Irregular Expressions

November 23, 2011  4:31 PM

Kevin Bacon was wrong all along

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Well Frigyes Karinthy.

I have been working on an idea that was similar but I was thinking more of personal contact.  How it would travel between sites, say if someone sneezed on you in LA, then you fly to Vancouver then sneeze on a few more people etc…

November 21, 2011  4:52 PM

I love free learning

Dan O'Connor Dan O'Connor Profile: Dan O'Connor


November 21, 2011  4:45 PM

Manning case date

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I just saw this come up.

I am not sure if he has any chance at getting out of this.

November 21, 2011  4:36 PM

The dangerous world of interconnected devices

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

It might be worth looking at devices in the sense of do we need to connect this to the internet or not?

Just throwing a device on the LAN does not cut it, why do you need to have this connected to the workstation LAN and Internet?

Build separate infrastructures, or at least VLAN it off in to it’s own network, control and monitor your access points.  Block out bound useless services, why do people need to have web access from the server VLAN?  Does your SCADA system really need to be accessible from the Internet or have access?

The point is not to “win” but to educate the stake holders so they can make an informed decision.

November 21, 2011  4:20 PM

Well that’s interesting, and I am not clicking on those.

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Anti-Sec strikes again,

Anon has hit a big fish.

Just remember that ToR is good, but there has been proven attacks from time to time to break it’s security.

November 21, 2011  12:55 AM

Windows 8 Bootkit to be released

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

If you check out there is a speaker lined up to release a Windows 8 bootkit.

You can see his other releases here .

I would have to admit that trying to protect software is not on my list of dream jobs, it’s not easy to do.  I would even call it difficult, as you can tell by all of the pirated software you can download.

November 19, 2011  12:03 AM

Industrial data theft

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I am not sure if this is getting worse, or if it is just being detected more.

This has to be both, I know this will keep happening.  I also like to think that the people defending these systems are getting better at it.  That second part might be wishful.

The whole system needs to move from reaction to prevention, we are off to a good start but there is work to do.

November 18, 2011  11:48 PM

Web Vulnerability Assesments

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I have used this tool a few times and I really liked it.  Comparing it to some of the others I have used, it’s got a good interface just like the big boys, but not the big price tag.

It can be used by even people that know little of Web VA’s it will hold your hand through the process.

November 18, 2011  11:42 PM

TCP Session Hijacking

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Part of taking over a TCP session is knowing how it works, that’s why I was previously talking about the TCP handshake.

To take over a session there is a few general steps that need to be done.

1. You need to know the ISN, there is a few ways to do this.

  • In between, the conversation.  Using some sort of sniffer to watch the traffic to know the ISN.
  • Guess, that is not as easy as it was since before RFC 1948.
  • Use source routing, but that should be disabled.

2. Once you know the ISN by one way or the other you then need to take the session over.  As the session is being taken over the client that is being replaced needs to be knocked off the network.  Typically this is done with some sort of DOS.

In most cases this is used to gain access to a target system, back in the days of telnet.  You could take over the session then through the needed commands to setup a shell to the machine.

This type of attack is still useful for other things, http sessions and other non-encrypted traffic.

November 18, 2011  10:03 PM

TCP Threeway Handshake

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I have been doing some research for a project and I wanted to share some things.  During the three way handshake each host sets it’s own ISN.

  • Host 1 sends a SYN packet to Host 2 with A as the ISN (Initial Sequence Number), this number should be non-predictable.
  • Host 2 responds back with a SYN-ACK the an ACK number of A + 1 and ISN of B.
  • Host 1 responds back with a ACK with the ACK set to B + 1 and a ISN of A + 2.

If you add a -S to tcpdump you will see the absolute sequence numbers instead of relative.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: