web-archive-net.com » NET » S » SHORTINFOSEC.NET

Total: 241

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Information Security Short Takes: Creating BackTrack4 Pentest Virtual Machine
    the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Creating BackTrack4 Pentest Virtual Machine BackTrack4 is an excellent Penetration Testing Distro but in the LiveCD version it is quite crippled There is no possibility to install additional software There is no possibility to create custom scripts All attacks need to start from scratch In order to alleviate this issue there are several options My most flexible solution is to create a VMware virtual machine with the installation Since BackTrack4 has no installer included here is a brief tutorial with the scripts included Preparation Create a Virtual Machine as Custom Linux and Choose Ubuntu as the assumed Host Operating System Choose a SCSI Hard Disk of at least 5GB We recommend 8GB Boot the Virtual Machine from the BackTrack DVD Creation of Partitions After booting log on and partition the SCSI Hard Drive dev sda Create 2 primary partitions one for BackTrack Linux type 83 with at least 4 GB space and one Linux Swap type 82 of 512MB fdisk dev sda After creating the partition table format the BackTrack partition mkfs dev sda 1 After formatting mount the partition mkdir mnt sda1 mount dev sda1 mnt sda1 Copy the BackTrack Data Create the copying script in the root s home directory cd vi create bt disk Paste the following text in the VI editor and save it list cd ls l awk print 8 for i in list do if i mnt o i proc o i sys then i root fi echo i cp pR i mnt sda 1 done mkdir mnt sda 1 sys mkdir mnt sda 1 proc mkdir mnt sda 1 mnt echo Done Make the script executable and run it chmod 755 create bt disk create bt disk Finishing Touches After the script finishes change the root directory to the disk drive in order to make the disk bootable mount bind dev mnt sda1 dev mount t proc proc mnt sda1 proc chroot mnt sda1 Run LILO to write info to the MBR of dev sda NOTE The default lilo conf works with disk dev sda and partition dev sda1 If you have a different disk configuration you need to change the etc lilo conf appropriately before running LILO lilo v All done Just reboot and remove the BackTrack DVD reboot We hope that this tutorial eases your use of the BackTrack suite Talkback and comments are most welcome Related posts BackTrack 4 Penetration Test Distro First Glance 9 02 PM Email this

    Original URL path: http://www.shortinfosec.net/2009/03/creating-backtrack4-vmware-virtual.html (2016-04-27)
    Open archived version from archive


  • Information Security Short Takes: Downloads
    excellent forum Freeware Strategy Games and Multiplayer Shooters Warify A simple DNS information gathering tool Backtrack An Excellent Penetration Testing Suite Security for idiots and others that care blogarama the blog directory Hardware and Software Tutorials that Count Blog Archive 2014 1 January 1 2013 2 November 1 October 1 2012 8 July 1 June 1 March 1 February 1 January 4 2011 16 December 1 September 1 August 2 July 1 June 6 May 3 March 1 January 1 2010 47 December 2 November 7 October 8 September 6 June 1 May 1 April 2 March 13 February 1 January 6 2009 70 December 13 November 17 October 4 July 1 June 2 April 6 March 8 February 9 January 10 2008 130 December 5 November 4 October 3 September 2 August 20 July 27 June 25 May 15 April 18 March 1 February 4 January 6 Alexa Rank Follow me on Twitter Recent Posts Maintaining quality in outsourcing telco services Engaging a team for a security analysis Hacking Virtual Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Downloads Welcome

    Original URL path: http://www.shortinfosec.net/2008/01/downloads.html?showComment=1220830620000 (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Recover Data from Vista Stuck on Configuring Updates
    Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Recover Data from Vista Stuck on Configuring Updates I was asked to assist in recovering information from a Vista Home Premium laptop which fell victim to the Configuring Updates Step 3 of 3 loop This is the process i used and i copied full 6 gigabytes of files off a stuck laptop Please bear in mind that this tutorial is presented as is and i take no responsibility for lost data or non functioning operating system which may result from any wrong turn during this process 0 Have a working PC ready i recommend an XP PC and a ethernet hub switch or a crossover cable 1 Find Download and burn a CD copy of Ubuntu 7 04 Feisty Fawn It has excellent drivers for SATA disks so this will help you access a SATA drive I tried the ERD Commander 2005 but it just couldn t see the SATA drive of the laptop 2 Boot the laptop from CD into Ubuntu 3 Doubleclick the network settings of the Ubuntu and configure the wired network with a static IP address Also do the same on the other PC i used ip addresses 192 168 100 1 and 192 168 100 2 with netmask 255 255 255 0 4 Connect the ethernet cables of both machines to the hub switch or to eachother if using a crossover cable 5 On the windows PC create an empty folder with a short name like recover and make it a windows share with following security settings a Sharing Permissions Everyone Full Control b Open Properties on the folder from Windows explorer go to security tab add everyone to the list of groups and usernames and mark the full control Allow checkbox 6 Open Places select Computer double click on the disk drive and identify which files need to be recovered probably the user s folder under C Users 7 Open Places Network and from file select connect to server The type of conection should be Windows Share On the dialog box on the server field type the ip address of the Windows PC and in the share field type the share name in our example recover You must also name this connection name it recover Then press

    Original URL path: http://www.shortinfosec.net/2008/02/recover-data-from-vista-stuck-on.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: test
    simple DNS information gathering tool Backtrack An Excellent Penetration Testing Suite Security for idiots and others that care blogarama the blog directory Hardware and Software Tutorials that Count Blog Archive 2014 1 January 1 2013 2 November 1 October 1 2012 8 July 1 June 1 March 1 February 1 January 4 2011 16 December 1 September 1 August 2 July 1 June 6 May 3 March 1 January 1 2010 47 December 2 November 7 October 8 September 6 June 1 May 1 April 2 March 13 February 1 January 6 2009 70 December 13 November 17 October 4 July 1 June 2 April 6 March 8 February 9 January 10 2008 130 December 5 November 4 October 3 September 2 August 20 July 27 June 25 May 15 April 18 March 1 February 4 January 6 Alexa Rank Follow me on Twitter Recent Posts Maintaining quality in outsourcing telco services Engaging a team for a security analysis Hacking Virtual Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster

    Original URL path: http://www.shortinfosec.net/2008/01/test.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Tutorial - Computer Forensics Evidence Collection
    the only link and let it perform inventory of the system Save the result as a PDF on your evidence USB After Winaudit finishes close it and close the Helix mainwindow It will ask whether you like to record all activities in a PDF file Confirm that you wish to and save the PDF on your evidence USB The above process will create an MD5 hash of the memory dump on the evidence USB Open this file and take note of the MD5 hash II Disk drive evidence collection Turn off the computer ungracefully pull the plug this will prevent any possible shutdown scripts from running and possibly erasing data on the computer Boot it up again and from the BIOS select to boot from CD ROM I n a real corporate investigation you may need assistance of IT to provide passwords since most corporate PC s are set up with BIOS password and disabled from booting from CD to prevent possible information theft Boot the Helix Linux OS When booted select Adepto from the Forensics Menu Similarly to the memory dump above select the drive you wish to make a dump of and select your evidence USB as destination For hash you can choose severa The example is with SHA 1 After the dump is finished choose the last tab report and choose to save the dump report as PDF to the evidence USB Copy all files to your analysis computer and verify the hashes of the memory and disk dumps again using md 5sum and sha 1sum whichever you used initially Using VDK mount a copy of the disk image for investigation The mount command is vdk open path to dump file dump filename dd L free drive letter HERE You can download and review the forensic log documents created in this tutorial 5 19 MB ZIP file Helix Evidence Collection Sample Logs zip Verification sums SHA1SUM c7d189a78a715fd96127677d39d5ace1d5854ea5 MD5SUM 9b61fad0cf4418175cb7e387c6962c49 This concludes the easy part of computer forensics evidence collection Shortinfosec will follow up with exercises of the analysis part Related posts Tutorial Computer Forensics Process for Beginners Talkback and comments are most welcome 12 06 PM Email this post Labels Computer security forensics How To information security 24 comments Anonymous said Consider putting the article s authors name along with the date in which it was written When is the follow up article coming out on analysis November 24 2008 at 5 15 PM Yasmara id said Wow thanks this is vey usefull info March 3 2009 at 11 22 PM tips paid review said good writing nice tutorial June 28 2009 at 11 51 AM mlm software said Thank you very much to share this information It is very useful and informative mlm software September 3 2010 at 5 19 PM Forex trading strategies said This is a realy nice tutorial Like the reading Tnx November 3 2010 at 11 23 AM Benjamin Wright said On the SANS Institute s forensics blog I have published new

    Original URL path: http://www.shortinfosec.net/2008/07/tutorial-computer-forensics-evidence.html?showComment=1227543300000 (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Tutorial - Computer Forensics Process for Begginners
    forensics Computer forensics process Below is a diagram of the forensics process It is a generic process but applies in computer forensics In order to properly apply the forensic process to computers let s expand the generic diagram into the following As you can see in computer forensics a lot of evidence can be collected while the computer is running That is a one shot chance and you ll never have it again when you turn off the computer Your Forensic Toolkit Every trade needs it s tools For the beginner investigator here is my recommended toolkit Helix forensic CD your basic tool for the investigation Digital camera capturing physical state of the suspect computer Evidence USB 4 GB Capacity for removing smaller evidence files from the evidence computer Evidence USB hard drive 500 GB will be enough for most purposes for making an evidence copy of the disk drive Analysis computer probably a laptop but sparkling clean no viruses Trojans cookies or similar wildlife on it since they can corrupt the evidence Even if the evidence isn t corrupted it may be considered as contaminated and become inadmissible in a formal case VDK driver for the analysis computer if using windows this driver will enable you to mount a DD image created during the evidence collection Antivirus Antispyware Rootkit detector software for the analysis computer Steps of the forensic process process 1 Evidence collection 1 1 While the suspect computer is running Make an image of the RAM Memory and store it on the evidence hard drive USB Make MD5 SHA 1 hash of the image and save it and write it down in a notebook Make an inventory of all processes network connections installed software hardware everything you can about the computer Save this in a file on the evidence hard drive USB Make MD5 SHA 1 hash of the file and save it and write it down in a notebook 1 2 When the suspect computer is off Make an image of the hard disk drive and store it on the evidence hard drive USB Make MD5 SHA 1 hash of the image and save it and write it down in a notebook Photograph the suspect computer from all sides Save the pictures on on the evidence hard drive USB Make MD5 SHA 1 hashes of the photographs and save them and write them down in a notebook If any immediate physical tampering is apparent photograph it specifically and possibly expand the investigation with a forensic expert who will look for evidence regarding the tampering method fingerprints tool markings Open the computer and photograph the interior under good lighting Save the pictures on on the evidence hard drive USB Make MD5 SHA 1 hashes of the photographs and save them and write them down in a notebook 2 Evidence analysis Load copies of the evidence images into your analysis computer Confirm that the copies have the same MD5 SHA 1 hashes as the original noted ones Search

