Security Cameras Security Cameras & Video Surveillance CCTV Systems for home and office video surveillance. Call now
1-877-92M-CCTV to customize your video surveillance system complete with security cameras. Tattoo we are a group of tattoo enthusiasts
Web Hosting:
Help Irongeek.com pay for bandwidth and research equipment:
Irongeek.com
Irongeek.com
Welcome to Irongeek.com, Adrian Crenshaw's Information
Security site (along with a bit about weightlifting and other things that strike
my fancy). As I write articles
and tutorials I will be posting them here. If you would like to republish one of
the articles from this site on your webpage or print journal please e-mail me. Enjoy
the site and write us if you have any good ideas for articles or links.
Adrian
News/Change Log:
12/29/2008
Hacker
Con WiFi Hijinx: Protecting Yourself On Potentially Hostile Networks Hand Out
I just finished updating a pamphlet on keeping your laptop secure at hacker and
security conferences. Hopefully the information will be useful to some of you. I
plan to bring them to hand out at Notacon 2009. I've put up OpenOffice and PDF versions of the tri-fold, so feel free
to modify it for your own conference as long as you leave the credit links
intact.
I'm actually planning on sitting in on this one. It should be fun.
12/27/2008
Louisville Geek Dinner, Jan 26th
2009
The 6th Louisville Geek dinner is coming up in about a month. I and a few of my
information security buddies from the Louisville Kentucky area plan to attend.
If you are interested in attending, go to their page to
sign up.
There's no cost (other than what you order to eat/drink) and it gives you a
chance to network with locals. Tell them Irongeek sent you. :)
Paros Proxy Without Changed User Agent
I recompiled the Paros proxy to remove the "Paros/3.2.13" string it adds to the
end of your user agent. Now you can pen-test applications that blacklist user
agents with Paros in them.
12/17/2008
New Video:
NetworkMiner for Network Forensics
NetworkMiner is a cool little sniffer app by Erik Hjelmvik. Described as a
Network Forensic Analysis Tool (NFAT), it allows you to parse libpcap files or
to do a live capture of the network and find out various things passively. The
main uses I like it for are file reconstruction of FTP, SMB, HTTP and TFTP
streams as well as passive OS fingerprinting, but it can do a lot more.
NetworkMinor uses the Satori, p0f and Ettercap OS fingerprints, and can be run
from a thumb drive without having to install it. It's designed to run under
Windows, but you can also use it under Linux with Wine.
A note on modems and wardialing from a Zaurus
I know it's been a long time since I did anything with my Zaurus pages, but
Knightmare was kind enough to send me his notes on modems and wardialing from
the Zaurus.
12/05/2008
New Video: Intro to
Wireshark
Wireshark is an awesome open source general purpose network analyzer (AKA: a
Sniffer). Before you continue on with this video, I recommend that you check out
my article
A
Quick Intro to Sniffers
so you understand the background information. In this video I'll cover the following topics:
Running Wireshark, starting a capture with options, drilling down the OSI model, capture filter options, popping out a single packet, sorting by columns, following TCP streams, exporting HTTP objects, simple display filters, the filter builder, applying filters from different panes , saving filters, opening a Wiki page, Edit-> Find packet, sniffing an HTTP Basic Authentication password, Analyzers ->Expert Info, Analyzers ->Firewall ACLs, stats, editing color rules and saving the capture.
11/30/2008
New Video:
Hacking Your SOX Off: Sarbanes-Oxley, Fraud, and Fraudulent Financial Reporting
I had to do a presentation for one of my MBA courses, and one of the topic
choices was the Sarbanes-Oxley act. I chose it because I thought I could relate
it to computer security, but as it turns out the connection is somewhat tenuous
as you will see if you watch the presentation.
Sniffers Class for the Louisville ISSA
The video quality of this lecture is not very good, but it should give you an
idea of what my ISSA classes are like. Covered topics include Wireshark,
Ettercap, Cain and the slightest bit of NetworkMiner before the camera cut out.
Pardon the blue tint, it was the projectors fault and not the Aiptek Action
HD's. I shrunk it down from the original 720p, so the screen is not all that
readable. I also experimented in cleaning up the audio in Audacity. I hope to
cover Wireshark and NetworkMiner again shortly in higher quality videos.
This is Morgellon and Droop's talks about hacking the
Arduino micro controller platform from
Phreaknic 12. Droops and Morgellon will
take you from basic electronics to building embedded systems. Learn how to build
a standalone RFID tag reader with a fancy LCD display or your own oscilloscope
or children's toys that speak to you or how to solar power a geothermal heat
pump. There may even be some giveaways and contests. Magical Potions will be
consumed but not provided.
