February 22, 2011 11:11 PM
Posted by: Dan O'Connor
hash,
John The Ripper,
md5Rainbow tables are a very very quick and effective way to figure out a password, but they have a big problem, and I mean big. They are incredibly large, the more you pre-hash the bigger they get, they can be in the terabytes depending how many characters you are doing.
The other method is effective but trades the size of the pre-hashes to time. You can do an incremental brute force of the hashes.
Typically I would use some dictionaries, and a list of known passwords. You can get these from a variety of sources and I would recommend running more then one, they don’t take very long at all to run. Once I have run through the lists I will start up the brute force and let it run.
February 22, 2011 11:04 PM
Posted by: Dan O'Connor
John The Ripper,
md5. jtrSo there is a few types of hashes you may come across, on most Unix type systems you could have a MD5 hash password file. But not just a MD5 hash, these will include a salt to make the hash unique.
Now other systems will use hashes, say like a web application. Now you could do these with a salt but many web developers ether don’t know this or assume that is already there, you can pick. With out the salt a string will always hash to the same result on every system, this is a problem. You could use something like a rainbow table, where you have a pre-hashed password list so you can quickly look up the password.
February 16, 2011 4:15 PM
Posted by: Dan O'Connor
linkshttp://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/
Not as exciting as I hoped, pretty standard stuff.
SQL Injections
Bad Passwords / Hashing
Social Engineering
Ta-Da!
February 16, 2011 12:46 PM
Posted by: Dan O'Connor
links,
Stuxnet,
stuxnet source codeHere is some information regarding ties HBGary had to Stuxnet,
http://crowdleaks.org/hbgary-wanted-to-suppress-stuxnet-research/
But the best part is, HBGary had access to the worm it self and you can get it here.
https://github.com/Laurelai/decompile-dump
I have not had a chance to review it yet, but I am hoping to get in to it this weekend.
February 16, 2011 11:59 AM
Posted by: Dan O'Connor
links,
wikileaksIf you have not been following the fun with HBGary and Anonymous you are missing a real show.
http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars
http://www.wired.com/threatlevel/2011/02/spy/all/1
Some of the strategies suggested with what is suspected to be Bank of America are a little off, suggesting to break laws not to mention the moral implications of a corporation trying to bully a citizen.
I thought the social media stuff was interesting, it’s the same thing I have used before in tracking down bot herders. Although sending around pictures of someones children significantly raises the creep factor on the whole thing, I don’t see how that is relevant even to a spear fishing campaign.
Also you can grab the db dump of the accounts from rootkit.com (you will see how that is connected) if you want to have some fun cracking passwords. I will write a brief how to in a couple days to get you started.
February 14, 2011 4:28 PM
Posted by: Dan O'Connor
linksThis looks like loads of fun,
http://blogs.computerworld.com/17820/hackers_use_hidden_device_to_manipulate_news_at_wi_fi_hotspots
Of course you could use it for more bad then good.
February 14, 2011 12:02 PM
Posted by: Dan O'Connor
malwareThis is an issue I have with casual and even malicious malware, in the majority of cases the goal of this software is to steal money or identities. But when this software gets onto a network that does something that lives depend on, it’s a pretty big deal.
http://www.techworld.com.au/article/376509/nsw_ambulance_computers_coming_back_online/
If someone got injured or killed I would hope that if they could find who created the malware and that they would be charged with man slaughter. When this software is created I don’t think that the authors are actually thinking that someone could be seriously hurt by it, but saying that they know what they are doing is wrong in the first place. Also I know that an author of malware will say that its not their fault, and that the administrators of the network should do a better job defending the network. That is just like breaking into houses and saying its not your fault they should have an alarm and better door lock, OR you could not break in to the home in the first place.
January 31, 2011 3:15 PM
Posted by: Dan O'Connor
configure snort,
ids,
snortNow with Snort installed we need to do configuration and get some rules.
cd /usr/local/etc/snort/
Make sure to setup your HOME_NET and configure any additional paths for your rule sets.
Go to snort.org and create an account, then get an oinkcode. Now you can use the command like to download your rules. I would do this from /usr/local/etc/snort.
fetch http://www.snort.org/reg-rules/snortrules-snapshot-<version>.tar.gz/<oink code here>
Next unpack,
tar -xvf snortrules-snapshot-<version>.tar.gz-gooble-gook
Now you need to enable snort in /etc/rc.conf and set the interface in there also.
snort_enable="YES"
snort_interface="int"
Snort will start now, next task is to configure your logging. I will be using syslog on mine to forward to a SIM, but that will also log to the local machine.
January 31, 2011 11:23 AM
Posted by: Dan O'Connor
file sharing,
p2pI can’t say that this is shocking, I always though it would be a smaller number then 200.
http://www.informationweek.com/news/security/cybercrime/showArticle.jhtml?articleID=229100374&subSection=Security
There is always that small group of people that know what they are doing and are the ring leaders. I would suspect that this information will be used to change how P2P file sharing is dealt with, it would be more effective to go after the 200 up-loaders then the 1000′s of down-loaders.
Really it makes no sense why you would not do that in the first place, maybe they did not even look?
