Ed Smiley's Blog

These are my links for August 28th through August 30th:

• The Emergence Of A Theme : DoxPara Research – From Dan Kaminsky: I’m not sure what it is, but there continues to be some sort of “competition” for “who can find the biggest bug” — as if attackers had to choose, and more importantly, as if any bug was so big that it could not be made even better by combined use with its “competition”. Before my DNS talk, my old friend FX from Recurity Labs was comparing DNS issues to the Debian Non-Random Number Generator issue that caused all sorts of SSL certificates to offer no security value, and the SNMPv3 flaws that allowed infrastructure devices to be remotely administered by people who happened not to know the password.
• TaoSecurity: Splunk on Ubuntu 8.04 – I've been using Splunk at work, so I decided to try installing the free version on a personal laptop. Splunk is a log archiving and search product which I recommend security professionals try. Once you've used it you will probably think of other ways to leverage its power. Anyone can use a free version that indexes up to 500 MB per day, so it's perfect for a personal laptop's logs. This machine runs Ubuntu 8.04.
• Windows Incident Response: Browser Artifact Analysis – Don't forget this little tidbit about web history located for the Default User from Rob "van" Hensing's blog. I used to see this in the SQL injection exams, where the intruder would dump wget.exe on a system, and then use that to pull down his other tools. Wget.exe would use the WinInet APIs to do its work, which would end up as "browser history"…and because the intruder was running as System-level privileges, the history would end up in the Default User account.

These are my links for August 27th from 14:11 to 14:17:

• A Summary of New Nmap Features from Blackhat/DEFCON 2008 – After receiving numerous complaints over the years regarding performance, he did some colossal scans of the Internet in order to see how Nmap handled extremely large address ranges. What follows is a collection of the most interesting features he added, and information he learned, while doing his research.
• Guide to VMware Disaster Recovery and Business Continuity. – This VMware(r) VMbook focuses on business continuity and disaster
  recovery (BCDR) and is intended to guide the reader through the
  step-by-step process to set-up a multisite VMware Infrastructure that is
  capable of supporting BCDR services for designated virtual machines at
  time of test or during an actual event that necessitated the declaration
  of a disaster, resulting in the activation of services in a designated
  BCDR site.

• An Illustrated Guide to the Kaminsky DNS Vulnerability
  (tags: security dns vulnerability networking)