    Original URL path: http://www.shortinfosec.net/2008/07/tutorial-computer-forensics-process-for.html?showComment=1216339560000 (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: New Helix3 Forensic CD - Welcome
    1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities New Helix3 Forensic CD Welcome E fense has published a new version of their acclaimed Helix Forensic Live CD It is now in version 2 0 UPDATE Helix3 is no longer a free product e Fense decided to make it a commercial product Just as the old version the new one contains two major components A LiveCD Based on Ubuntu A full blown forensic toolkit with a nice all encompassing set of tools Windows set of tools which allow the user to use a subset of forensic tools within a running windows system most often during first response The Windows toolkit is maintaining the same interface as before but the windows based application set is coherent there are no missing applications The previous version had a number of links in the windows toolkit that weren t working which could cause a lot of grief at the wrong time Just a reminder of the Windows Helix Menu The Linux LiveCD interface has seen a major overhaul It is now based on Gnome and the overall interface is much better organized The following screenshot depicts the new Helix boot menu Unfortunately probably in search of a better overall performance it is departing the Forensic track and moving much more into mainstream The toolkit is missing a lot of nice new Forensic tools

    Original URL path: http://www.shortinfosec.net/2008/11/new-helix3-forensic-cd-welcome.html?showComment=1226313360000 (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: TrueCrypt Full Disk Encryption Review
    CPU one CPU core active in the VM 256 MB of RAM allocated fully allocated to RAM No swap 8 GB of disk drive simulated in a file USB No FDD Windows XP Pro SP2 operating system As you can see it is a relatively slow machine for today s standard of laptops but this is on purpose since the idea is to conclude whether this configuration is useable with an encrypted drive Encryption The installation of the TrueCrypt is very straightforward and even the most inexperienced users should have no problems whatsoever Immediately after the installation choose System Encrypt system partition drive Follow the instructions on the windows Choose a very complex password since it cannot be changed The software automatically creates a rescue decrypt CD Image which you must burn on a blank CD media Truecrypt WILL NOT continue with the actual encryption unless you present a burned CD with the decryption data NOTE NEVER keep the rescue CD ROM together with the laptop since it will be used to decrypt the drive The actual encryption is lasts some 20 30 minutes After it finishes you have an encrypted system drive Performance test I have 2 identical clones of the Test Laptop one with encrypted drive and one without I did a fast performance test with PassMark 6 1 Here are the conclusions As you can see the test concludes that the overall performance of the Test Laptop is marginally better for the non encrypted disk clone However on the disk drive read performance the non encrypted disk clone shows approximately 100 better results screenshots below PassMark Result for the Non Encrypted Machine PassMark Result for the Encrypted Machine PassMark Disk Result for the Non Encrypted Machine PassMark Disk Result for the Encrypted Machine Simulated theft of encrypted laptop The encrypted laptop is stolen and following attempts to open it are performed Booting to Linux and attempting to access the file system I booted the Helix forensics toolkit knoppix and attempted to mount the encrypted drive The operating system could not identify the file system type When i forced NTFS file system type it refused to mount with a message of invalid I O The bit for bit DD copying still works however the actual copy is just as useless as the original Booting to ERD Commander 2005 and attempting to access the file system A simpler variant of the Helix attack The ERD Commander didn t succeed in mounting the drive and complained about overlapping I O Removing the drive and attempting to find strings in it I tried this with the DD copy of the encrypted virtual drive There were strings found but nothing useful Risks After the initial review of the resulting encrypted drive i came to the conclusion that the attacker will try to find a way around the encryption and to get the password or the decryption key Here are the ways an attacker will attempt to obtain the information Social engineering to

    Original URL path: http://www.shortinfosec.net/2008/05/truecrypt-full-disk-encryption-review.html?showComment=1211911260000 (2016-04-27)
    Open archived version from archive