Irregular Expressions:

December, 2011


December 30, 2011  10:10 PM

Out of band Microsoft patch



Posted by: Dan O'Connor

You know it's bad when they do this. Every other article I have seen says it's a DOS but the bulletin here says that it's escalation of privilege. Bad. http://technet.microsoft.com/en-us/security/bulletin/ms11-100 Test and deploy.

December 30, 2011  9:56 PM

Next certification



Posted by: Dan O'Connor

I am currently undecided on the next course I am going to be taking. I would really like to take the Reverse-Engineering Malware: Malware Analysis Tools and Techniques FOR610 this is an area I would like to improve on. The other choice is the Computer Forensic Investigations - Windows In-Depth...


December 30, 2011  9:48 PM

Domains to block



Posted by: Dan O'Connor

I have yet to encounter these domains, but it's still a good idea to block them before they are a problem. http://isc.sans.edu/diary.html?storyid=12280


December 30, 2011  9:44 PM

WPS brute force



Posted by: Dan O'Connor

I have been on vacation for a bit, I just noticed this. http://isc.sans.org/diary/Wi-Fi+Protected+Setup+WPS+PIN+Brute+Force+Vulnerability/12292 The linked white paper is well done. I have never enabled this service on the home setups I have done, but if you know someone that does time to...


December 30, 2011  9:38 PM

Cobit passed



Posted by: Dan O'Connor
Cobit exam

I passed my Cobit exam! I found it ok, it was not too difficult but they do like to play with words.


December 17, 2011  12:13 AM

Can you crack it (Part 8)



Posted by: Dan O'Connor
can you crack it solution, canyoucrackit solution

There is a few things we are going to need to get this to work;


December 16, 2011  11:35 PM

Can you crack it (Part 7)



Posted by: Dan O'Connor
can you crack it, canyoucrackit solution

Here is the contents of the JS file.  The file explains exactly what we need to do.  Lets dig out some perl and see if we can write something to run this.

//--------------------------------------------------------------------------------------------------
//
// stage 2 of 3
//
//...


December 16, 2011  12:38 AM

Can you crack it (Part 6)



Posted by: Dan O'Connor
can you crack it solution, canyoucrackit solution

This would be the point where I would go get a cohort to do the debugging of the application for me, but since I don't have one and none of the tools I have been trying for the last couple days seem to be working.  We are going to link to one that is working. http://pastebin.com/bsHXs4PG Dr....


December 16, 2011  12:25 AM

Can you crack it (Part 5)



Posted by: Dan O'Connor
can you crack it solution, canyoucrackit solution

We now have our unicode.

QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR.78jKLw==
Here is something that should decode it for us.
#!/usr/bin/perl
use Compress::Zlib;

use MIME::Base64;

$new =...


December 13, 2011  4:40 PM

Can you crack it (Part 4)



Posted by: Dan O'Connor
can you crack it, can you crack it solution, canyoucrackit solution

I tried running the file.exe created, it does not appear to do anything.  It's important but I don't know what to do with it just yet. The thing I find odd was the hex was given in a png, that's worth checking out. I have both sets of files on my SIFT Workstation.  I will start with my...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: