All Blog Posts (72)

Closing the loop

 …

Continue

Added by Leon van der Eijk on February 21, 2011 at 8:23am — 5 Comments

Interesting Registry Keys with FakeAV Infection

So there I was (don't you love it when a story starts like that?), arriving at work recently when I was asked to look at a co-workers laptop that was infected with a fake antivirus program. Another co-worker had already done what I would have done, in that he ran MalwareBytes (MBAM) on the machine. However, I was surprised that MBAM hadn't even detected the infection. Neither had the installed real antivirus, Microsoft Security Essentials.…



Continue

Added by Ken Pryor on February 17, 2011 at 7:41pm — 1 Comment

Intrusion Detection Mindmap Version 0.4

I just added Judy Novak to the "IDS hall of fame" of my Intrusion Detection Mindmap.

She definitely deserves a place in anybody's IDS hall of fame. ;-)

The mindmap can be downloaded here.

Just save it as IDS.mm and open it in the mindmapping tool of your choice. I personally prefer Freeplane.

If you have valuable…

Continue

Added by d3tm4r on February 17, 2011 at 3:14pm — No Comments

Don't think you are! Know you are!

This is what Morpheus said to Neo in the movie "The Matrix".  And it's so very true regarding information security.  

Intruders don't care about what you're thinking about your network security. They just peek and poke until they find a hole that you would not have thought existed.

 

Check! Your! Facts! Know your network. If you're not sure - just check, don't speculate!

It's the same for general troubleshooting problems and for information security. I am seeing…

Continue

Added by d3tm4r on February 15, 2011 at 4:00pm — 3 Comments

Reputation or "Cloud" Based Protection - when good Ideas go bad

Since I seem to be moving from tumblr to DTH permanently, here is a re-post of an older article on a topic which I think is still important for folks to be aware of.

Reputation Based Protection is a good idea to complement classic signature based and heuristic malware detection.

Some antivirus vendors have already added cloud based reputation services to their antivirus products.

How do those services…

Continue

Added by d3tm4r on February 13, 2011 at 10:14am — No Comments

About using 0days in pentests

The folks of Pauldotcom Security Weekly podcast inspired me to write something about using 0day exploits for pentesting.

The question was, whether or not it's a good idea or fair to use those in a pentest.

My take on this is like "hell yeah!". But there are some more aspects to that topic of course, otherwise I wouldn't have considered writing a blogpost on it.

 

So first off, let's discuss what the intention of using 0days in pentesting might be. For me…

Continue

Added by d3tm4r on February 13, 2011 at 9:00am — 2 Comments

Oh, a computer virus! Let’s just delete it…

From my experience, people just recognize those security breaches that are kind of “in your face” or get big press. 

“Oh, a worm just took down all of our servers. We’ve got a problem!”

“Oh, a virus has infected all of our PCs. Let’s quickly delete it!”



“Oh, chinese hackers have pwns0red several companies. But we are fine because we’ve got IDS, IPS, Antivirus, Anti-Spam, DLP and ‘til now…

Continue

Added by d3tm4r on February 12, 2011 at 12:30pm — No Comments

V3rb0t3n is LIVE! YAY!

I'm happy to announce a new site http://v3rb0t3n.com/ (not much there now but give it time) ;-) feel free to add some ideas in the comments below :-)

Added by Jayson E. Street on February 7, 2011 at 8:34am — 1 Comment

A personal and sad note today

Not sure after 5 years why it took so long for the pain to catch up with

the fact he is gone. Though now that it has it is hitting HARD. :-(



I wrote this 5 years ago but even they hurt worse reading them now.



I miss you soo much!!



There Are no words





I look at a grave with two dates and remember what was between them

and I have no words.



People try to comfort and understand the pain

and I have no words.



