Mon, 09 Jun 2008

Innocent bystanders?

Nothing gets my blood boiling quicker than someone forcing me to act on their own half-a$$ed research (yeah, I have one of those jobs). While my job has nothing to do with law enforcement or legal, IA and other people's work does play into it. What gets my hair standing on end is that certain organizations are trying to get laws passed to criminalize file sharing (vice being a civil matter), yet they can't do their own dang research properly. Be sure to click on the links for the authors. They have some other interesting projects going on. Note: the Slashdot article pointed only to the UW research paper, this is the associated web site. Free Printer741 now! joat: 05:44:17 9 Jun 2008

| [/Security_Tools] permanent link

Sun, 16 Sep 2007

Tools

Thanks to Mubix, I've added WHOIS.sc, CentralOps.net, ServerSniff.net, and Maltego (formerly Evolution) to the network forensics wiki page. The last three are intriguing in that they provide a number of other functions. I'm especially interested in Maltego as it supposedly does some basic relationship linking and has both a GUI and a web interface. joat: 18:28:12 16 Sep 2007

| [/Security_Tools] permanent link

Wed, 11 Jul 2007

Telent and SMTP

LonerVamp pointed out a post about the technique for testing/sending email with telnet which has been well-known (at least amongst *nix admins) for decades. I'm surprised that the topic is considered news at all as it's quite old. In any case, if you're a mail or NOC admin, it's a "need-to-know". One thing not mentioned is that this technique can be employed to create a whole lot of evil. While outward facing SMTP servers are normally protected against this kind of abuse, internal Exchange servers usually aren't. More than one security manager that I've worked for has received periodic beat-your-admins messages from the Easter Bunny and Santa Claus. (Disclaimer: I rec'd permission to do this beforehand!) joat: 06:23:52 11 Jul 2007

| [/Security_Tools] permanent link

Tue, 13 Mar 2007

Network visualization

In searching for a flow tool for OpenWRT, I found "Network Intelligence. It has an interesting 3D depiction of traffic. If anyone has used this, please let me/us know how you like it. joat: 21:08:17 13 Mar 2007

| [/Security_Tools] permanent link

Thu, 26 Oct 2006

NBTScan and MySQL

Brendan in Australia recently asked for my scripts which ties NBTScan to MySQL which prompted me to start working the wiki entries lost during the crash and move that occurred earlier this year. In any case, here are my notes about the tool and, to start, code to push the info into a MySQL database. Like most of the rest of the wiki, it's unfinished work but it should give at least a couple of you a good place to start from. I'll add more as I redevelop it or re-discover old copies. I guess there can be such a thing as too many backups... joat: 08:00:00 26 Oct 2006

| [/Security_Tools] permanent link

Fri, 22 Sep 2006

lsof

If you're doing a live response or just trying to track down an odd binary on your system, lsof is often an invaluable tool. joat: 08:00:00 22 Sep 2006

| [/Security_Tools] permanent link

Sat, 09 Sep 2006

Harlan Carvey

Finally got the chance to use a newer version of the Helix disk and noticed that Harlan's First Responder Utility is an option under "Incident Response". It's probably late as heck but: Congrats Harlan! joat: 16:30:00 9 Sep 2006

| [/Security_Tools] permanent link

Thu, 07 Sep 2006

S4W

I know this violates a standard (don't point to other people's posts without adding content) but I'm a bit short on time and still think it's valuable: Dana Epp has pointed out that Slueth Kit is now available for Windows. joat: 08:00:00 7 Sep 2006

| [/Security_Tools] permanent link