Introduction
Number 0x01: 03/23/2006 Anopheles gambiae. Anopheles gambiae: Mosquito of the genus Anopheles, is the most efficient vector of malaria transmission in sub-Saharan Africa and one of the most efficient transmitters of tropical diseases in the world.
[ --- The Bug! Magazine
_____ _ ___ _
/__ \ |__ ___ / __\_ _ __ _ / \
/ /\/ '_ \ / _ \ /__\// | | |/ _` |/ /
/ / | | | | __/ / \/ \ |_| | (_| /\_/
\/ |_| |_|\___| \_____/\__,_|\__, \/
|___/
[ M . A . G . A . Z . I . N . E ]
[ Number 0x01 <---> Edicao 0x01 <---> Artigo 0x00 ]
.> 23 de Marco de 2006,
.> The Bug! Magazine < staff [at] thebugmagazine [dot] org >
Released on 23th day of the month in memory of Karl Koch aka Hagbard Celine.
Prologue
It is with great satisfaction that rfdslabs and Gotfault release the first issue of The Bug! Magazine. A 100% Brazilian magazine focused on the Brazilian hacker scene, with the goal of helping, along with the rest of the community, to rekindle the national scene that had its peak in the late 90's, more precisely between 1997 and 1999, and then got lost, being resumed most of the time, the dissemination of knowledge through independent initiatives, often not leaving the underground.
The Bug! Magazine does not discuss ethics. We believe that information security ethics is a subjective issue, depending on who analyzes it. The magazine has no white hat or black hat profile, we just want to share quality information. It is not up to the magazine to judge people for the actions taken from the information published here.
We count on the support of some collaborators, who helped us in this first step, providing materials for exclusive publication in the magazine. Regarding the content, we will address issues related to different subjects. We hope that the articles are easily understood by the target audience, who preferably should have some knowledge of programming and systems in general. We will also try to please more experienced programmers by addressing more advanced topics, mainly in Portuguese.
We hope that our effort can be useful to you in your/our eternal search for knowledge. If you learn even 1% with our texts, it will already have been worth it to have started this initiative of providing good material to those who were missing the time of the Brazilian zines.
And remember: the important thing is to have fun, even if it causes you headaches for endless hours in front of the computer. In the worst case scenario you'll get a "Samsung" tan!
Articles
0x01 : Advanced Assembly in Linux - x86 AT&T
For the bit-brushing crowd, Gustavo C. (hophet), presents us with a little bit of Assembly, this very powerful language and widely used in the hacker scene. In this article he talks about aspects that are not very commented in the papers about the subject. In case you are already familiar with the insides of the processor, the content presented in this article can be very helpful.
0x02 : Intrusion Detection Systems: Introduction
In this paper Gustavo Monteiro (y0Rk), deals with concepts about IDS's, going through terminology and definitions, covering firewall, sniffer and networks. Be surprised to know that the natural selection proposed by Darwin, also works for the world of bits, hunter X prey.
0x03 : Local Stack Overflow
If you always tried to understand local stack overflows and return-into-libc but never found a didactic text, this is your chance to learn with a paper written in English and with great quality. Thyago Silva (xgc) is the author, and this naughty carioca promises good articles for the future, never seen in Portuguese, approaching several techniques in exploiting software programming flaws.
0x04 : Writing remote stack overflow and format string exploits
The techniques for remote exploitation of stack overflow, return-to-libc and format strings are extensively described and covered in Julio Cesar Fort's article (sandimas). Now the developer will understand why he/she should filter the input data types (integers, strings, characters, etc.) very well, so as not to be surprised.
0x05 : WEP: introduction to the mechanism of operation
If you think your wireless network is secure, you should read Gustavo Bittencourt's article (spud). The text covers in detail the security mechanism implemented by WEP, addressing some of its main weaknesses, besides a walk through the 802.11 architecture.
0x06 : Complete guide to process infection
Do you think you are secure with your OpenSSH? Think twice reading the paper by Carlos Barros (barros) and learn how to infect processes, system calls and play with libraries. Fear him!
0x07 : Port Knocking
In a very well written paper Carlos C. (hash) talks about PortKnocking. A not yet very popular technique that can be used in Backdors and client/server systems, going through Raw Sockets, Perl and sniffers. The more stealth the better!
0x08 : Introduction to PIC
Rafael Silva (rfds) innovated and left the security field to give us a nice introduction to PIC microcontrollers. The people with a tendency to be "bit brushers" and the guys who are interested in electronics and automation will love it.
0x09: Distributed Systems
Carlos C. (hash) comes with another paper to deal with the subject of distributed systems, approaching several problems and solutions involving concurrent processes, as well as security issues like race conditions.
0x0a : The Bug! Magazine interview: tbob
Acknowledgments
We leave here a special thanks to those who made possible the launching of the first edition of our magazine:
Vinicius Gomes < vinygomes [at] hotmail [dot] com >
Pelo logotipo, contruido com exclusividade para The Bug! Magazine
Scorpion < underlinux.com.br >, dms < secforum.com.br >
Que ajudaram na divulgacao da revista.
License
The contents of The Bug! Magazine is licensed under Creative Commons. The articles, codes and other information published on this site are property of their respective authors. Reproduction of any material, in part or in whole, is allowed, as long as the integrity of the content is preserved, as well as the references to the authors and to the magazine. It is worth mentioning that it is forbidden to publish or reproduce the magazine by third parties, aiming at any kind of commercial activity.
The Bug! Magazine is not responsible for the information disseminated in the articles nor for any actions that may be taken from reading them. The magazine does not encourage any kind of illegal activity that can be committed with the use of the information obtained in the magazine's publications.
We ask for the reader's understanding if any errors are detected after the magazine has been released. It is not possible to thoroughly review all articles, and some errors will often slip through our review scheme. The problems detected and reported to the magazine edition will be analyzed and corrected with the next issue of the magazine.
It is worth mentioning that the authors and editors do not receive any kind of financial reward for the work done to keep the site updated and the periodicity of the magazine. All members have parallel activities and the content of the site is prepared in their spare time. Finally, we also highlight that the opinions expressed by the authors in their articles do not always reflect the opinions of the responsible for the edition of the magazine.
More details about the license for the use and reproduction of the journal content can be found at: http://creativecommons.org/licenses/by-nc-nd/2.5/deed.pt
Copyleft (c)(c) 2006, The Bug! Magazine. Released under Creative Commons.
Staff @ The Bug! Magazine
Information wants to be free.