Note this is an older post that I am migrating from another blog I previously maintained. Metasploit has already provide a nice write up of the pwning, I mean testing the vector http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html. It does involve a bit of prep work but I …
This installment is about keeping your notebook and other technology items safe. I was recently asked what the Defcon locks were for that I have been distributing with the new notebooks. I jokingly said to keep people from taking your monitor and chair from your desk while your on travel …
These tools may help rid a computer system of malware but be warned they can be very destructive to your system. In other words if you don’t know what you’re doing then backup what you can and take it to a professional. Ad-Aware - This seems to be a …
Here’s a short list of safe computing tips that may help you stay safe. \1. Passwords, use complex passwords and do not use the same password for MySpace/Facebook as you do for your banking website. This is an easy habit to get into so try to break the …
So I recently acquired a new notebook and I of course wanted the notebook to be secure. When I say secure I’m not just talking about preventing someone from exploiting the notebook from the wild but the problem of physical security with regards to someone stealing it. There are …
In a graduate course I was taking, our professor wanted us to tool around with the Metasploit project. This tool makes quick work of exploiting vulnerabilities. After the client takes the opens the link, I ran ‘ipconfig’ to ensure I had remote connectivity. Here a shell that I ran ‘ipconfig …
A lot of information may be stored on a drives slack space. If you want to get rid of these artifacts then run the usual tools to clean up the system like ‘Disk Cleanup’, ‘Defrag’, etc.. and then run the following command. C:\Users\Crypto>cipher.exe /w:C: To …
In this post I am going to share my experiences with encrypting a secondary drive in a Windows Vista environment. The hardware is a Dell Optiplex core 2 duo. I will be encrypting a 1 terabyte Hitachi drive which I use primarily for storage. The first piece of software I …
A web server running Apache 2 and PostgreSQL was successfully compromised using a SQL injection vulnerability. I first noticed there was a new table in one of our PostgreSQL databases named ‘t_jiaozhu’. public t\_jiaozhu table postgres The table wasn not something that myself or our developer had created so …
Most users I know run Microsoft products. A few of you may benefit from some basic tips to keep your computer out of BestBuy or your local computer vendor for repairs. The first and probably most important is also the most difficult to get people to abide by. Use UAC …
Every day technology creates efficiency for millions of people. With all of the benefits that technology provides there are also many pitfalls that come with convenience. Online vendors make it easy for people to purchase goods at reasonable prices when compared to brick and mortar stores. There are many good …
Witlog claims he do not use his botnet for illegal purposes, only “for fun.” I found that claim pretty hard to believe given a) the income he could make installing ad-serving software on each computer under his control, combined with b) the risk he is taking of getting caught breaking …
People are becoming aware of the insecurities posed by online shopping, browsing, and even messaging. The days of email that are obviously spam due to misspelled words and links that contain ip addresses instead of dns names are moving to a new level. The following post describes the process in …