Job Posting

May. 1st, 2009 12:12 pm
foxgrrl: (Default)
My company is finally hiring someone else to do all the busybody work I don't have time for. Don't worry about the BS degree; if you can write an exploit, for any vulnerable program I give you, then you're qualified. (Actually, if you've ever touched IDA, and know how to read analyze .pcaps, you're qualified. If I can give you a mystery program, and you can tell me what it does, you're qualified. You must be able to act like a mature responsible adult when interacting with other people.)

Update: You can email me at juliavixen $40 gmail.com If you don't understand that email address stop now. If it was up to me, I'd have everyone send me their stuff in flat in 7-bit ASCII, but since I'm just handing this stuff off the the appropriate manager, all those newfangled dynamic-content enabled document formats are ok. I'll be checking the .DOCs and .PDFs for exploits, if I find any 0-days you get the job. My GPG Public Key if you need it. The job is right on the border of San Jose and Milpitas in Ciscoville.


I didn't write this:

Job Description for the Security Research Engineer

Duties and responsibilities:

The main responsibilities for this position include: (1) keeping track of vulnerability disclosure and malware (with focus on botnet, spyware, and other Trojans that engage in network-based activities) development, (2) performing false positive checking for detection signatures, and (3) conducting detailed analysis of malware behaviors, through code reverse engineering and live behavior studies.

Qualifications

Professional experience:

The candidate should have at least two years of experience in the security field, especially with skills in malicious code analysis. Good knowledge in security vulnerability, exploitation, and Windows OS internals are expected. Solid programming skills are required. Working knowledge of TCP/IP stack and familiarity with network traffic tools are also required. Examples of relevant industries include AV, IDS/IPS/IDP, Web and Message security.

Personality:

Must be hardworking, a self-starter, and effective in a small-team environment.

Formal education:

BS degree in CS/EE or equivalent experience.
  • Current Mood: okay
  • Current Location: Mountain View, CA
Tags:
  • Add Memory
  • Share This Entry

(no subject)

Apr. 1st, 2009 08:55 pm
foxgrrl: (Default)
		call	InternetGetConnectedState
		test	eax, eax
		jz	short loc_9A3C5C
		lea	eax, [ebp+12Ch+SystemTime]
		push	eax		; lpSystemTime
		call	ebx ; GetLocalTime
		cmp	[ebp+12Ch+SystemTime.wYear], 7D9h
		ja	short loc_9A3C37
		jnz	short loc_9A3C4D
		cmp	[ebp+12Ch+SystemTime.wMonth], 4
		ja	short loc_9A3C37
		jnz	short loc_9A3C4D
		cmp	[ebp+12Ch+SystemTime.wDay], 1
		jb	short loc_9A3C4D


The above sequence of code has been the bane of my existence this week. It's the date check for April 1, 2009 from the Conficker.C worm. As with many other viruses in the past with a specific date that they do something, there is tremendous media hype surrounding this. So, I had not been analyzing this worm for the last few months, because everyone else had it covered, and I had other stuff to do, but now because of the media hype my company wants to have something published on it for marketing reasons. Since everyone else [see above] has published almost everything about it, there isn't much else for me to say. So I'm reversing the P2P protocol in Conficker.C, because it's the only part left… because it's the hardest part to understand. Anyway, I think I'll at least have figured out the IP address to UDP Port calculation soon, so I can write a scanner/Snort rule, for the P2P protocol. Anyway, don't interrupt me in the meantime…

(I was also going to write up a full analysis of the shellcode used in Conficker.A and Conficker.B, as no one else has really gone into detail there. (But the additional detail isn't really useful to know if you only care about detecting it. But I can describe who the authors copied most of their shellcode from (it's slightly modified MSF). Anyway, it'll be interesting to someone, but the P2P thing will get media attention.)

(Note: I'm not complaining. I'd much rather be reversing malware than working on what I was supposed to be doing this week.)
  • Current Mood: rushed
  • Current Location: Oakland, CA
Tags:
  • Add Memory
  • Share This Entry

Profile

foxgrrl: (Default)
foxgrrl

May 2023

S M T W T F S
 123456
78910111213
14151617181920
212223242526 27
28293031   

Syndicate

RSS Atom

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Mar. 22nd, 2026 04:47 pm
Powered by Dreamwidth Studios