|
.: June 2006 Archives
PolarCove has a number of nice papers on their site, but of particular interest is a paper on wireless LAN discovery tools and wireless MAC spoofing detection. Both papers include exact Ethereal/Wireshark filters to use.
by michael 06.01.06 at 8:34 PM in /general -
Netsh is an oft-overlooked tool to configure tcp/ip settings in Windows from the command-line. This small post illustrates how to effectively use the app.
by LonerVamp 06.01.06 at 8:52 PM in /tools -
This is the online book copy of HackNotes: Web Security, which really looks like a good read. I really like this entire series of books as they are packed with good information.
by LonerVamp 06.01.06 at 9:05 PM in /web -
This post is an interesting viewpoint on myths about security and passwords. Must "out-there" is the opinion that changing passwords regularly is now dead and does not enhance security at all.
by LonerVamp 06.01.06 at 9:46 PM in /general -
Been working on WSUS as a work project (second job in a row for it), and I just wanted to spill out a bunch of links about WSUS.
MS WSUS Blog
WSUS Forum
WSUSWiki
WSUS Beginner's FAQ
Microsoft WSUS newgroup
related scripting site
And if you want to use WSUS but do not have Active Directory (Group Policy) in use, you can still use WSUS with some manual scripting of registry settings.
by LonerVamp 06.01.06 at 10:08 PM in /tools -
A paper on IIS 6.0 security. IIS 6.0 is much more secure out-of-the-box than II5, which means the challenge comes in opening 6.0 up enough to make it work (whereas 5.0 needs closed down enough to be secure). This is easier said than done when unfamiliar with what is actually needing to be opened up...
Want to know how to Hack IIS? Then read the Hacking IIS Tutorial. I have not read this yet, but it looks pretty useful and thorough.
by LonerVamp 06.01.06 at 10:17 PM in /web -
I've long kind of had an idea that makers would put backdoor passwords into BIOS implementations, but never really looked into it. Then I happened upon this posting one day which lists a lot of backdoor passwords for various BIOS platforms and versions. Pay particular attention to the mention that some BIOS lock themselves after a few incorrect attempts, so be cautious. I've not tested any of these, but it would be very fun to play with.
by LonerVamp 06.09.06 at 11:50 AM in /general -
Not many people realize there is a component to Windows XP called the Prefetcher. Even fewer desktop/system support people realize the significance of it. This prefetcher for Windows keeps a cache of a lot of programs downloaded by Windows, and acts independently of IE. So if you clear your cache in IE, your downloaded files might still be found in the prefetcher. Most people are tipped off to this location only after a piece of malware has been downloaded (automatically or by accident) and a copy was saved in the prefetch area of Windows, generating an AV alert pointing to this location. This short link is a start to managing the prefetcher cache.
by LonerVamp 06.09.06 at 12:04 PM in /general -
Creating services in Windows is one of those frustratingly annoying things that many people would love to do, but is typically difficult to find information on how to do it. In fact, you can't really do it unless you're a programmer or you have some extra tools from Microsoft. I guess this prevents every John Doe Idiot from completely screwing up their computers with crappy service lists. I am happy to have found this quick post on how to create your own services.
by LonerVamp 06.09.06 at 12:07 PM in /general -
This is an awesome article on how to use RRDTool to monitor a wireless network.
by michael 06.09.06 at 12:56 PM in /general -
This is a monster article on external attacks, largely from the point of view of Linux since this was in a Linux magazine. Many books cover this entire spectrum in hundreds of pages, but this article condenses it down nicely, albeit it is really packed with info.
by LonerVamp 06.09.06 at 1:01 PM in /general -
Security Wizard/Talisker/NetworkIntrusion.co.uk has a site up giving a round-up of end-point security tools. This is especially popular due to the heightened emphasis on end-point security lately, in particular laptops and other mobile devices.
This site is more than just a host for their radar, but also compiles huge lists and summaries of a lot of security tools, in as non-biased a way as they can.
by LonerVamp 06.12.06 at 2:20 AM in /tools -
HoneyBot has been released and is a honeypot app for Windows. This is pretty downright cool, and I need to find a box/place to put this up sometime...link found through Darknet. There's two systems I've wanted to have for sometime: a honeypot to play with people/apps that break in and a firewall/sniffer that just collects traffic and statistics.
by LonerVamp 06.12.06 at 6:49 PM in /tools - comments(1)
Spaceobserver and Treesize are some interesting and well-equipped tools for storage utilization analysis on systems. Free evaluations are well-worth it.
by LonerVamp 06.12.06 at 7:34 PM in /tools -
Malware is an amazing little hobby to have, and these two paper cover malware analysis brilliantly.
part one
part two
by LonerVamp 06.12.06 at 10:29 PM in /general -
cURL is a Windows utility in much the same vein as the generic "GET" command in *nix where you can run "http-style" requests from the command line. Pretty nifty!
download
faq
by LonerVamp 06.14.06 at 6:16 PM in /tools -
WinSSHD is not a free app, but is still one of those rare Windows-based SSH servers. A few other tools to download on their site as well.
by LonerVamp 06.14.06 at 7:28 PM in /tools -
RogueScanner is a rogue wireless access point detection tool. Pretty cool...and it's free! Also peek at the other free tools available here, Packtyzer (Ethereal front-end, as if there needs to be another one...) and BlueScanner which scans for BlueTooth devices. To be honest, both of the scanner tools are pretty nice for being free tools!
by michael 06.14.06 at 7:37 PM in /general -
A GUI for the Windows XP firewall sounds like a wonderful idea...if there weren't better firewalls out there that I trusted more, like ZoneAlarm or Sygate. Still, might be cool to try out.
by LonerVamp 06.17.06 at 10:39 PM in /tools - comments(1)
IM Lock sounds like it can lock IM programs from operating in Windows. I think this can be better solved with software policies and audits, and removing admin rights for users. And the method to get around all of the above, using stand-alone, non-installable "underground" apps for IMs still works regardless of any of these methods. So...might be interesting in case someone wants something like this.
by LonerVamp 06.17.06 at 10:46 PM in /tools -
Wow, just wow! This is one of the hottest and best links I've seen in a long time. I HAVE to try this out. I've worked on cracking WEP before on my neighbors, but I always had to resort to using a livecd Linux install (since I don't have a permanent Linux box around). Cracking WEP with Windows XP is a huge, detailed, complete article which I am tempted to actually copy/print just to make sure I always have it.
This was found whilst checking out a site I'd not seen before: wardriving.com.
by michael 06.20.06 at 6:09 PM in /general -
NetBIOS Null Sessions are elementary and a first stop for anyone performing system recon. They should always be turned off, and this link is a nice reminder of the issues, the dangers, and the fixes.
by LonerVamp 06.23.06 at 11:54 AM in /general -
The paper, Insertion, Evasion, and Denial of Service: Eluding Intrusion Detection, is the definitive guide to beating IDS and has been the foundation of IDS attacks ever since. I must read this sometime, for historical reasons and more.
by LonerVamp 06.23.06 at 10:40 PM in /general -
Having just watched Dan Kaminsky's Black Ops of TCP/IP 2005 presentation that he gave at the 22nd Chaos Communications Congress, I have a couple links on dns snooping, which he (in typical Kaminsky fashion) utilized in creative fashions. First, a paper on dns cache snooping. And second, a site on how dns snooping actually works.
by LonerVamp 06.23.06 at 10:42 PM in /general -
I should get the Log Parser book sometime, as it goes over things on this site about the Microsoft logparser tool. This should be useful to use to perform adhoc and maybe some scripted queries against single or groups of logs.
by LonerVamp 06.24.06 at 9:31 PM in /general -
Article on attacks against web servers (app level) and mitigations to stopping them, with full examples on the attacks. Some interesting things to try out someday would be mod_security and Tripwire-like programs to monitor file integrity. I would love to start getting alerts like these on my own systems whenever something changes, even if it is me updating a web page on my site. I also have a project to get some sort of centralized monitoring on my network to check for creation/changes to local user accounts and other things. I'd love to be able to centrally pull my firewall logs (Sygate), but I bet that will require my own scripting. At any rate, the paper is much of the same tried-and-true stuff with security, but the examples are pretty cool.