I've done a little work to pull some noise out of the audio, but I may have
made it worse in some spots. Thanks go out to the Phreaknic 12 A/V team
SomeNinjaMaster, Night Carnage, Greg, Brimstone, Poiu Poiu, Mudflap, and Drunken
Pirate for setting up the rigs and capturing the video.
This is a quick and dirty video documentary of the things
that when on around the talks and event at
Phreaknic 12 (2008). Don't watch if you get sick at shaky cam movies like
Blair Witch or Cloverfield. A rough timeline of the content in the video is as
follows:
Intro and leaving Louisville with Brian. Morgellon talks
about hacking the Arduino micro controller
platform. Sorteal talks about the LiVes Open Source video editor. AT&T Batman
building by night. Mojo-JoJo soldering some stuff for the shooting range. The
patron gods of hackerdom. Registration. Con swag overview. Morgellon gets
his discreet logic on. AK-47 building with HandGrip and Buttstock. Froggy talks
up Notacon, which I plan to go to next year. Skydog explains the Jware chair
toss event, and then we compete. Rootwars hacker wargames. I ask
Int80 about using his nerdcore
music in some of my videos. NotLarry explains rootwars. Some iPhone hacking with
Lee Baird and John Skinner. I
do a little
Bluecaseing/Warnibbling with the Bluetooth on my Nokia n810. John, Lee,
Brian and I go to the German restaurant. I blind DOSman with the light from my
camera and check out what folks are doing with the
Arduinos Droops brought for folks to play
with. I check back in on R00tW4rz. I blind Droops. I talk Ettercap filters with
operat0r. USB door key fun with the
Arduino. More breadboard fun. Nokia n810 +
Ettercap Filter + Lemon-part = win.
Int80 gets down with his own bad self, and the rest of Phreaknic. I find an
energy drink with protein. Folks play with the hardware keyloggers I brought,
and we have some epic fail with the IBM Model M + USB adapter + Mac OS 10.5.
Winn Schwartau joins in on the
keylogger fun. DOSman and Zack use
a directional antenna from the 9th floor to search downtown Nashville for WiFi
access points. Zoom in on Al. John and Lee eat jerky.
Daren and Shannon from Hak5 blind me this
time. :) Then they do a quick interview. I interview
TRiP about the legalities of wardriving,
sniffing and leaving your access point open so you have plausible deniability of
copyright infringement (most likely it won't hold water in court if you are a
computer geek). I give Hak5 Daren beef jerky.
Ziplock had more con badges
than God. I meet up with Iridium. I talk with Nightcarnage about the audio/video
setup at Phreaknic. As I predicted, the
Potters won the WiFi
Race. I say why this was the best Phreaknic ever. Using green lasers on crack
dealers. Techno in the dark, the Aiptek action HD does not do well in low light.
Nicodemius shows off his Minority Report like multi-touch table. Hula hoop
contest. I check back in with Jeff Cotton and his USB keyed door. I strap on my
gear to leave the con. Brian and I do a wrap up of our thoughts on Phreaknic
2008.
10/27/2008
Sniffers class for the ISSA Kentuckiana
I'm teaching another free class for the ISSA, hope some of my readers can make
it. Here are the details: Who: Presented by Adrian Crenshaw of IronGeek.com What: "Using Sniffers Effectively" - hands-on workshop with network analyzers
such as Wireshark and Cain. When: Sat, November 8, 2008 9:00 AM - 12:30 PM Where: Louisville Technical Institute - Room 364, 3901 Atkinson Square Drive,
Louisville KY 402018 (502) 456-6509 Directions: From 264 East get off on 1st Newburg Rd exit, Turn RIGHT at Bishop
Lane, Turn RIGHT at Atkinson Dr./Atkinson Square Dr., Go .2 miles, Turn right at
LOUISVILLE TECHNICAL/INTERIOR DESIGN INSTITUTE. Park in front parking lot. Go in
Main Lobby to sign in. Why: ISSA Kentuckiana's mission is to be the Louisville Leader in Information
Security and Awareness. We want to provide relevant educational opportunities to
members that enable learning, career growth, and should enable certification and
technical advancement. Cost: FREE! - Bring your own laptop or use one of the classroom PC's How to sign up: send email to education (at) issa-kentuckiana (dot) org
Sky Dog and crew for making it happen. Droops/Morgellon for their presentation on
Arduino, time for some hardware hacking.
Sorteal for showing me the LiVes Open Source video editor.
Marie for the dance and conversation. TRiP for an excellent talk on the
legalities of wardriving.
HandGrip/Buttstock for the Open Source AK-47 talk.
All the folks who let me interview them.
DOSman and Zack form being DOSman and Zack. Lee Baird and John Skinner for
comparing mobile hacking notes with me (Yippy
hacking with the iPhone / iPwn). Ziplock for the encouragement.
Int 80 for the
Nerdcore entertainment.
Scott Moulton for the talk "At Least TEN things you didn't know about your hard
drive!" Go check out his
forensics and hard
drive recovery videos. Nathan Hamiel/Shawn Moyer for "Satan is on
my Friends List: Attacking Social Networks", looks like I need to get into some
CSRF. Darren, Shannon and Mubix of Hak5 for the
interview. operat0r for the Ettercap ideas.
Brian for driving me down.
And everyone else I'm forgetting. It was a great weekend.
10/20/2008
Using Cain to sniff RDP/Remote Desktop/Terminal Server traffic via "Man in the Middle"
In this video I'll be showing how Cain can pull off a "Man in the Middle" attack against the Remote Desktop Protocol. While RDP
versions 6.0 and later are less susceptible to these attacks because of the
verification schemes added, there is still a risk since so many users just click
yes to all warning messages.
I've got a presentation coming up for
Phreaknic next weekend on "Hardware
Keyloggers: Use, detection and mitigation". If you are in Nashville TN, come on
by and play with the keyloggers I'm bringing. For more info on the subject check
out these articles/videos of mine:
Irongeek needs hats, black
or white does not matter
I know this seems like and odd request, but I'm in need of some hats to wear at
the gym and to cons. If you are a vendor or owner of some security product or
site please contact me
and I can send you my snail mail address (not that it's hard to Google for it, I
dropped my docs long ago).
Using Cain to do a "Man in the Middle" attack by ARP poisoning
I'm creating this video for three reasons:
1. While I've done a lot of videos on Cain, most of them are more advanced and assume you know the basics.
2. The last video I did on ARP poisoning with Cain was more than four years ago, Cain looks quite a bit different now.
3. I wanted a reference for the classes I'll be teaching for the Kentuckiana ISSA.
Before you watch this video, read my article "The
Basics of Arp spoofing/Arp poisoning"
so you will have a better grasp of the concept.
10/11/2008
John Strand - "Advanced Hacking Techniques and Defenses" (and demos
of evilgrade/passing the hash/msfpayload) from
Louisville Infosec 2008
John Strand gave this presentation for the
Kentuckiana ISSA at the Louisville Infosec 2008 conference. He gives a
fascinating talk about why "security in depth" is dead, and lives again. John
then goes on to demo Evilgrade, using msfpayload and obscuring it against
signature based malware detection, dumping SAM hashes with the Metasploit
Meterpreter and using a patched Samba client to pass the hash and compromise a
system. I'd like to thank John for letting me record his talk.
10/11/2008
Rohyt Belani - "State of the Hack" from
Louisville Infosec 2008
Rohyt Belani gave this presentation for the
Kentuckiana ISSA at the Louisville Infosec 2008 conference. Rohyt shows new
ways to think about hacking, going into how and why simple things work on the
people element. Why hack a system when a quick Google search can reveal so much?
Rohyt's talk was humorous and informative, and I'd like to thank him for letting me record his
it.
Kevin Beaver - "Staying Ahead of the Security Curve" from
Louisville Infosec 2008
Kevin Beaver gave this presentation for the
Kentuckiana ISSA at the Louisville Infosec 2008 conference. There's a lot of
great advice in this video on how to approach an infosec career in the right
way. Kevin endorses being a security "renaissance man", expanding your knowledge
outside of the tech side to understand the business, people and legal sides as
well. At the same time he also points out that sometimes specialization is good,
so focus on your strengths. I'd like to thank Kevin for letting me record his talk.
10/09/2008
Slides from my
"Sniffers" presentation posted
Well, LouisvilleInfosec
is over and it was even better this year that last. I met a lot of good folks,
and I hope to have the videos up shortly. For those that were there and want my
slides, they can be found
here. Hope some of
you can make it to the free Louisville Tech class in November.
OSfuscate: Change your Windows OS TCP/IP Fingerprint to confuse P0f,
NetworkMiner, Ettercap, Nmap and other OS detection tools
I was wondering awhile back how one could go about changing the OS fingerprint
of a Windows box to confuse tools like Nmap, P0f, Ettercap and NetworkMiner. I
knew there were registry setting you could change in Windows XP/Vista that would
let you reconfigure how the TCP/IP stack works, thus changing how the above
tools would detect the OS. I wasn't sure what all registry changes to make, but
luckily I found Craig Heffner's work on the subject. In this post I cover the
issue of passive/active OS fingerprint detection, as well as release my tool
OSfuscate.
10/01/2008
Weak Hashing Algorithms: Outlook PST file CRC32 password cracking example
In a previous video I explained the basics of cryptographic hashes. Go watch "A Brief Intro To Cryptographic Hashes/MD5"
before this video. In this tutorial, I'll be giving an example of why weak
hashes are bad. The example I'll be using is the CRC32 hash that Outlook uses to
store a PST archive's password with. The CRC32 algorithm as implemented by
Microsoft Outlook is easy to generate hash collisions for, so even if you can't
find the original password you can find an alternate one that works just as
well.
09/27/2008
2008 Louisville Metro InfoSec Conference Schedule Posted
Cindy was kind enough to send me the schedule for the upcoming ISSA conference
in Louisville. While I'm not speaking, I did receive permission to record the
keynotes from Kevin Beaver, Rohyt Belani and John Strand which I will be posting
to this page. While not recording expect to see me in the technical track. Maybe
I'll be able to convince some of the local ISSA guys to come down to
Phreaknic with me this
year.
Teaching Hacking at College by Sam Bowne
This was a DefCon 15 presentation (August 3-5, 2007) by Sam Bowne. Sam does a
great job explaining how to teach ethical hacking at a university, and since he
gave me a shout out in the video I figured I'd post it up here. Definitely a
must watch if you are trying to convince your college's administration that it's
a good idea to teach such a course. Check out Sam's site at
http://www.samsclass.info/ if you want
to use his teaching curriculum.
09/20/2008
DecaffeinatID Intrusion Detection System ver. 0.08
I changed how DecaffeinatID checks for file changes in the firewall log. It
seems the under Vista Autoit does not return the correct information about when
the log file has changed its size or its time stamp, so I look for line count
changes instead. This really is not the best way to do things, but it's a
workaround for the moment. DecaffeinatID now also tries to detect if you are
running Vista, and if so set's the default path to the firewall log in the ini
to "<WindowsDir>\System32\LogFiles\Firewall\pfirewall.log" instead of "<WindowsDir>\pfirewall.log".
09/17/2008
How Sarah Palin's Email got "Hacked"
This is a quick video reconstruction I did of how Sarah Palin's Yahoo account
got "hacked". You will see it's more about insecure design and easy to find
information than anything really technical. I made a test account at Yahoo and
this video traces the steps the attacker took. I'm hoping it will be useful to
journalists who don't really seem to have a grasp on the story. Feel free to
link it anyplace you like.
09/13/2008
New Video:
Intro to DD-WRT: Mod your wireless router to do more
DD-WRT is a Linux firmware available for many Linksys, NetGear, Belkin, D-Link,
Fon, Dell, Asus and other vendor's wireless routers. DD-WRT is far more feature
rich than the stock firmware that comes with most routers. This video covers the
basics of installing and configuring DD-WRT.
Two side notes: My Nmap class
will be held at Ivy Tech in Sellersburg Indiana at 1PM on Sat Sept 20th 2008 in
room P5. If this one goes well the next presentation will be on sniffers. Also,
thanks to all of the folks who have signed up for
Dreamhost using
my discount code, it's really helped support the site with extra revenue.
09/13/2008
Books page updated with
"Kismet Hacking" from Syngress
I did some surfing on Amazon yesterday and found out my IGiGLE tool was
mentioned in Syngress publishing's new book "Kismet Hacking" (Page 227), so I
added it to my bibliography page. Thanks for the mention guys.
IGiGLE: Irongeek's WiGLE WiFi Database to Google Earth Client for Wardrive Mapping
Updated
I've uploaded version IGiGLE 0.75. This fixes the "$WS_EX_CLIENTEDGE:
undeclared global variable." error when you try to compile with the newer
versions of Autoit3. Also, I've added a feature so IGiGLE saves your last
used settings to an ini file so you don't have to keep entering them over
and over again.
09/06/2008
Nmap
presentation for the ISSA in Louisville Kentucky
This is a presentation I gave for the
Kentuckiana ISSA on the security tool Nmap. I've also posted the
slides and other media
so you can follow along if you like. Topics covered include: port scanning
concepts, TCP three way handshake, stealth scans, idle scans, bounce scans,
version detection, OS detection, NSE/LUA scripting and firewall logs. Hope some
of you can make it to the free class we will be holding at Ivy Tech Sellersburg
on Sept 20th, 2008 at 1pm.
