Ed Smiley's Blog

These are my links for March 16th through March 26th:

• Tiny Core Linux — A Minimal Distro with Big Possibilities – From Barebones to Customized – Tiny Core Linux (TC Linux) takes a minimalist approach to the base system and then lets you add just the pieces you need to get your job done. Once you have it configured like you want it you can then save the configuration to local storage. The core distribution, based on the Linux 2.6 kernel, is a mere 10 MB. In the end the goal of TC is to have an ultra small Linux desktop OS capable of booting from CDROM, USB disk or a minimal sized hard drive. The latest release (1.2) fixes a few bugs and adds a few new features as well.
• Footprinting, scoping and recon with DNS, Google Hacking and Metadata (Hacking Illustrated Series InfoSec Tutorial Videos) – This class covers recon work, showing the student how a pen-tester/attacker can use public information to learn more about an organization before they compromise it's security. Covered topics will include DNS tools (like Whois, NSlookup/Dig, Nmap -sL), Google Hacking using advanced search terms and Metadata in images and documents. Recorded for the Kentuckiana ISSA on March 21, 2009.
• crowbarKC-Version 1.0 | George Starcher – I decided to make a quick version of crowbarDMG that works on OSX Keychain files. So here you go. Right now in v1.0 it only works exactly as crowbarDMG does and finds the main unlock password. It is a good deal faster testing keychain files than disc images. Like crowbarDMG it is Leopard only. I am looking out a way to dump the contents of a keychain once it unlocks. If I can come up with a good solution I will release an update via the auto update mechanism.
• Cocoa Packet Analyzer – Cocoa Packet Analyzer is a native Mac OS X implementation of a network protocol analyzer and packet sniffer. CPA supports the industry-standard PCAP packet capture format for reading, capturing and writing packet trace files.
• Mubix’s Links: Penetration Testing Massive Links –

These are my links for March 8th through March 15th:

• Analyzing PDF / DOC / Office exploits – updated –
• U3 Incident Response Switchblade – Hak5 – The goal of the U3 Incident Response Switchblade is to gather information from a target computer for the purpose of incident response. They payload is based on the USB Switchblade and is developed by Russell Butturini. The tool was presented by Butturini at Phreaknic in 2008 and featured on Hak5 episode 4×10.
• Article – Breaches in the Academia Sector – Link to PDF article
• What’s behind the rash of university data breaches? – Over 300 publicized privacy incidents have occurred at U.S. institutions of higher learning since 2001, with at least 53 colleges and universities experiencing multiple breaches.
• Carnal0wnage Blog: Dumping Memory to Extract Password Hashes – Dumping memory with MDD using Meterpreter

Jayson Steet tweeted a link to a Computer World article about the recent rash of security breaches in the academic environment.  (Aside: Follow Jayson as he will soon be releasing a book called F0rb1dd3n that looks awesome!).  There are a few interesting tidbits in this article and definitely worth the read if you work in academia.

I think the author might be too bold by saying that during the last few weeks of the semesters that breaches occur more often due to students being under duress.  I think pretty much everyone is under some sort of duress during these important final weeks of the semester.   From the faculty designing finals and grading, to the staff having to put up with the faculty, to the IT staff having to make sure everything is working .  Perhaps it is people trying to take shortcuts (such as taking PII home on their laptop, which then gets stolen) to get work done quickly in situations where time is limited, but I think you can hardly pin it just on the students.

Computer World also talks with the author of “Breaches in the Academia Sector“, John Correlli, who adds a spot on statement of “Privacy governance in academia is far too frequently thrown into the laps of the IT folks, who are then told, implicitly or explicitly, that privacy isn’t a priority until it’s a problem.“  When is it considered a problem?  When you (being the college, unit, dean) need to spend money to notify victims of a breach?  When you suffer embarrassment due to a breach?   I think the ‘it can’t happen to us‘ way of thinking no longer applies as breaches have struck all areas of academia.  So why not take the steps to be proactive beforehand so you don’t have to pay for notifications or you don’t have to suffer the embarrassment?  Simple, people hate, fear, and resist change. Unfortunately, the open environment of academia hinders change and is typically used as an excuse to resist it.

John also says that the academia is prone to these threats due to “A customer user population that is relatively low paid, lives “on site” and experiences high turnover.”  I agree with this and not only in the customer user space, but in the IT Staff space.  Typically lower end IT Support/Sys Admin jobs are stepping stones for people to move onto better positions and typically on the lower end of the pay scale.  Although I don’t have any numbers (but would love to find some) on the pay differences between academia and business, I would say that academia IT is on the lower end of the pay scale compared the same position in the commercial sector.  Then a new person has to come in, make heads or tails of what the last person did (You mean every IT person does not document what they did?!?), and go on with their everyday job.  So then it comes to how do you keep talented young IT staff who can go work somewhere else for plenty more money, and most times much less grief.

So, the million dollar question is, how do we secure data and promote the open environment of academia?  I think Michael Santarcangelo has some great ideas in his book ‘Into the Breach‘ such as holding people accountable for their actions and engage the people whose data you are trying to protect.  Would love to hear how other people are doing it.

These are my links for March 4th through March 8th:

• SNOsoft Research Team: Facebook from the hackers perspective. – This method of attack has been used by hackers since the conception of Social Networking Websites, but only recently has it caught the attention of the media. As a result of this new exposure we've decided to give people a rare glimpse into Facebook from a hackers perspective.
• » The Developer Cheat Sheet Compilation by FuzzyOpinions.com – It’s nice to have a cheat sheet with a quick summary of some of the most commonly used procedures, tags, tools, syntax, etc, saving time that would have been used to look it up on Google or dig through documentation either online or in printed text.
• Dumping Memory to extract Password Hashes Part 2 | Attack Research – Now that we have our .dd image locally you can utilize instructions from http://forensiczone.blogspot.com/2009/01/using-volatility-1.html to grab the passwords out of memory.
• Dumping Memory to extract Password Hashes Part 1 | Attack Research – ManTech Memory DD (MDD) (http://www.mantech.com/msma/MDD.asp) is released under GPL by Mantech International. MDD is capable of copying the complete contents of memory on the following Microsoft Operating Systems: Windows 2000, Windows XP, Windows 2003 Server, Windows 2008 Server.
• Network Revealer – Cymphonix Network Revealer provides a demonstration version of Network Composer's award winning reporting and monitoring capabilities. Network Revealer is provided as a virtual machine that is simple to install and requires very little configuration. In about 10 minutes you will be up a running and have unprecedented visibility into your Internet traffic including real-time traffic reporting , URL categorization, application classification and detailed user activity. To make things even easier, Network Revealer can be used in VMware's FREE versions of Player and Server.

These are my links for February 17th through March 3rd:

• Conversion University – Follow these lessons to prepare for the Google Analytics Individual Qualification (IQ) test or to simply become a more knowledgeable Google Analytics user. The presentations move quickly; use the Pause and Back buttons to make sure that you don't miss anything. You can click the Notes tab in the presentation to read what is being said. Access to a Google Analytics account is strongly recommended so that you can experiment and apply what you learn.
• Flashcards – Certified Ethical Hacker Flashcards
• BareTail – Free tail for Windows – A free real-time log file monitoring tool
• How to get Terminal from Shell in Windows – Using Metasploit
• Invisible Denizen: How to get meterpreter from shell in Windows – Inspired by darkoperator's How to get Terminal from Shell in Windows post, here's a quick how to on a way to go from cmd shell to meterpreter shell (or any other msf payload).