Live boot CDs have always been the mainstay of security and incident response toolkits. These days CD drives are starting to become scarcer, optical media is prone to scratching, and flash media is rapidly getting cheaper. Additionally flash drives often have much high capacity storage for their size. As a result USB pendrives are starting […]
Monthly archives: June 2009
BackTrack4 Pre-Release Released
The Remote-Exploit boys have done it again, pre-release version of BackTrack 4 is available for download here. As always there is a large amount documentation available on the Remote-Exploit wiki and forum, and the Offensive-Security blog. In case you’ve been living under a rock, BackTrack is now based on Ubuntu which makes the OS easier […]
Denial of Service with Slowloris
Earlier this week the ha.ckers.org blog posted the release of the Slowloris HTTP DoS tool primarily coded by Rsnake, discribed as The low bandwidth, yet greedy and poisonous HTTP client! The attack vector essentially works by initialising an HTTP request but never completes the request, causing the handling thread to wait for the end of […]
Lone Gunman & run books
Keeping with todays theme of working through a backlog, I’ve had two ISC diaries flagged for several months, Dealing with Security Challanges and Making the most of your runbooks. The first is more a question of how to handle security incidents and requirements with minimal resources. This seems to be a common theme, with lots […]
Full Scope Security's Client Side presentation
I’ve been meaning to post a quick review of this for a while, but better late than never… Recorded at Notacon ’09 CG and g0ne gave a great presentation on client side attacks, video here. The talk starts of with explaining what client side exploits are, and more importantly why we should care. And finished […]
Simple Web Honeytraps
Johannes Ullrich recently posted an article detailing quick and simple traps you can add to a web site or web app to flag up suspicious and malicious activity on the site. Johannes does a better job of explain than I could so I’d recommend a read of his post, but put simply the traps discussed […]
Securely wiping a drive with dd
Cleaning the harddrive of any machine, be it desktop, laptop or server, before either repurposing or selling (or even scrapping), should be a basic requirement of any organisation. But there is a seemingly unrelenting stream of reported incident, some of which coming from organisations that really should know better, MI6 and military contractors for example. […]
Acer Aspire One
Last week I bit the bullet and bought a ‘toy’ I’ve been looking at for a while, the Acer Aspire One (AA1), and so far I’ve had few regrets. Whilst being small and, more importantly to me, light the screen size is still large enough to work with (including using multiple windows at once) and […]