average admins

http://www.security-database.com/toolswatch/Nipper-version-93-released.html

This software works both in Windows and Linux.

(more…)

We just recently rolled out about 60 new desktops at work and none of those systems were showing up on our WSUS server.

I spent the better part of today addressing the issue.

(more…)

I use this link often when setting up new computers or helping a friend or family member secure theirs. Since I’m always searching for this site, I decided to mirror a copy of it here.

If someone knows of a better suite of tools please let me know.

So how did I get infected in the first place?
http://www.castlecops.com/postlite7736-.html

(more…)

Originally posted on cocoacrusty.com on Tuesday, April 17th, 2007.

I have been looking for a Mac OS X alternative to TechSmith’s Camtasia Studio ever since I started using my MacBook last year. Camtasia Studio allows you to capture videos of your computer’s desktop as you work in applications and then edit and arrange those captured videos to make a movie viewable in a number of different formats. You can even make interactive videos for training and educational purposes with Camtasia Software. Needless to say, the software is very impressive but it has only one drawback that keeps me from buying it… It is only available for Microsoft Windows machines and is not currently available for the Macintosh platform (and may never be available on a Mac unless we can do some CrossOver trickery).

Today, I was thinking about how I needed to redo a demo for some software I developed for my personal business, Fruitful Solutions, and I needed to see what was available for doing this on the Mac. My 30-day free trial of Camtasia Studio expired a while ago and I didn’t really want to pay the $299.00 for Camtasia Studio plus have to use my Windows machine to do the demo. I did some searching and came upon a great alternative for a really great price. Enter Snapz Pro X from Ambrosia Software.

Snapz Pro X, version 2.0.3, is a very powerful application allowing a number of screen capture features for still images and video. There are a number of different compression and output options available for both types of captures as well as the ability to record anything that is playing internally on the Mac’s audio system and from a microphone input. Basically, I get all the functionality I had with Camtasia Studio, minus some editing features that I can do within additional free software if necessary, for the very welcome and very low price of $69!

I used the software this evening to see how well it worked and after easily creating a video capture of my desktop and me messing around in some applications, I was sold. The output at 30 FPS was phenomenal and the file size was manageable. I believe this software has every feature that I am looking for to recreate my presentation and demo for my application, even at a price almost anyone with the need can afford.

If you’re in the market for some screen capture software for your Mac, I highly recommend looking into Snapz Pro X. There is a trial version available so you can try before you buy. Give it a shot. I don’t believe you’ll be disappointed.

Until next time…

Originally posted on cocoacrusty.com on Monday, April 16th, 2007.

This post is the reason I posted my previous blog entry on installing the Metasploit framework on my Apple MacBook. Chris sent me a link to this movie showing someone exploiting a vulnerability in Microsoft’s Windows. The .ANI Header Stack Overflow vulnerability allows a remote attacker to send a malicious e-mail to an unsuspecting user with an unpatched Windows machine and gaining remote shell access.

After Metasploit was installed on my MacBook, I followed the steps in the movie as they were shown and it worked like a champ. The recipient of the e-mail has to be viewing the e-mail in HTML. I was only able to exploit this vulnerability when using Microsoft Outlook or Microsoft’s Outlook Express e-mail client’s when the client was setup to view messages in HTML. Either way, I gained access to one of my own machines using this exploit and it showed me just how easy it would be for someone with malicious intent to really wreak havoc on a novice or unsuspecting user.

I am impressed at the whole concept behind the Metasploit framework for exploiting known vulnerabilities and delivering payloads with basically the push of a button. The interface and command logic is easy to understand, for this exploit anyway, and I look forward to learning more about the framework, the exploits, and the payloads in the near future.

Until next time…

Originally posted at cocoacrusty.com on Monday, April 16th, 2007.

I have known about the Metasploit framework for quite some time but have never really known how to use it or taken the time to learn. Recently, Chris inspired me to try it by showing me a movie explaining how to exploit a vulnerability in Microsoft Windows related to the .ANI Header Stack Overflow Vulnerability (more on this in my next post).

Before I could begin working with this nifty little exploit in Metaspolit I had to get the framework installed on my MacBook. Metasploit is a suite of Ruby scripts and will run on virtually any Unix based operating system and Windows (with some minor tweaking). I checked the MacPorts for Metasploit and it was available as a port install but the latest version in the ports tree was 2.7. I needed at least version 3.0, and later determined I needed a development version, version 3.1, from the trunk to get the exploit I was after.

The first thing I did was upgrade my Subversion client on Mac OS X. I got the universal binary from here and installing and upgrading my Subversion was pretty painless. It installed like most other Mac applications from a package.

(more…)

These guys have put together the ultimate list of software. It’s not all free and it doesn’t all run from a USB drive, but if there’s not a piece of software on here you can’t use then, well, then you have a lot of software!

http://www.anova.org/software/index01.htm

I’m cheap. Really cheap. If I can get something for free (legally, of course) I’ll do it. I’m also into junk. You might think that old hub is a candidate for the trash bin, but to me it looks like a perfect chassis for a DIY project.

Like most techs, I am given a lot of stuff that I just can’t use, and I would prefer to see it go to a good home. For example, I have a perfectly good Dell P3 sitting at the house that I will never use. I also have an extra keyboard, server, and a few other goodies too. What I’m proposing is that AA establish a new category called AA Trading Post. Any extra gear you have can be posted here for others to take advantage of. If you need gear (say, a hard drive for a dying machine at home), you can post a wanted ad as well. Here are the only two limitations:

• Gear must be free. This ain’t eBay, folks; remember, the goal is to see your hardware go to a good home. If it is nice enough that you could make some decent cash off of it, then you probably shouldn’t post it here anyway.
• Items listed must be technology related. No 4 wheelers or baby outfits. Beyond that, I think anything from a CPU to a soldering iron would be just fine.

I see two good things coming out of this: First, we get to clean out our garages (or make them worse!); Second, we could advertise this around on different sites, which would drive traffic up to AA. Texarkana needs a tech trading post, and this would be the perfect place.

What do you think? Let me know!

Josh

http://www.darknet.org.uk/…tools/
http://www.security-database.com/…FireCAT.html

Security-Database.com team is happy to announce its new Firefox Framework Map collection of the most useful security oriented extensions. We called the framework FireCAT. It stands for FireFox Catalog of Auditing Toolbox.

FireCAT is based upon a paper we wrote some weeks before (Turning firefox to an ethical hacking platform) and downloaded more than 25 000 times. We also thank all folks that encouraged us and sent their suggestions and ideas to make this project a reality.

This initial release is presented as a mindmap and we are open to all your suggestions to make it a really good framework for all the community of security auditors and ethical hackers.

This is for those of you that haven’t seen this yet. The blurb from their site basically says it all.

http://www.ossim.net/

This thing looks too cool to not write about. It’s basically an all-in-one monitoring solution that includes a ton of the top Open Source applications.

Ossim stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant a network/security administrator with detailed view over each and every aspect of his networks/hosts/physical access devices/server/etc…
Besides getting the best out of well known open source tools, some of which are quickly described below these lines, ossim provides a strong correlation engine, detailed low, mid and high level visualization interfaces as well as reporting and incident managing tools, working on a set of defined assets such as hosts, networks, groups and services.

All this information can be limited by network or sensor in order to provide just the needed information to specific users allowing for a fine grained multi-user security environment. Also, the ability to act as an IPS (Intrusion Prevention System) based on correlated information from virtually any source result in a useful addition to any security professional.

Components
Ossim features the following software components:

* Arpwatch, used for mac anomaly detection.
* P0f, used for passive OS detection and os change analisys.
* Pads, used for service anomaly detection.
* Nessus, used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
* Snort, the IDS, also used for cross correlation with nessus.
* Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
* Tcptrack, used for session data information which can grant useful information for attack correlation.
* Ntop, which builds an impressive network information database from which we can get aberrant behaviour anomaly detection.
* Nagios. Being fed from the host asset database it monitors host and service availability information.
* Osiris, a great HIDS.

To this we add a bunch of self developed tools, the most important being a generic correlation engine with logical directive support. Finally we take any other device you might have on your network which could contain useful data which, when fed to the system, could allow for a better undestanding of what’s going on on your network.

Profiles
Usually a typical ossim deployment consists of:

* A database host.
* A server which hosts the correlation, qualification and risk assesment engine.
* N agent hosts which do information collection tasks from a number of devices. For a list of plugins please refer to: http://www.ossim.net/dokuwiki/doku.php?id=roadmap:plugins
* A control daemon which does some maintenance work and ties some parts together. It’s called frameworkd.
* The frontend is web based, unifying all the gathered information and providing the ability to control each of the components.

It’s really cool to see people/companies build stuff like this. They even provide a VMware image so you don’t have to do any of the building of it yourself. The VMware Player is free and works on any operating system, however you really should be using VMware Workstations since it offers a ton more features than the little player does.