I look… Continue

Added by Jayson E. Street on December 3, 2010 at 11:12am — 1 Comment

Kippo results worldwide

Using maxmind to resolve found ip addresses on my kippo honeypot to longitude/latitude coordinates. The icons display "successful" brute-force ssh logins from all over the world ( using the googlemaps API)


Added by Leon van der Eijk on October 24, 2010 at 7:36am — No Comments

Some kippo results

On the 23th of July I started with the SSH honeypot kippo. So after a good two months I decided to collect all the urls/locations those “1337 h4x0rs” are wgetting all their files from.

(rootkits/ircbots/scanners)

I came up with the following list:

Continue

Added by Leon van der Eijk on September 28, 2010 at 7:51am — 2 Comments

Its Been A While

Most of my activity is limited to lab experiments and after a while of "not doing something" it can be a real pain to remember just exactly what i did last time and playing about with wireless card setting is just one example.



i got myself an alfa highpower usb wifi adapted mainly for Back|Track and all works fine, however i stumbled across some forum post that discussed the "HighPower" setting for this device and a method of increasing you range using the txpower value so i decided to… Continue

Added by James Fisher on August 7, 2010 at 10:30am — 1 Comment

Password popularity contest on KIPPO honeypot

Kippo honeypot results after 2 weeks in production

Password popularity contest…



Continue

Added by Leon van der Eijk on August 2, 2010 at 6:47am — No Comments

new blog

Hey everyone, check out my blog. I cover tools, research and certifications!

Added by Skyler Onken on July 14, 2010 at 8:12am — 1 Comment

Just returned from IANS Lone Star Information Security Forum.

Just Thought I'd throw out the few Vendor's presentations I thought were worthwhile to me.


Trusted Computer Solutions' Linux Security Blanket:


Very cool, Like "Secedit" for Linux.


It's based on profiles.


From the Vendor Page:


Security Blanket allows you to:
Lock down Linux and Solaris operating systems automatically
Choose…
Continue

Added by Sean Benson on June 25, 2010 at 10:08am — No Comments

DevBUG - Keeping track so you don't have to

DevBUG - Keeping track so you don't have to



DevBUG is an idea that came to me while conducting a Vulnerability Assessment for University a few months back. We did a service scan on a web server and found that way too many ports and services were running! But that wasn't the problem, well, not for us anyway. The problem was, is that we had 20 different software services and versions to google and write about.



So what is the process? We… Continue

Added by Ryan Dewhurst (ethicalhack3r) on May 19, 2010 at 11:00am — 1 Comment

Do I need to hack the internet to understand attacks and their impact.

Do I need to hack the internet to understand attacks and their impact.





While developing my personal labs I discovered that in order to make a lab representative of current infrastructure you will spend more time understanding what an

administrator does not what…

Continue

Added by James Fisher on May 8, 2010 at 5:00am — No Comments

Confessions of a SecAddict



Hello,



I am posting this on behalf of Chris Nickerson I thought it was a good post that would fit well here.





“GOD,

grant me the serenity to accept people that will not secure their networks, the courage to face them when they blame me for their problems, and the wisdom go out drinkin’ afterwards!”

-A.P.Delchi







I am over it! I am over all of the BS. I am over all of the compliance posturing. I am over all of the “NEW AGE” High tech hipster… Continue

Added by Jayson E. Street on April 5, 2010 at 12:21pm — No Comments

HP support call EPIC fail !

http://www.rmccurdy.com/public_images/hp_is_teh_sux.mp3



'

MSA is shwing a hard drive in leftover state



-------------------------



Resolution:

Action Plan



1- Update the controller firmware version up to J210P22:


Elguer Solano G.

Storage Support Engineer

SWD

Hewlett-Packard…
Continue

Added by operat0r on March 24, 2010 at 7:49am — No Comments

Latest Activity

Anton Vyacheslav is now a member of Dissecting The Hack
Dec 9, 2018
bernardorichard updated their profile
Nov 28, 2018
Sam Mccalla is now a member of Dissecting The Hack
Nov 19, 2018
bernardorichard is now a member of Dissecting The Hack
Oct 24, 2018

Stratagem 13 News Feed

© 2019   Created by Marcus J. Carey.   Powered by

Badges  |  Report an Issue  |  Terms of Service