The last time I posted was about PHPIDS.

Today I wanted to talk about the WordPress port of PHPIDS called Mute Screamer.   WordPress is an extremely insecure platform. I use it because I didn't have the time or feel like putting the effort into writing my own CMS. Before you "shame on you" I audited my installation for injections and installed PHPIDS so that I would at least get notifications if compromised. I do offsite backup with an account that only has the ability to write the backup. Anywho, I had some dialog with the gentlemen who is ported PHPIDS to WordPress.

Here is our Q&A.

Q: Who is the moniker that is Ampt?

A: My name is Luke Gallagher, just this dev you know.

Q: Do you have a website or blog?

A: You can find my website at http://notfornoone.com

Q: What do you do for a living?

A: I am currently working as a developer for a small design studio, my work at the moment involves working with the web stack.

Q: How did you get into computers?

A: We got our first computer when I was about 12 and I just had figure out how it worked.

Q: How did you first hear of PHPIDS?

A: I first heard about the PHPIDS project when I started following a few security related blogs, I think it was via thespanner.co.uk

Q: How long will you maintain the Mute Screamer project?

A: I can't really say how long I will maintain it for, as long as I am interested and passionate about the project I will be involved.

Q: Is anyone else contributing to the project?

A: There is no one else contributing at the moment. I hope there will be, other people bring new ideas and new perspectives that you may not have even considered. If anyone is interested you can find the project on github: https://github.com/ampt/mute-screamer

Q: Was there any surprises in the process of generating the wordpress plugin?

A: Finding out that WordPress did not provide an elegant way to do something. For example implementing the automatic updates from phpids.org was a little hackish, but this was actually a good thing becuase I was able to fix something in WordPress and make it better while working on Mute Screamer.

Occasionally, I do computer repair.

I fixed that computer in 5 seconds flat.

At one point it was my primary source of income after I quit a job where I wasn't valued as an employee. (I am sure we've all been there once.) In my many years of doing computer repairs, I occasionally would run into that one piece of malware that would throw a wrench in the spokes and just make me stop dead in my tracks. Whether it was in awe of innovation or frustration in removal, there have been those few moments where I just had to step back and re-evaluate my troubleshooting methodology, adjust my dropped jaw or walk away before I made smash smash like bam-bam.  The last time I had a moment like that happened when I had my first rootkit run-in 2 to 3 years ago. If you don't know what a rootkit is ( are you living under a rock???) read here. It was after a few years elapsed from Greg Hoglund's NT based rootkit. It's cited as the first rootkit for NT systems but I believe otherwise as there is always someone who beat you to innovation- if you want to call it that. You know, kind of like how Alexander Graham Bell and Tesla were gamed on for credit by Thomas Edison for various inventions- but I digress. The community evolved over night and some of the more elitist computer repair community saw the rootkit as a mythical creature that just couldn't exist (whether by cognitive dissonance or otherwise) and went the route of the ostrich with it's head in the sand until it couldn't be ignored anymore.

Then it happened. An arrogrant Sony/BMG wrote some DRM software that caused quite a ruckus and shook things up while propelling the term "rootkit" into the media spotlight like so many Britney Spear's head shaving incidents: Sony included a rootkit on music cds as a means to combat piracy with much fail. The rootkit served to enable malware writers to cloak objects from windows with little effort and thus the class action lawsuits started rolling in like seaweed after a hurricane as a new era of malicious code got some traction.

Yesterday  (♫ Virus removal was such an easy game to play ♫)

Yesterday (well this post has been drafted for a week or so- not quite yesterday anymore), I had the moment I spoke of above where I had to re-evaluate my methodology. I have seen some pretty ridiculous infections in my time but this one takes the cake as of December 14, 2010- the worst piece of malware I have ever had the displeasure of removing but credit for innovation. The customer dropped the PC off on a Friday. Generally, with my experience I can fix almost any issue inside of 20mins to an hour depending  on the pc's specs and infection severity. Mostly, the issues I see are of the spyware/malware/trojan series and are easy to remedy. This include your occasional rootkit.

Troubleshooting

Generally when I am fixing computers I ask a line of questions to deduce how much the customer is computer savy, if they know enough to get themselves in trouble, then ask about the symptoms. Based on their responses you can usually make an educated guess of what you are dealing with and what tools you will be focusing on using to fix the pc. When I troubleshoot a system, the very first thing I do is boot the machine up and see how it behaves. Can I replicate the symptoms that the customer described? If I can then I am on the right track. If not, then perhaps the problem is intermittent, customer gave bad information, problem is different than as described or a combination of all of the above.

As a rule of thumb, I NEVER EVER, I really mean NEVER EVER using any removable writable media when working on a system. It is amateur, irresponsible and common place for many shoddy computer repairmen/repairwomen. Rather, I will burn CD's with my toolkit and the most up-to-date revisions. (Thanks be to scripting and wget.)

The troubleshooting work-flow is generally as follows (AND I DO MEAN VERY GENERAL):

• Boot machine normally. Observe. Replicate symptoms? Disable system restore.(If password protected backup SAM and remediate password in PE environment. restore when finished fixing machine)
• Google symptoms for known issues but don't waste time on anything but exact string matches. (works 20% of the time)
• Run combofix
• Boot machine from PE Environment / Hirens BootCD
• mount registry hive for OS
• Run autoruns to see what is on the startup, it's location, etc.
• Google suspicious entries
• Disable suspicious entries without false positive info.
• Disable all non-microsoft startup items.
• Scan machine for viruses/malware with third party utilities
• Boot machine in safe mode with networking.
• run combofix again
• Run Autoruns - check startup entries, Process Explorer - check hooked dll's and Tcpview - currently active connections --- to monitor for strange activities.
• Restart normally.
• Run Autoruns, Process Explorer and Tcpview to monitor for strange activities. Look for removed startup entries back on startup.
• Cleanup pc, defrag and update all AV and Windows Updates after taking System Restore snapshot.
• Return to customer.

This generally succeeds in fixing 98% of the issues that I run into with computers. When I tried to run procexp.exe it would instantly terminate. Hmmm.

Now, if it had of ran, I would have see that the context switch delta on atapi.sys was awfully high because of TDL3 among other anomalies but I am getting ahead of myself. I thought I might have not double clicked it, so I click again twice and get an error that I don't have permissions to run this executable. Okay, probably a dirty malware dll that has an MD5 on my utility and is blocking it accordingly. I run HxD and hex edit a section of plain-text to alter the MD5 of the executable and rename it. Once again it appears to have started but quit. I attempt to run again and... can you guess the error message? Correct, I do not have permissions to run this executable.

For about 5 seconds I stopped and thought about what I might have missed.

I run cacls and change the permission on the utility to everyone. It runs once then the permission error occurs again.

From this I deduce that my phantom malware is observing what system dll's are getting called by the utility and terminating the utility based on those calls then changing permissions on the executable. This is getting to be a complete pain in the ass whereas I normally would have been home free and now it is apparent that I am dealing with something a little more "advanced" then my run of the mill malware.

It's time to change tactics.

Knowing that there is a low likely hood that I will be able to run some of my more advanced utilities, I try anyway. I theorize that some of this more advanced activity is related to a rootkit and I run GMER and Rootkit Unhooker.

And that is when I discover the name of the rootkit via google. TDL3. After removing the associated driver and restoring order in the operating system there is one last surprise waiting for me.

GRLDR is missing or cannot be found.

Wouldn't you know it, the rootkit create it's own MBR that then bootstraps the OS. Only, it's much more cooler and technical than that.

You can find a full dissection of TDL3 here.

To fix the last part of this rootkit you need to restore the MBR. Run fixboot and fixmbr and you'll be home free.

Domain Scams

Domain scamming has been around since ICANN started and was a "legitimate business" for some time where squatters would do all kinds of stuff morally and ethically in question. For example, a business would lapse on their domain name registration and the squatter would register the lapsed domain name and hold the business at ransom.

So I got a funny email this morning and I thought I would share it.

Hmmmm, I believe you. . . Not.

Folks, if you own a similar domain to one listed in an email scam use the common sense to say "this is obviously a scam on some level". A quick google finds even the most basic information and tell tale signs such as the article here.

The lesson here is that if you think you're going to get screwed, don't bend over willing.

Arthur Simmon, InTrust Domain, 1206AM.com are scammy. Steer clear!

In the coming months I'll finally get around to skinning this blog appropriately and getting away from this template. I have a few projects in the pipe-line and I am slowly making progress on all of them. Between prototyping a pet project I will reveal in the future (have to register the company name and the product name) and working on the domain for my own personal website, I'll get it finished at some point. For now though, enjoy this antiquated, bland layout.