Contact me to RSVP. The video is about an hour long. Enjoy.
09/04/2008
Louisville ISSA
Nmap presentation slides and media posted
I've posted the slides and related media for the Nmap presentation I'm
giving Friday (Sept 5) for the
Kentuckiana ISSA. You should be able to find the codec for the videos in
the zip file. If you plan to come to the free class at Ivy Tech
(Sellersburg Indiana) on the 20th please contact me.
MadMACs seems to have an issue with the Intel Wireless WiFi Link 4965AGN
chipset
I've added the following note to the MadMACs page: A patron of my website
pointed out that MadMACs, and other similar tools, seem to have a problem
randomizing the MAC address under Windows Vista if you are using the Intel
Wireless WiFi Link 4965AGN chipset. It will work with the 4965AGN if you
randomize only the last two digits, and start it with the prefix 1234567890. It
will also let you set the whole MAC address to DEADBEEFCAFE, or even let you
randomize all 12 hex digits. However, if you take the default prefix of 00,
MadMACs will make a random address up and put it in the NetworkAddress registry
value, but the 4965AGN chipset drivers will not honor it. If anyone knows why,
please contact me.
08/28/2008
Nmap presentation and class in Louisville area
Hi all, my GRE test went well and I'm back to working on the site. I've been
invited by the Kentuckiana ISSA
chapter to give a presentation on
Nmap and its use.
The event happens Sept 5, 11:30AM at the following location:
The ISSA would like to have an RSVP. Also, I'll be giving a longer hands on
demonstration and lab later on in September where people can bring their own
laptops and use a private network to get some hands on experience with Nmap. We
are not sure of all of the details yet, but it will likely be held Sept 20th at
the Ivy Tech campus in Sellersburg, IN.
Also, this month's Louisville 2600 meeting is coming up on Thursday, Sept
24th. More details can be found here:
http://louisville2600.org/
08/07/2008
MadMACs Ver. 1.2: Update to my MAC address and host name changer /
randomizer / spoofer
Qwasty let me know that if
host name randomization is used with MacMACs, and the host name is over 15
characters (or has certain bad illegal characters) it can cause all sorts of
lsass.exe errors on boot up. To fix this, I've updated the code to do some
sanity checks on the possible hostnames given to it in dic.txt. Hopefully
this fixes the problem. I also compiled it with the newer
Autoit3 v3.2.12.1.
08/04/2008
Cain RDP (Remote Desktop Protocol) Sniffing Log Parser
This is a quick script I wrote to easy the process of interpreting the logs
that Cain makes when you do a man in the middle against the RDP protocol. I
hope to use it in a video tutorial shortly. My GRE studies are still
ongoing, so please excuse the lack of updates to this site. As a side note,
the Louisville 2600 group now has
it's own site, and the ISSA
Kentuckiana chapter's site is back up.
Small amendment to my Ironkey Review
Marc Luo from Ironkey emailed me his thoughts on my video, so I attached the
text to the end of the page. Marc reveals some of Ironkey's future plans,
why some design decisions were made and what he sees as some of the
advantages of the Ironkey. I hope it clarifies some of the points I made in
the video.
07/08/2008
New 2600 Meet in Louisville, KY
Announcing the forming of a new 2600 meeting in the
Louisville, KY, New Albany/Jeffersonville/Clarksville, IN and the
surrounding area. We are looking for old faces and new faces to come and
join us in discussion and hopefully projects in all things hacking. From
computer security, to programming, to penetration testing and exploiting. It
has been far too long since Louisville and its surrounding area have seen a
group of security talent and we want to change that. If you want to be a
regular, have a general interest or just want to converse with fellow
techies please join us for our inaugural meeting.
When: Thursday July 31, 2008 @ 6:30pm Where: Highland Coffee behind the Blockbuster near Bardstown road and Grindstead in Louisville, KY.
Google Map Link
New Video:Ironkey
High Security Flash Drive: Use and Review
The Ironkey is a high security thumb drive designed to provide strong AES
encryption, tamper resistance and other security services. I'd seen the Ironkey
advertised quite a bit, and even read about its crypto systems and ruggedness,
but was left wondering about how it works in operation. Since the hardcore tech
side has been covered elsewhere, I'll concentrate on the Ironkey's usability and
features. Some of the topics covered will include: How is the drive mounted
without admin privileges in Windows? How is it mounted in Linux? How does the
"Self Destruct" feature work? What is Secure Sessions? How is the Ironkey better
than just using Truecrypt? I made this video to answer those sorts of questions
for myself and others. If you want more details on the crypto involved, see the
links section at the end of this video. The model I will be working with is the
1GB Ironkey Personal. I'll show its use and give my opinions on the device.
By
the way, you may notice that I'm making fewer posts over the next month or so.
I'll be busy studying for the GRE, wish me luck.
07/04/2008
Web Bug Article
Updated With PHP/MySQL Source Code
I've updated my very old article on
web bugs/web
beacons to straighten out some bad formatting and to add an example of a web
bug that uses PHP and MySQL. For those that don't know, Web Bugs are images
(Gifs, Jpegs, PNGs, etc.) that companies and organizations put into web pages,
e-mails and other HTML supporting documents to track information about the
viewer. These images are sometime know by other names such as tracking bugs,
pixel tags, web beacons or clear gifs. What ever the name, their function is
largely the same.
07/04/2008
Dreamhost Review
Updated
It came to my attention that my Dreamhost review was a bit dated and had wrong
information based on changes that Dreamhost has made over the last year. I've
updated it to reflect some of Dreamhost's new polices, my experiences and how the
discount codes differ from when I last updated it (1/31/2007). I've also have
five limited discount codes to give away that grant the following: 2TB disk and
20TB bandwidth, gives $150 off a 5-year signup or $200 off a 10-year signup.
Contact me if you want
one of my five one time use codes.
06/26/2008
New Video:Setting
up a Tarpit (Teergrube) to slow worms and network scanners using LaBrea (The
"Sticky" Honeypot and IDS)
A network Tarpit, sometimes know by the German word Teergrube, is a service or
set of hosts that deliberately try to slow malicious network connections down to
a crawl. The idea is to put up unused hosts or services on the network that
respond to an attacker, but do things to waste their time and greatly slow their
scanning (or spreading in the case of Worms). For this video I'll be using a
package called LaBrea by Tom Liston and tarpitting unused IP addresses on my
home LAN.
Ironkey
at the Kentuckiana ISSA meeting on June 27th 2008
Steve Tonkovich from Ironkey will be
giving a talk at the ISSA-Kentuckiana Chapter Meeting on Friday June 27, from
11:30 am to 1:00 pm. Ironkey's discussion will be on securing mobile data. The
meeting will be held at their new location:
Innovative Productivity / McConnell Technology
Hopefully I can convince Steve to give me a demo unit of the Ironkey thumb drive
to test for a review on my website.
DecaffeinatID Updated to ver. 0.05
Several major improvementshave been implemented. The various monitoring
functions are now set off via a timer. This allows the event loop to be looser,
the GUI more responsive and DecaffeinatID to be less of a hog on the CPU. This
caused a change in the way that the sleep parameter in the INI file is
interpreted. Now the sleep parameter specifies the amount of time in
milliseconds between each monitor function (ARP cache, Firewall and Event Log).
For example, with the new default of "sleep=1000", DecaffeinatID waits about one
second between each monitor function, so to go through one cycle takes about
three second with the default setting (I've taken it down to "sleep=100"
without major problems). The only downside to this is that some alerts may be
skipped if several happen at nearly the same time, but since DecaffeinatID's
main function is just to alert you of network shenanigans this is a worthwhile
compromise (when DecaffeinatID warns you about something, you really should
check your logs for more details anyway). I've also fixed a problem with ARP
cache parsing that was caused by the word "invalid" in the output of the "arp
-a" command.
06/22/2008
New Video:Compiling
and Configuring DHCPD from Source
Devil2005 has created a video on compiling and configuring dhcpd from source.
He's using the Fedora 9 distro of Linux for the video, but the lessons learned
should be applicable to other distros. For that matter, even if you are not
interested in installing dhcp in this way it's still a good lesson on how to
download and compile various applications from source.
06/21/2008
Doktor
Kaboom's Smoke Ring Cannon
Even though this is not computer security related, it was such a cool display I
had to share it with my hacker buddies. I guess you could call it hardware
hacking of sorts, with cool science principles. Make sure you re-watch the first
few seconds a couple of times to get the full effect. I saw Doktor Kaboom's
Smoke Ring Cannon at this years Kentucky Renaissance Faire. Now it's time to
make one of these things for myself. Check out Doktor Kaboom's site at: http://www.doktorkaboom.com/
06/20/2008
DecaffeinatID: Simple IDS/ ARPWatch For Windows Updated Jabzor
was the first major contributor to the project. He did
some major rewriting, making a better GUI, making my code
prettier/easier to maintain and laying out the INI file better. I made
further changes to Jabzor's GUI and made the ARP Watching function a little more
efficient (Still needs much work).
