Tuesday, June 19, 2012

Tor, choose exit node country

You want to have a specific country IP using tor ?

Edit your torrc file (in windows it's located in %appdata%/tor )

StrictExitNodes 1
ExitNodes {fr}

fr for france, es for spain, etc...
You can add comma. For instance Germany or Finnland :

StrictExitNodes 1
ExitNodes {de},{fi}

Or you do not want to get out from United states ?

StrictExitNodes 1
ExcludeExitNodes {us}
Et voila... 

Friday, April 27, 2012

Kaspersky Security Center (9.2) - Tasks with Application

It seems that after upgrading or reinstalling+Importing backup of  KES 9 or 9.2 you can found some tasks with Application displaying "unknown"
While trying to check properties you are prompted to use : klcfginst.exe to repair.
You'll find it with installation binaries.

KAV\ksc 9.2\en\Console\Plugins\KES
KAV\ksc 9.2\en\Console\Plugins\Workstation_6.0_MP4


For instance if your old policies for Workstation 6.0 have unknow application choose the the Plugins\Workstation_6.0_MP4\klcfginst.exe  and it should fix your issue.

Monday, April 16, 2012

Kill a process by its arg

Not happy with Killall and many process with a common argument ( mystringprocessargtokill ) to kill ?
`ps -ef | grep mystringprocessargtokill  | grep -v grep | awk '{print $2}'`
Et voila !

(Edit : Title. Thanks Sébastien)

Sunday, March 4, 2012

vim - Delete line containing or not containing a specific pattern

In a file if you need to remove all lines containing "toto" you can do that in vim using :


If you want to remove all lines containing "toto" or "titi", you'll need to use the \| for OR


If you want to remove all lines that do no contain the pattern "200 OK" use g!

:g!/200 OK/d

or its equivalent : v

:v/200 OK/d

Sunday, February 26, 2012

VirtualBox 4.1.8 - Ubuntu Oneiric - Cuckoo


python cuckoo.py

on your Ubuntu Oneiric VirtualBox (4.1.8 installed using .deb) you face an error :

ImportError: No module named xpcom.vboxxpcom

Then you are quite surely dealing with this bug :


The solution explained there works for
adding this to ~/.bashrc or typing it before runing cuckoo :

export PYTHONPATH=$PYTHONPATH:/usr/lib/virtualbox/:/usr/lib/virtualbox/sdk/bindings/xpcom/python/

Et voila !
Should work for you too. Feel free to share your experience !

Wednesday, February 22, 2012

Blackhole v1.2.2 is out

Blackhole Exploit Kit has been updated to v1.2.2

It seems to be a minor upgrade that aim to make life of malware researcher a bit harder.
Retrieving file from a known BH host is not as easy as it used to be.
On the Dashboard stats for Rhino et Obe are grouped
It seems some salt has been added to final download url.
Previously was something like:


where xx was an integer and n the exploit number. (w is also a variable see below)
Now we are seeing url like
See you later, maybe, for a deeper analysis on the modification that this revision is bringing.
Keep your java, adobe reader, flash and windows updated and you'll don't have to care about theses exploit kits.