Jun 14
Posted by The Gunslinger in forensics, malware, microsoft, pentest, security | No Comments
A high level overview to perform live memory captures and analysis:
Jun 13
Posted by The Gunslinger in forensics, news, security | No Comments
The tool of the day is FireShark, a free web analysis tool. This is great to have in your toolbox for IR. FireShark will generate a mind map of a given webpage — think of it being a graphical representation of NoScript i.e. the map for Amazon.com would show quantcast.com, google-analytics.com, facebook.com, and twitter.com connected because it loads javascript and or images from those pages. The tool consists of a Firefox plugin with some additional perl scripts.
Now, if the authors would add geolocation to the maps we could quickly see if a site is pulling from a server in Russia or China would could be an obvious sign of infection….
Jun 12
Posted by The Gunslinger in apple, news, privacy, security | 1 Comment
According to this zdnet article, when plugging your iPod into an Ubuntu machine the device is mounted without ever being prompted for a PIN code. This is working on non jail broken iPhones. I’m surprised the article only names Ubuntu — surely this must work for other distributions? Unfortunately I don’t own an iPhone to test first hand.
On a side note, is Ubuntu taking over the world? Sometimes you don’t want to make things too easy otherwise all of the idiots will flock from Mac and Windows and plague all of our favorite distributions with requests for ports of ___ (insert favorite fan boi single platform software here).
I’ve gotten tired of Road Runner’s DNS redirection/hijacking service which I opt out of yet it keeps coming back. I decided to do some DNS benchmarking, comparing my assigned ISP name servers against publicly provided DNS such as Google. The results were very surprising. It turns out I have less latency and hops reaching some of the publicly available DNS servers instead of those provided by my ISP (the servers actually resolve lookups faster).
Here’s what I did:
Coincidentally, Symantec has just released their own version of a public DNS that provides malware filtering. You can read The H article here. Symantec’s “secure” DNS servers are 198.153.192.1 and 198.153.194.1
I recently stumbled upon to great blog posts regarding Kindle forensics. Eric Huber’s ‘A Fistful of Dongles’ blog has some interesting initial analysis on imaging the Kindle and key artifacts to zone in on.
Part 1: A Cursory Look at Kindle Forensics
Part 2: Additional Thoughts on Kindle Forensics
Some interesting data Eric discovered:
I subscribe to the Privacy Rights Clearinghouse newsletter. If you’ve not been to this site before and you’re interested in privacy it’s a worth while bookmark. They recently published their ‘Summer Vacation – Privacy Primer‘ which has an interesting article on spotting ATM skimmers. Skimmers are hard to detect; your best recommendation is to stick with cashing checks through a teller (or rely on your credit card if you have the self control) Personally I’m guilty of believing I’m not at risk living in the suburbs; unfortunately it will take a come to Jesus moment (ahem, getting burnt) to slap some reality in me.
You can view the ATM Skimmer Awareness presentation here.
May 24
Posted by The Gunslinger in google, news, privacy | No Comments
According to this H article, Google is beginning to beta a new feature of providing SSL for their standard web search service. As one commenter noted, Google is still collecting the same information from your searches but this will limit 3rd parties from eavesdropping on your search queries. Remember SSL doesn’t guarantee absolute privacy as there’s Moxie Marlinspike’s work, chance of CA intermediaries, and your employer loading their own trusted CA’s into your corporate devices.
In 2008, Data Loss Prevention (DLP) was becoming the latest trend, hype, buzzword. This slowed down in 2009 as with most technology because of everyone tightening their belt (purse strings). I’ve been wondering how long it was going to take for an open source DLP solution to take off. Please correct me if I’m wrong but it appears opendlp may be the first on the scene. While still in its infancy (at a minor 0.2.1 release) it already has a web front end and a deployable agent for clients (monitoring data at rest). It supports regular expressions which should make it flexible. Without a WYSIWYG policy builder like you’re getting with off the shelf products you’re sacrificing ease of use vs. power and flexibility.
So far I’ve only used a pilot of Symantec’s (formerly Vontu) DLP product for my employer. I had a blast testing it out on the network especially because of its flesh tone filter (if flesh_tone_filter then email me pr0n). It’s a shame we may not see flesh tone filtering in opendlp any time soon; isn’t knowing where the pr0n is more important than the company’s lifeblood, intellectual property?
May 4
Posted by The Gunslinger in news, security | No Comments
The Apache foundation has received a lot of praise from the security community recently for their uncensored disclosure of a recent breach. (In case you missed the story, you can read Apache’s write up of the incident here) This goes back to the security community lobbying for full breach disclosure especially by private sector where we’re seeing it the least. It’s the prisoner’s dilemma and so far we’re all getting screwed.
That being said, Philip M. Gollucci from the Apache Infrastructure team did an excellent interview on the Eurotrash Podcast. You can download the mp3 here.
Apr 20
Posted by The Gunslinger in forensics, malware, news, security | No Comments
So you want to get your feet wet?
Tags: javascript, malware, pdf, re, tools
You are currently browsing the archives for the security category.
Arclite theme by digitalnature | powered by WordPress