by LonerVamp 06.24.06 at 9:42 PM in /web -
Sometimes you need to regularly runas an admin in Windows, but you might not necessarily want to give the user the local or domain admin password or save it in a cleartext file or shortcut or run over to type it in when needed. These are some options for secure ways of performing a runas. I've once used CPAU and it worked rather well. I had to give a SQL DBA access to production SQL servers and allow him to access other servers through admin shares via Enterprise Manager. Rather than give him a domain admin account or mess with permissions or store it in cleartext in a file or shortcut where he could look it up if he wanted to, I made a "secure" shortcut using CPAU. Pretty slick, and while it may have holes, it likely will stop any insiders from easily obtaining the credentials. This can be used for lesser instances like a user's program that might need some admin rights somewhere and not run otherwise.
Thie page has a bunch of choices for situations where runas needs to be secure.
by LonerVamp 06.24.06 at 11:08 PM in /tools -
Sans has a bit on defeating a DOS attack. They also have a webcast I'd like to check out on the same topic.
by LonerVamp 06.25.06 at 9:14 PM in /general -
There is a fairly new blog out called Checkmate that deals with forensics and other things security. Here are some choice pieces to check out so I can catch up:
rainbow tables
timestompe
xp's built-in spyware
userassist
apache and squid logs
by LonerVamp 06.25.06 at 11:56 PM in /general -
A thorough examination of sql injection attacks using examples.
by LonerVamp 06.29.06 at 9:23 AM in /general -
A SANS Tool Talk Webcast: Anatomy of an Attack.
by LonerVamp 06.29.06 at 9:36 AM in /general -
Cleaning out some old bookmarks I came across this pretty cool find: a forum tutorial on recovering and then cracking cached domain credentials on a Windows machine. Not only is this tutorial practical to follow and use, but it gives ammunition to anyone who challenges setting Windows cached credentials to 0. Sadly, this butts right up against laptop users who, when they log in at home, need the cached credential to use the system.
For possible future pen-test work that I'd love to do someday, this might be useful to test policy. If I can get my hands on a system or even get a local admin to come over and troubleshoot my system by logging in as himself, I can use that cached credential and crack it. This is exactly why I made sure to let users log in right after I had been logged into their machines to clear the 1 cached credential that I allowed my systems to retain.
by michael 06.29.06 at 10:33 AM in /general -
This is a LinuxExposed article on wireless hacking.
by michael 06.29.06 at 10:38 AM in /general -
PublicIP.net has open source (read: free!) tools for hotspot operators. Granted, the tools are not *quite* as feature-laden as expensive commercial tools, but I must say this looks pretty darn amazingly useful anyway, especially for small coffeeshops or local hotspots as opposed to the national franchises or hotels or something.
by michael 06.29.06 at 10:49 AM in /general -
Airpwn is a quick C tool that can inject http content (and other content) into wireless 802.11b networks. Tested at Defcon12; supposedly the only reliable part of the tool is to replace all http images with an image/redirect of your choosing. Might be interesting to play with on a nix box.
Update: article on using airpwn.
by michael 06.29.06 at 9:40 PM in /general -
by LonerVamp 06.29.06 at 10:36 PM in /general -
NRMC has posted a presentation delivered at Schmoocon this year on Hacking the Friendly Skies. The presentation starts out like most any discussion on wireless security, but then takes a turn for the sinister by delving into FakeAP attacks. What really makes this presentation excellent are the later reports of just how many systems were found. When you combine Windows XP's affinity for associating to anything that says hello and user affinity for not patching their systems and running a firewall you get some pretty satisfying results. And if you look closely, some of the vulnerable systems were some pretty trusted/important-sounding people. Yikes!
by michael 06.30.06 at 11:10 AM in /general -
|