Well, well.

It certainly has been a while since I've had any really meaningful posts. The truth is that I have been super busy working, studying or being lazy and playing Call of Duty: Black Ops. You know, 'Tango sucka!!"

At any rate, I've neglected to post on my blog for quite some time so I figured why not post about what I am working on currently.

Mein Kampf ("My Struggle" for the uninitiated)

I run a phpbb3 bulletin board system (not going to mention it here) and one of the struggles I deal with are the unknown hacks that malicious people in the darkest corners of the internet use to create un-approved users in the board db and post spam, steal email accounts to spam later or just be general jerks.

Actual screen shot from phpbb3 administration console. Note that the joined date is showing October 11th 2007, 12AM. Those users were created in the db on June 4th 2010 at 9:00pm. Very sneaky although amateur as user pruning would have removed these accounts next time it ran. The hack performed did not specify post counts and recent posts in the database and as a result user pruning takes a look and says "Who hasn't posted in X amount of days?" then prunes everyone who hasn't. (Prune means deletes the accounts or deactivates them depending on your forum's individual settings.)

The solution up to this point has been to ban APNIC, LAPNIC, RIPE via htaccess and constantly update revisions of phpbb3. Basically, a determination is made like this:

"Your not from the United States? No entry for you."

This reduced the spam issues I was having drastically in addition to not completely scaring me away from phpbb3 for insecurity. I also disabled new user requests since I personally know everyone on the board. This way it's invitation only no exceptions. My concern however is with the other fraction of ruffians hammering away from their computers in the United States or overseas kiddies proxying through US computers/botnets to do nefarious things. I see it everyday in my profession as I monitor intrusion attempts and attacks on networks.

I asked myself the other day if a guy who's profession is in the information security sector gets his WordPress hacked or his bulletin board system is defaced, does that make him bad at his job? Do others look down on him?

The truth is that, it happens. I've been fairly lucky thus far but the inevitability is that compromises can and will occur. The answer depends on whether or not there are known good backups, layered security and adherence to policy. What I mean by adherence to policy: no weak passwords, password cycling, log checking, etc.

For everything else, there is phpids.

Enter PHPIDS

PHPIDS acts as a filter over input that will do regular expressions and treating on that input then flag suspicious tags,  keywords, etc and take action according to your configuration. Using php.ini and pre-append you can setup phpids pretty quickly. The project has good support through the forums and a pretty loyal following of the most hardcore security guru's to average Joe.

Initially, false positives were a problem, but that was easily remedied by utilizing the white listing function adding the post and pm message fields.

This is a really great tool for the developers out there who have security concerns and would like to do something about them. Even with the "proper" sanitization of user supplied input, your adding of an additional layer of security that will keep you aware of one-off's and steady attacks as well as the newest attacks that might circumvent the common methodology.

My fiance mentioned this morning that her imitation "Chi" was borked' after less then a year of use.

For those of you who aren't in the know ( aka male ), the Chi is a highly regarded flat-iron that many women claim are known to be reliable.

Where's that scientific data when you need it eh?

When I bought the generic flat iron for my fiance, I did so because I couldn't justify the expense of a CHI. ( It just figures that I drive a Honda S2000 ). Anyways, I was able to repair the flat iron and I have detailed how to perform the repair below.

WARNING / DISCLAIMER: If you don't know what a soldering gun is or better yet don't have one, steer clear of performing this repair. Bottom line is I am not responsible what-so-ever for your actions. By continuing beyond this point you agree to the above terms.

Great, so I see you agree. Let's get to it.

The problem at hand with most flat irons "breaking" is that once the thermal fuse goes (ie. Excessive heat from being left on all day / overnight / etc), the circuit is open, the ceramic plates will not heat and you will have a broken flat iron.

Tools:

Wire Crimps or a Soldering Iron & Electrical Solder
Phillips screwdriver
Thermal Cutoff Fuse (depends on Iron. See details below)
Volt Meter

Troubleshooting

To begin, we need to confirm that the issue is the thermal cutoff fuse. The thermal cutoff fuse is a little electrical component fuse that will open the circuit when a certain temperature is exceeded.

This is what it looks like:

looks pretty innocuous right?

Taking apart the imitation CHI is fairly simple and straight forward. As you get it apart you'll find that the ceramic plate has a plastic backing that slips on and in the space between the thermal fuse is housed. In the picture below, you can see the thermal fuse inside a protective (plastic??) housing with thermal paste pressed against the back plate. In the picture below, I have taken of the plastic backing and exposed the thermal fuse.

To test the fuse, I set my volt meter for continuity and tested the thermal fuse. As you can see below, no continuity.

From here you need to identify what the flat irons thermal fuse specifications are by reading the part number and googling it. In my case, the thermal fuse was available at the local Radio Shack.
I soldered it it and was good to go. My thermal fuse was SEFUSE SF226E rated for 227°C, 10A and 250V~.

IMPORTANT!!!

My soldering gun is battery powered and is just below what the fuse is rated however I would recommend using crimps instead as an extremely hot soldering iron will destroy the fuse before your wife / girlfriend / mother get's a chance to use it.

UPDATE: Over at JoeDotCom.Com there is a great write up on fixing a switch of a flat iron.

Tell me what you think?

I am a HUGE fan of AutoIt.

I have used AutoIt to automate joining a computer to wireless networks as well as data entry from excel to 3rd party program's because of how rapidly you can program and how little you need to know prior.

Recently, I discovered a hex editor ("Hex Editor Neo") that supports a "patterning" feature which allows you to enter a hex code with a description of what it is and a coloring scheme which it will then apply to all occurrences in your current open executable. In my case, I wanted to load a color patterning scheme for all IL opcode instances for easier identification. I was able to find a list and move that data into excel.

Then, I recorded a macro with AutoIT and imported those opcodes into Hex Editor Neo.

Tell me what you think?

As someone who is developing an application using the .NET framework, I didn't put much thought into code obfuscation. My priority is to accomplish a specific task; A functional product.
Now I am not going to lie, I never much looked into the inner workings of .NET since I was never intrigued by it. For the most part, I had a general idea.

Today, I researched a bit on how it worked and in this post focused more on how it broke down.

Downloading the SDK for .NET proved to provided some rather valuable tools for exploring the technology. I don't have much time so I will speak specifically of IL DASM ( MSIL Disassembler) which when opening an un-packed .NET executable, will take apart the assemblies for that application. Before I get ahead of myself, let me focus on clarifying something first. MSIL stands for Microsoft Intermediate Language ( formerly as I read Wikipedia this is now referred to as CIL or Common Intermediate Language) which is a set of CPU-independent instructions that can be converted to native code. If you are a developer you probably know this, I am a novice and did not.

What this means to me or you is that it's a simple task to de-compile to source code from an executable.

( Pictured above is a commercial application written in .NET that couldn't even put up a fight. Trademarks and name specific's have been blocked for intellectual property reasons. )

I'd expand on IL DASM more but there is a tool much better suited for the job and it's called .NET Reflector.

.NET Reflector is more user friendly and it does something a little extra special. .NET Reflector allows you to convert from CIL Language to Visual Basic, C#, Visual Basic, Delphi, MC++ and Chrome live and on the fly.

You can see this behavior exhibited in the video below:

As you can see, we have great flexibility to take apart a .NET application and view source code with less effort than reverse engineering an application with a debugger and translating machine code. Additionally, with the Reflexil addon we can even change some aspects of the application.

It's really opened my eyes that source code is so easy to create from a .NET application and the problem hinges solely on the medium in which it's compiled, .NET.

Tell me what you think?

UPDATE: If you came here looking for more information about UPX, NETCAT and PACKING executables, see the third part of my series on Defeating AV.

When posting the conclusion of my antivirus study, I glazed over some core concepts and definitions of terms I was using because I wanted to complete the post.

This post is for those of you who's heads were spinning in that post.

Executable
An executable is a program. A program is a collections or group of functions that accomplish specific tasks as designed. For instances, internet explorer is a program that allows you to browse the web.

Executable Compression (UPX for example)
Executable compression is similar to a self-extracting Winzip archive except in terms of an application itself. Primarily, it's use is to shrink file size.

EXE Packing
Packing is the process of taking an executable and making it's code un-decipherable but still executable by an operation system. This process can be done a few ways and is generally accomplished with the use of a 3rd party program such as Aspack, Armadillo or any other industry standard. These commercial packing programs are used by game developers, software engineers and other industry professionals to thwart hackers from cracking thier applications and releasing them on P2P networks. Unfortunately, anything that can be done to an executable can be un-done as there is always a finite point of entry and people who are exceptionally good at reverse engineering.

Manually Packing Executable
Manually packing an executable is something more advanced. This is the process by which one develops a custom encryption routine and applies that routine to an executable (like we did in my previous post following instructions from google.)

Morphine
Morphine is an aptly named executable developed to cloak nefarious application from AV. In it's hayday Morphine would trounce AntiVirus solutions with no problem. It's use coupled with UPX would leave the most common virus or trojan executable undetected by AntiVirus and additionally, it still serves to this date to mask packed malware from AntiVirus solutions.

Batch Script
Batch scripting is built right into windows. It allows for automation of operations a user would normally have to follow through with manually. In my previous post, I used a batch script to automate running NetCat through a UPX packer and then through Morphine. I specified the input and output path in variables at the top of our script, then prompted for the imagebase address from LordPE and set a variable from that input so Morphine could do it's work on our executable.

LordPE
LordPE is yet something else I glazed over. LordPE is a tool when working with executables that allows for absolute control and easy execution of advanced operations. The sum of which is more complex and convoluted to describe in a single post. Perhaps some other day?

Tell me what you think?

Previously, we touched on the concept that AV is not infallible as you would be lead to believe by advertisers. This post is the continuation of that study.

PART III

continued from here

To begin, I decided to compress NetCat with UPX. The syntax and flags used were as follows:

"upx C:\NetCat\nc.exe --best --ultra-brute --compress-icons=3 --strip-relocs=1"

Now that it has been compressed, let's take a look at the virgin executable's virus total scan first to find out what AV's detected it.

From the results, we see that these 21 different AntiVirus solutions were the only ones to detect our UNPACKED executable. Technically, NetCat is not a virus or malware but the potential for it to be used as such exists; as a result of this it should be flagged by all and an optional detection in their configurations.

Now that it's been packed, I decided to see if our simple one time packing of the executable would be sufficient to hide from any of our antivirus solutions, so I uploaded it to Virus Total expecting to have 21 total detections once more.

I was wrong.

Out of our list of AV's, only 15 detected NetCat as it was before and 1 just flagged that it was packed not even detecting the real threat.

But were not done yet are we? Dig in, it's only going to get messier from here.

I decided to write a batch file that would process the executable sequentially through UPX compression and something I haven't touched on until right now called "Morphine".

The actual code for the batch was:

@ECHO OFF
REM: Variables
REM:************************
SET INPUT=C:\HackTools\NetCat\nc.exe
SET OUTPUT=C:\Users\Admin\Desktop\nc.exe

@echo.
@echo ******************************************
@echo * Compressing Executable with UPX *
@echo ******************************************
@echo.

C:\HackTools\Packers\upx\upx --best --ultra-brute --compress-icons=3 --strip-relocs=1 %INPUT% -o %OUTPUT%

@echo.
@echo ******************************************
@echo *** Opening LordPE to Obtain Imagebase ***
@echo ******************************************
@echo.

start "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" "C:\HackTools\exetools\LordPE\LordPE.exe"

@ECHO Path of executable is %OUTPUT%
@echo.
@echo.
@echo.

:imagebase
set IMAGEBASE=
set /P IMAGEBASE=Type input: %=%
if "%IMAGEBASE%"=="" goto input
echo Your input was: %IMAGEBASE%

Pause

@echo.
@echo.
@echo.
@echo ******************************************
@echo * Morphine is crypting the executable *
@echo ******************************************
@echo.
@echo.
@echo.

C:\HackTools\Packers\Morphine\morphine.exe -b:%IMAGEBASE% -o:%OUTPUT% %OUTPUT%

PAUSE

Morphine which has been around for quite some time in the underground blackhat hacker circles, is used to make executables "KAV undetectable". I downloaded a dated version of Morphine in hopes that a 2004 release of the tool would have been reverse engineered by AV companies and easily unpacked to reveal the executable being masked. KAV (which is short for Kaspersky Antivirus) is apparently used as the benchmark of detection when it comes to masking malware by the underground of virus and remote access trojan writers. Floating in IRC (Internet Relay Chat) chatrooms and researching for this post in google, I find numerous posts referencing Kaspersky as the antivirus to beat and as such my expectations of it's performance are naturally higher than that of the others.

It was time to process our executable.

As you can see from the video above, I run our batch script which compresses our executable then packs our executable with Morphine. Then I upload it to Virus Total and take a look at the results.

As you can see, the majority of antivirus solutions are only detecting that the file has been packed and some even identify the packer. Few detect the true identity of our executable, which is NetCat.

This is a double edged sword.

On one hand we are being flagged which is good, but on the other hand if we cannot identify the true identity of an executable and are subverted by packing, then we may subject to its true intentions. Additionally, we have false positives of different viruses by some av's.

We have seen that Morphine is for the most part detected now and unfortunately only a handful of Antivirus solutions even identify our masked executable as NetCat. But we must keep in mind we did not have a 100% detection ratio and additionally we used a tool that was dated. To me it is un-acceptable for any Antivirus to not detect Morphine after this much elapsed time. Just think to yourself, what happens when we use the most current releases?

Since I am not part of the underground group of people who specialize in these activities, I frankly don't know where to go to get the latest release. I am sure with some crafty googling I could find it but I don't need to at this point. If a tool that is 5-6 years old can still mask an executable, it's not a stretch to assume the most current release slips under the radar as well, which brings me to the last and final stage in this demonstration.

From the research I had done, I found that many virus and trojan writers wrote their OWN packing/encrypting routines to mask their malware leaving Morphine out of the equation altogether. This is a HUGE problem for AV and you. If your AV doesn't have a signature to compare with there will be no detection.

Packing It Myself

I decided to finish this post by attempting to pack an executable myself based on information gleaned from google and google I did. I searched google with this search string "exe packing" and clicked the first result with skepticism.

In 30 seconds or less, I had enough information from google to not only write my own encrypting routine but mask NetCat from 31 out of 39 AntiVirus solutions!!!!!!!!!

Following the instructions from google result http://davidiorg.blogspot.com/2008/06/exe-packing-hard-way.html, I was able to evade 31 out of 39 antivirus solutions.

NOTE: David has a pretty clear explanation on his site that someone who has intermediate knowledge of the topic could easily understand and execute.

The results of packing netcat are chilling.

As you can see, with little effort and google, I was able to successfully bypass all but 8 AntiVirus solutions. Few of those solutions which were mainstream and advertised even had a detection let alone identified NetCat.

Conclusion and Q & A

When I started this post, I decidedly set out to expose that of which I already knew to be true. I didn't expect however that a google would give me enough information to pack netcat and evade that many av solutions with little know-how or effort especially since the information posted was done so in 2008. Antivirus solutions need to reinvent the wheel and get with the times if they are to survive in the wild wild west ages of the internet.

What antivirus is the best for me to use?

In my opinion there are a couple different solutions available that I would recommend. I personally use AntiVir XP which is free for non-commercial use. Kaspersky from what I have seen in hacking forums researching, shows the highest level of visibility in that it's very good at thwarting coders; which is why it appears to be the standard to beat. However, the results of manually packing the executable did not look favorably on Kaspersky so I really don't know what to think about KAV. Additionally, KAV may have intentionally not detected netcat as netcat can be used for good or bad. Sophos also appears to have high visibility and NOD32 is allegedly the best hueristical scanner available however NOD32 failed to catch NetCat... Intentional?

My company uses XXX Anti Virus and we've never had any issues. How is your "study" relevant?

Rootkits. The idea that if your not showing symptoms you can't be infected is a fallacy that many believe. Blackhat hackers aren't you average novice banging away at their keyboard 2:30 in the morning, rather they silently continue to monitor and steal information without you ever knowing any different. This is more dangerous than a conventional threat because a virus or trojan will rear it's ugly head eventually and you will take the nessesary precautions to protect your credit/identity/credentials/etc. A rootkit is similar to a trojan except it's a completely silent killer that modifies it's host operations system. It does this in such a manner that it's exceptionally hard to find or detect and often the best policy is to completely wipe the system.

What else can I do to protect myself?

Read. Read as much as you can about how viruses and malware work. Become familiar with common methods and common viruses. Monitor or subscribe to hacker publications.

I didn't understand some of the terms you used.

Go here -> A Glossary of Terms!

Tell me what you think of my results.