Irregular Expressions

February 22, 2011  11:04 PM

Using John the Ripper to brute md5 hashes – Part 1

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

So there is a few types of hashes you may come across, on most Unix type systems you could have a MD5 hash password file.  But not just a MD5 hash, these will include a salt to make the hash unique.

Now other systems will use hashes, say like a web application. Now you could do these with a salt but many web developers ether don’t know this or assume that is already there, you can pick.  With out the salt a string will always hash to the same result on every system, this is a problem.  You could use something like a rainbow table, where you have a pre-hashed password list so you can quickly look up the password.

February 16, 2011  4:15 PM

Info regarding the HBGary hack

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Not as exciting as I hoped, pretty standard stuff.

SQL Injections

Bad Passwords / Hashing

Social Engineering


February 16, 2011  12:46 PM

More HBGary information and Stuxnet

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Here is some information regarding ties HBGary had to Stuxnet,

But the best part is, HBGary had access to the worm it self and you can get it here.

I have not had a chance to review it yet, but I am hoping to get in to it this weekend.

February 16, 2011  11:59 AM

The Wikileaks Side Show

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

If you have not been following the fun with HBGary and Anonymous you are missing a real show.

Some of the strategies suggested with what is suspected to be Bank of America are a little off, suggesting to break laws not to mention the moral implications of a corporation trying to bully a citizen.

I thought the social media stuff was interesting, it’s the same thing I have used before in tracking down bot herders.  Although sending around pictures of someones children significantly raises the creep factor on the whole thing, I don’t see how that is relevant even to a spear fishing campaign.

Also you can grab the db dump of the accounts from (you will see how that is connected) if you want to have some fun cracking passwords.  I will write a brief how to in a couple days to get you started.

February 14, 2011  4:28 PM

Fun device

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

This looks like loads of fun,

Of course you could use it for more bad then good.

February 14, 2011  12:02 PM

The problem with mischief

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

This is an issue I have with casual and even malicious malware, in the majority of cases the goal of this software is to steal money or identities. But when this software gets onto a network that does something that lives depend on, it’s a pretty big deal.

If someone got injured or killed I would hope that if they could find who created the malware and that they would be charged with man slaughter.  When this software is created I don’t think that the authors are actually thinking that someone could be seriously hurt by it, but saying that they know what they are doing is wrong in the first place.  Also I know that an author of malware will say that its not their fault, and that the administrators of the network should do a better job defending the network.  That is just like breaking into houses and saying its not your fault they should have an alarm and better door lock, OR you could not break in to the home in the first place.

January 31, 2011  3:15 PM

Building a snort sensor – part 2

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Now with Snort installed we need to do configuration and get some rules.

cd /usr/local/etc/snort/

Make sure to setup your HOME_NET and configure any additional paths for your rule sets.

Go to and create an account, then get an oinkcode.  Now you can use the command like to download your rules. I would do this from /usr/local/etc/snort.

fetch<version>.tar.gz/<oink code here>

Next unpack,

tar -xvf snortrules-snapshot-<version>.tar.gz-gooble-gook

Now you need to enable snort in /etc/rc.conf and set the interface in there also.


Snort will start now, next task is to configure your logging.  I will be using syslog on mine to forward to a SIM, but that will also log to the local machine.

January 31, 2011  11:23 AM

P2P Network Research

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I can’t say that this is shocking, I always though it would be a smaller number then 200.

There is always that small group of people that know what they are doing and are the ring leaders.  I would suspect that this information will be used to change how P2P file sharing is dealt with, it would be more effective to go after the 200 up-loaders then the 1000’s of down-loaders.

Really it makes no sense why you would not do that in the first place, maybe they did not even look?

January 31, 2011  2:09 AM

More PS3 hack news

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Wow I did not think this would happen, the State of California is going after someone in New Jersey. It looks like that will be challenged, also Sony is going to get his machines handed over to them, I find that a little much.  I am not choosing sides here but having the State order someone to hand over property to a commercial entity, I can’t think of another case like this involving copy right.

January 30, 2011  11:02 PM

Building a snort sensor – part 1

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I have already covered Suricata in my previous posts, but sometimes you just need to have snort setup for various reasons.

First go get freebsd , then use the FreeBSD handbook (if you need to) and create a basic installation.  I like to do a user install, but minimal will also work  (but you get no man pages, so if you need that go with a user install ).

Next you will need Snort, you can use your OS’s package manager, I am going to use the FreeBSD ports system.

cd /usr/ports/security/snort
make install clean

Now just sit back and wait it out.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: