• weighted averages: selling your point

    i like to have numbers for management to base a decision on. sometimes this is easy (just hand them a dollar figure), other times it is not. i came around to weighted averages for the simple reason that i wanted to prove, with numbers, that just because an option is cheaper, that doesn’t mean its better. let me explain.

    in the process of evaluating 3 different vendors as a replacement product, say you pick out 5 criteria to base them on. for my purposes, i throw this in a spread sheet and then i grade each vendor on how i think they do for each criteria (which is subjective, of course).  for an example, see the screen shot below:

    very quickly you can see that it is almost a dead heat between vendor x and y, and vendor z is out of the mix, right?

  • learning to reverse

    over the past week the topic of learning how to reverse engineer malware/binaries has come up several times in conversation. i am not a skilled reverser, but i have been working over the last year or so to get better at it and really understand what is going on at the binary level. earlier this year i discovered a series called “reversing with lena”. lena, the author, touts the series as a way to learn how to reverse for complete beginners, no programming experience required.
  • changing the backtrack 5 menu icon

    first off, the backtrack team rocks. they produce an amazing product for an equally amazing cost. the aesthetics are even top notch, which i can appreciate. that being said, i don’t usually like to advertise to people that i am running backtrack (people get nervous when they think “hacker”), and a flaming red dragon is no way to keep things on the down low. so, for anyone else out there i thought i would post where to change the default backtrack 5 menu icon.
  • quick post: virtual private server (vps) review

    i had been on the lookout for a good, cheap virtual private server (vps) to do some testing on and finally found one: www.intovps.com why i like them: cheap ($10/month) you get root access re-imaging is painless, quick, and has plenty of options includes a public ip ip is out of the united states did i mention the price? 😉  
  • packet logging with iptables

    i wasted 2 hours of my life getting this working on a fresh install of unbuntu 10.10. turns out that the default version of rsyslog that you get when you ‘apt-get install rsyslog’ is version 4.x, which has a bug that prevents the logging from being directed correctly to /var/log/iptables.log. i had to remove rsyslog (apt-get remove rsyslog), then go get the newest version of rsyslog (5.8) from the site and compile from source. after compiling and pulling in the new conf file (its a little different in rsyslog 5.x than 4.x), things worked as expected. ye be warned.

    recently i wanted to see what packets were getting passed or blocked on a linux server running iptables. i really wanted to see a log that showed every inbound and outbound packet, and both dropped and allowed packets.

    you can see all the packets in tcpdump/wireshark/etc, but it doesn’t show you that iptables dropped the connection (you just see there is no syn ack response). so my goal was to create a iptables ruleset that logged every packet to a separate file, distinguished what was allowed and what was dropped, and to have the logs rotating automatically. here is how i did it:

  • kismet oldcore on backtrack 4 r2

    i am working on some wireless testing for my SANS wireless certification (joshua wright’s stuff, who is really good at what he does).

    i haven’t been playing with wireless too much lately, so i hadn’t noticed that in backtrack 4 r2 kismet had been upgraded to the newcore version, with no trace of oldcore installed or available via repo’s. i wanted both oldcore and newcore, since newcore doesn’t support things like a strings dump, eap authentication type identification, etc.

    here is what i did to install kismet oldcore side-by-side with newcore on backtrack 4 r2 (line-by-line command at bottom):

    1. download oldcore into /pentest/wireless

  • high assurance platform

    earlier this month i presented at my local infragard chapter. the title of the presentation was “defense in depth: raising the bar”, and it focused on the NSA’s secure computing iniative, high assurance platform (HAP). the goal of the presentation was more about talking points, discussion, and ideas about what security will look like tomorrow and where we, as the security community, should be leading our organizations. point blank i would say that HAP is not for everyone, but there are certain aspects that i think we can all learn from.
  • backtrack 4 r2 exploitdb svn update failing

    i have an older copy of backtrack 4 that i have upgraded since the initial release. while working through the PWB course from offensive security, i wanted to upgrade the local version of exploitdb. here is what i got: [email protected]:/pentest/exploits/exploitdb# svn update svn: Repository UUID 'c54f1b57-f3df-4c37-b561-881cde1baa19' doesn't match expected UUID '8072406e-18fd-45b5-acae-fc56dbc62dfa' apparently in the time i installed backtrack 4 and the current version, they have blown away/moved the svn database.
  • setting up armitage on ubuntu with a postgres db

    update: as someone commented below, armitage is now distributed with metasploit. there is no need to follow these directions any more, they are depreciated.

    i wanted a pretty gui to show off some metasploit functionality recently which led me to armitage.

    i use (and love) backtrack 4, as does most of the world, but i also have a ubuntu based distro (mint 10, which is based on ubuntu 10.10) that i like to use. i found a lot of tutorials on how to install armitage on backtrack, but hardly anything on installing armitage on a non-backtrack machine, and practically nothing for installing armitage on ubuntu with a postgres backend. i decided i wanted to install armitage on the mint machine using postgres (per the armitage recommendation here) and not finding any good instructions, i thought i would give it a go and document. here we go:

    first, you need to have some of the basics installed. i will leave it to others to describe how to install these if you need help (others == google).

    1. java 1.6 (has to be the official oracle java version)
    2. metasploit 3.5+

    next, lets install postgres:

    sudo apt-get install postgresql-8.4

    now that postgres is installed, we need to create a db and a user for armitage to use. i su’ed to the postgres user to do this:


  • silverlight 4 deployment in the enterprise

    this is a quick and dirty how to for installing silverlight 4 (specifically 4.0.50917.0) in an enterprise environment.

    we have run into a few situations where users are asking for silverlight (rather, they are trying to go to sites written with silverlight). we finally reached the tipping point and agreed that it was a business need to install it on our terminal server farm.

    i said that i would take care of it, but much to my surprise microsoft doesn’t provide a MSI for GPO deployment (at least not in the way i was expecting it). it took me a few hours, but i found a good way to get this accomplished pretty quickly and thought i would share.

    1. get silverlight @ http://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx and save the exe into c:silverlight