‘WEP is insecure and breakable’ – No surprise here, everyone knows this is the case. But there can be a large difference between knowing something is theoretically possible and seeing the security provisions fall over merely by being looked at. Recent InfoSanity research has shown WEP is still found on 30% of real-world access points. […]
Author archives: infosanity
Analysis of wireless statistics
As promised when the postman delivered the Alfa equipment, I’ve done some initial analysis of my first wireless capture. The data being analysed was collected during the evening commute back home, a trip that includes urban, sub-urban and rural areas so should be good representative sample group. Security The previous wireless post has already touched […]
Snort implementation on Debian
We’ve just completed the initial build for a new standalone IDS sensor running Snort. Having had previous experience (~1.5 years previously, manual source compile) I was amazed with the ease and speed with which the system was built, configured and operational. I’ll spare most of the details as installation requirements will vary from environment to […]
VMware ESXi updates
A couple of SANs ISC diaries (“Recent VMware updates available” and “VMware exploits – just how bad is it?“) should be a concern for anyone running a VMware lab (or VMware production environment). The ISC diaries explain the situation better than I could, but to cut a long story short the exploits allow a malicious […]
Honeypotting with Nepenthes
If you’ve got an interest in information security, then there is a good chance that you’ve got a good handle on malware in all it’s (in)glorious forms. The books, articles and war stories are nice, interesting and can result in some improved knowledge but to get a real feel for malware nothing beats live samples. […]
New Alfa wireless equipment
I’ve just taken delivery of, and started to experiment with, my new wireless equipment consisting of an Alfa AWUS036H and some additional antennas. My primary (official) motive for purchasing new hardware was that my primary incident response laptop only has 802.11b internal so can’t connect to newer networks (and I’ve just upgraded my home network […]
Booby-trapped Javascript
Fortinet have just released a nice blog post highlighting and analysing some changes in the obfuscated Javascript they are seeing. De-obfuscating javascript is (should be) straight forward as it is interpreted on the fly and you have the source code available (as opposed to a compiled malware binary requiring more advance RE techniques, as discussed […]
RSS Feeds
Something I’ve been meaning to do for a while is document and keep a list of all the RSS feeds I’ve collected over the years, mainly because I can’t remember them all. Initially I had a mild panic as I couldn’t find any of the URLs from the feeds I’ve got configured through Outlook 2007, […]
Dark Reading: DIY security lab
As I’m currently setting up and playing with my home research lab this article from Dark Reading caught my attention. The article doesn’t provide too much ‘new’ material to those that have researched security labs even in minimal depths, but it does focus on how security labs can provide cheap training to keep your skills sharp during the current economic current. I don’t want to paraphrase the article as it is all fairly self-explanatory, for those considering how to use a proposed or existing lab John Sawyers’ article suggests the following possibilities:
Sec610 Reverse Engineering Malware Demo
I spent a very interesting hour with Lenny Zeltser (and others) around a week ago with a live demo of part of Lenny’s Sec610 course. For those interested in taking the course, or malware in general, then I’d suggest that if the demo is a representative sample of the course then you’re likely to really […]