06/19/2008
DecaffeinatID: A Very Simple IDS / Log Watching App / ARPWatch For Windows
DecaffeinatID started because I wanted a simple ARP Watch like application for
Windows. In a short matter of time, feature creep set in. DecaffeinatID is a
simple little app that acts as an Intrusion Detection System (more of a log
watcher really) to notify the user whenever fellow users at their local WiFi
hotspot/ LAN are up to the kind of "reindeer games" that often happen at coffee
shops and hacker cons.
New Video:Using
Data
Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer
overflows and memory corruption
I've recently become interested in measures that modern CPUs can take to
prevent various types of memory corruption attacks. One such feature is the NX
bit (as AMD calls it, XD is Intel's term), which allows for memory pages to me
marked as not executable. Microsoft Windows started using this ability with XP
SP2 as part of their Data Execution Prevention (DEP) feature. Unfortunately, to
get most out of DEP you have to configure it. This video will show how to
configure DEP protection in Windows XP and Vista.
06/07/2008
New Video:
DNS Spoofing with Ettercap
In my previous two videos I showed how to use Ettercap plugins for various
pen-testing and security evaluation functions. In this video I'll show how to
use the Ettercap plugin dns_spoof to set up DNS spoofing on the local area
network.
06/04/2008
A Review of
"Building Secure Products and Solutions"
This is a little article I wrote for the Operations Management class I'm in.
Most Irongeek readers may not be interested in it, but I wrote it so I might as
well post it.
05/29/2008
New Video:
More Useful Ettercap Plugins For Pen-testing
In my previous video I showed how to use Ettercap plugins to find sniffers on
the network. In this video I'll show three more useful Ettercap plugins: find_ip,
gw_discover and isolate.
Fed Watch
I was curious to see what government agencies might me using my site for
training. I also wanted to learn PHP + MySQL a little better, so I wrote this
project. It takes my logs and shows all of the hosts names ending in .mil or .gov,
and what pages they visited. I obfuscated the first part of the host names, and
the last two octets of the IPs so as to not "drop their docs" so to speak.
05/20/2008
Detecting Sniffers Video Updated PurpleJesus
from Binrev informed me that my last video was having weird audio issues with
some versions of the Flash plugin. I did some Flash-VooDoo and it seems to be ok
now. Let me know if there are any problems.
05/20/2008
New Video:Finding
Promiscuous Sniffers and ARP Poisoners on your Network with Ettercap
Most of you are familiar with using Ettercap for attacking systems, but what
about using it to find attackers? This tutorial will cover using Ettercap to
find people sniffing on your network. The plug-ins we will be using are
search_promisc, arp_cop and scan_poisoner.
New Video:A Brief
Intro To Cryptographic Hashes/MD5
A cryptographic hash function takes an input and returns a fixed size string
that corresponds to it, called a hash. Cryptographic hashes have a lot of uses,
some of which are: detecting data changes, storing or generating passwords,
making unique keys in databases and ensuring message integrity. This video will
mostly cover detecting file changes, but I hope it gets your mind going in the
right direction for how hashes can be used. Specifically covered will be tools
for creating MD5 hashes in Windows and Linux.
05/04/2008
Irongeek In Print: Books that
mention Irongeek.com
I did some looking around and it seems my site is mentioned in a few books. I've
decided so start this page to keep track of book references to Irongeek.com. If
I'm missing any please let me know, I found these first few via Google Books.
04/30/2008
I've updated my
A
Quick Intro To Sniffers article to fix a stupid error I made where I
mistyped 801.11 instead of 802.11.
04/24/2008
New Video:Text
to Speech to MP3 with the freeware program DSpeech
This video is on Dspeech, a freeware tool that uses Microsoft's SAPI (Speech
Application Programming Interface) to convert text to spoken word. What's
special about it is it lets you make an MP3 of the text, so you can listen to it
on your computer, in you car or on your MP3 player. It's great for listening to
study notes.
Getting Ubuntu Linux to connect to a PPTP Cisco VPN 3000 Concentrator
Just a quick notes page to help others that have the same problems I did. By the
way, I plan to be at Conglomeration
April 18th-20th. While it's not a Hacker/Security con, it's still a fun little
Sci-Fi/Fantasy convention with plenty of geeky types running around. Let me know
if you're a reader of Irongeek.com and plan to be there.
04/06/2008
Irongeek's Infosec Wargame Servers
Explained
I updated my post to explain that it was an April 1st joke, and link off to real
ways to test your computer security skills. By the way, did anyone decode the QR
Code I posted?
04/01/2008
Irongeek's Infosec Wargame Servers
I'd like to announce the
launch of my
own wargame servers for testing out your computer security skills. The host
names are:
Try out Nmap,
Nessus,
Metasploit and other tools on these boxes. Please let me
know your findings. Thanks to my hosting provider Dreamhost. If you want to know
more about
Dreamhost check out my review (and coupon codes), they have been pretty
good to me.
03/18/2008
New Video:Hardware
Keyloggers In Action 2: The KeyLlama 2GB USB Keylogger
This video will demonstrate one of the
KeyLlama brand of hardware keyloggers in action, specifically the 2GB
USB model. I know some of you are getting sick of me talking about hardware
keyloggers, so I plan on this being my last entry on them for awhile.
03/14/2008
I've updated the
Irongeek Campuses page with a few new schools, please contact me if your
university uses my materials for teaching information security. Also, I've
started to help out the
The Mitzvah Group with their charity work. Check out and join their
Myspace page, especially if you live in the Southern Indiana/Louisville
Kentucky area.
Update:I made a small note at the
top of my recent "Encrypting The Windows System Partition With Truecrypt 5.0"
video. I used
Photorec to do some file carving to see how secure Truecrypt's Windows
system partition encryption was. Photorec was only able to recover two files,
one ASP/TXT file and one PCX, but on closer examination both were false
positives. They just contained seemingly random data, which Photorec mistook as
real file headers. Truecrypt seems to do a very good job of securing the data on
your system drive.
As a side note, if anyone else is using LinkedIn please
feel free to add me and give
me a recommendation for the work I've done on this site. Who knows, it may
help me find a good career opportunity in my area.
02/11/2008
New Video:
Encrypting The Windows System Partition With Truecrypt 5.0
Truecrypt 5.0 adds many new features, most importantly Windows system partition
encryption. To put it in slightly inaccurate layman's terms, this means
encrypting your entire C: drive. Even if you already write your sensitive data
to an encrypted space, files are sometimes squirreled away in unencrypted temp
space or in the page file where they may be recovered. Using Truecrypt to
encrypt your Windows XP system partition will help eliminate this problem.
02/05/2008
New Video:Hardware
Keyloggers In Action 1: The KeyLlama 2MB PS/2 Keylogger
This video will demonstrate one of the
KeyLlama brand of hardware keyloggers in action, specifically the 2MB PS/2 model. I hope this video will give the viewer a better grasp of how these hardware keyloggers work.
01/28/2008
New Video:Encrypting
VoIP Traffic With Zfone To Protect Against Wiretapping
Some people worry about the easy with which their voice communications may be
spied upon. Laws like CALEA have made this simpler in some ways, and with
roaming wiretaps even those not under direct investigation may lose their
privacy. Phil Zimmermann , creator of PGP, has come up with a project called
Zfone which aims to do for VoIP what PGP did for email. Thanks to
DOSMan for his help with this video.
New Video:Using GPG/PGP/FireGPG to Encrypt and Sign Email from Gmail
This tutorial will show how to use GPG and the FireGPG plug-in to encrypt and
decrypt messages in Gmail. GPG is an open source implementation of OpenPGP
(Pretty Good Privacy) , a public-key-encryption system. With public key
encryption you don't have to give away the secret key that decrypts data for
people to be able to send you messages. All senders need is the public key which
can only be used to encrypt, this way the secret key never has to be sent across
unsecured channels.
01/12/2008
Nuclear
War Survival Myths
I did not write this
article, and while it's not about computer security it is about security. My
interest in this subject was renewed after watching the TV series
Jericho
(watch it so it stays on the air). I thought this article was interesting enough
to warrant mirroring, and it seems to jive pretty well with what I have read
from other authors such as Duncan Long and Cresson H. Kearny on the subject.
Please don't think I'm a paranoid, tin-foil-hat wearing freak, but I am a child
of the 80's and a fan of post-apocalyptic fiction. Don't worry, my video on PGP/GPG
is on its way.
01/07/2008
Personal Privacy Programs
Hi all. I've decided it's time to start focusing on software that helps users
maintain their privacy. I've already done videos on
DBAN,
Eraser,
CCleaner,
TrueCRYPT and Tor.
I hope to have one on PGP/GPG/FireGPG up soon. What other must have privacy
software do you recommend I cover? Let me know via my
contact page, to which
I've recently added my OpenPGP key.
RSS
