here. Since XP POSIX subsystem is no longer part of the system, but it was and is available in superior form as separate package called Services for Unix (SFU, last version is 3.5 available for 2K, XP and 2K3). I even played with this some time ago, but don’t remember much to be honest.

    Nowadays, according to Wikipedia, it’s called Subsystem for Unix-based Applications (SUA) and is shipped with Enterprise and Ultimate editions of Vista and 7.


  2. @przemoc: yes, I am pretty sure that the lead of the article is correct. It clearly describes the state of things mentioned by you:

    (…) and the POSIX subsystem became optional (and doesn’t ship with Windows Vista and later, anymore).

    In this case, I simply put all of the separate packages and options (SFU, SUA etc) into a single word: optional, i.e. you have to implicitly download and install these utilities, in order to take advantage of the POSIX subsystem.

Leave a Comment