recently i spoke at a conference about a network upgrade i did at a previous job.
the upgrade was a very difficult, but rewarding process, and has become one of my favorite topics to speak about.
topics i covered included the basics/easy stuff:
all the way to the not so common or more complex:
here is the prezi from the talk:
this is a quick post about vlan hacking abuse.
specifically, this post will cover how to abuse cisco switches and the DTP (dynamic trunking protocol).
why is this important? typically, most environments segment out servers, workstations, management, etc, into different vlans. if they (mis)configure the switch, you could potentially jump onto the management subnet (where things are usually much less protected) from a user subnet.
in a nutshell, we are taking advantage of a misconfigured switch, not really doing any “hacking”.
every once in a while i run into an issue where i have some log file on a microsoft sql server that has not been properly configured and is taking up a hundred gigs.
and inevitably, i end up spending the next 20 minutes to find a proper example of how to truncate the logs. so, instead of searching again, i am posting it on my site ;)
WARNING: don’t do this unless you have backups or you really, really don’t want to roll your database back. your deleting transaction logs, so while it won’t hurt your working database, it will prevent you from rolling back to yesterday. ye be warned.
in this case, i am running these commands on a microsoft sql server 2005 install, but i would presume it to work on sql 2008 or 2012, although i haven’t tested it.
here is the code:
-- specify database and show database & log statistics USE dbname EXEC sp_helpfile -- truncate the log USE dbname GO BACKUP LOG dbname WITH TRUNCATE_ONLY GO DBCC SHRINKFILE (dbname_log, 1) GO DBCC SHRINKFILE (dbname_log, 1) GO --show statistics after truncating EXEC sp_helpfile
reference/disclaimer: this code is from http://www.sqlcleanup.com/2008/sql-2005-truncating-log-files-and-recovering-space/ and is not my work, i just can’t always find it in a pinch.
recently i was asked to implement a solution to mirror a massive amount of traffic (2-8Gbps of sustained traffic) to several different locations for further analysis.
after comparing gigamon, netoptics, and network critical, i opted for netoptics to fill the roll (because of time i could not do a proof of concept, so the evaluation through reading specs, talking to a few techs, and some googling).
i have spent time over the last few weeks configuring the netoptics and thought it would be worth sharing my experience for someone else’s benefit.
i was recently asked to do a presentation for a local conference. i like coming up with new things to research and investigate and decided to pursue passwords (and how bad they are). below is my presentation and code for the talk:
title: passwords: you can’t do it right
description: some say you’re doing it wrong. i argue you can’t do it right (but some do it better than others). see how ineffective passwords are at protecting your accounts and ways of decreasing the chance of anyone using your passwords to achieve total domination.
in the time that i have been in IT (almost 6 years) i have become very proficient at hacking together code to do what i need. from vb scripts to do simple network administration to customizing some python to send over an exploit, i have found a way to make it work.
what i miss and don’t know is how to do is code correctly. in my search for learning how to code proper i ran across some great courses from stanford university and thought i would share.
i was looking for entry level classes that started at square one and these classes fit the bill perfectly. whats even better is that not only the video, but the homework assignments, handouts, and files are all available free of charge.
so far i have watched almost 4 of the classes and can say i have already learned some things, looking forward to the next 70+ classes ;)
here are the classes with links:
| title | url | language | itunes link |
|---|---|---|---|
| cs106a - programming methodology | http://www.stanford.edu/class/cs106a/ | java | http://itunes.apple.com/us/itunes-u/programming-methodology/id384232896 |
| cs106b - programming abstractions | http://www.stanford.edu/class/cs106b/ | c++ | http://itunes.apple.com/us/itunes-u/programming-abstractions/id384232917 |
| cs107 - programming paradigms | http://www.stanford.edu/class/cs107/ | c++ | http://itunes.apple.com/us/itunes-u/programming-paradigms/id384233005 |
note: for the record, i am not really a fan of itunes (and you can get these classes on youtube as well), but being able to download all the classes to my hard drive with a single mouse click was compelling enough for me to do it through itunes.
i have recently been working through some network forensic challenges from a few locations (http://forensicscontest.com and http://ismellpackets.com/category/pcap/) and wanted to do some network carving (parsing a pcap and getting the files like .exe’s, .jpg’s, etc). to answer some of the questions i wanted to load networkminer on my backtrack 5 r1 box.
fortunately there was a tutorial on how to get networkminer up on linux, but it didn’t fix everything for the newest version of backtrack (specifically, the fonts were off and the menu didn’t show up correctly).
to get networkminer 1.0 up and running on my backtrack 5 r1 VM here is what i did (summary of commands at bottom):
cd /bin wget http://kegel.com/wine/winetricks chmod +x winetricks ./winetricks corefonts dotnet20 gdiplus
i like to have numbers for management to base a decision on. sometimes this is easy (just hand them a dollar figure), other times it is not. i came around to weighted averages for the simple reason that i wanted to prove, with numbers, that just because an option is cheaper, that doesn’t mean its better. let me explain.
in the process of evaluating 3 different vendors as a replacement product, say you pick out 5 criteria to base them on. for my purposes, i throw this in a spread sheet and then i grade each vendor on how i think they do for each criteria (which is subjective, of course). for an example, see the screen shot below:
very quickly you can see that it is almost a dead heat between vendor x and y, and vendor z is out of the mix, right?
over the past week the topic of learning how to reverse engineer malware/binaries has come up several times in conversation.
i am not a skilled reverser, but i have been working over the last year or so to get better at it and really understand what is going on at the binary level.
earlier this year i discovered a series called “reversing with lena”. lena, the author, touts the series as a way to learn how to reverse for complete beginners, no programming experience required. its 40 lessons long (i am still on lesson 10, so i can only vouch for the first 10 being very good), and the flash videos and .exe’s you need to reverse are included. all reversing takes place on a 32-bit intel x86 platform.
this series has helped me more than any other to actually understand reversing in the real world and i thought others might enjoy it as well.
before you download:
i found the tutorial on tuts4you.com, a reverse engineering community that has lots of other resources on it (how good or bad, i do not know).
first off, the backtrack team rocks. they produce an amazing product for an equally amazing cost. the aesthetics are even top notch, which i can appreciate.
that being said, i don’t usually like to advertise to people that i am running backtrack (people get nervous when they think “hacker”), and a flaming red dragon is no way to keep things on the down low.
so, for anyone else out there i thought i would post where to change the default backtrack 5 menu icon.
the icon file is a svg, and is located at: /usr/share/icons/Humanity-Dark/places/24/start-here.svg
to clean my desktop up to something more benign (and useful), i replaced the backtrack menu logo with a blank svg and changed the wallpaper to corelanc0d3r’s exploit dev cheatsheet.
steps taken:
