Glad I'm not a BT customer

Once again I’m glad I don’t do business with BT(with the exception of line rental). First Phorm: now this

BT has begun transforming its commercial customers’ Business Hubs into OpenZone hotspots for any passing Tom, Dick or Harry to share, and leaving businesses to figure out how to opt out of the scheme after the fact.

“Free BT public wi-fi hotspot for every business broadband customer” claims the release, proudly suggesting that “Hub owners buy BT Openzone access vouchers … and can choose to pass the vouchers to their customers or resell the prime business service and add revenue”, so you can either screw visitors to your office by selling them vouchers, or pay BT twice for the same bandwidth by giving them away.

Full info can be found here. BT keep managing to setting the bar lower and lower….
Andrew Waite

Windows Right-Click context menus

Whilst doing some research on reverse engineering I came across a useful tip on the Tipping Point MindshaRE blogs. The post details the (simple) steps required to add IDA Pro‘s disassembly to Window’s right-click context menu.

This is definitely simpler than I had expected it to be,although admittedly not something I had investigated before. Judging from the comments to that post the world and his dog already knows how to do this, but I didn’t so I thought I’d share in case anyone else finds this useful aswell. (And it will give me an easy place to find the information again should I forget 😉 )

Instructions, courtesy of Tipping Point:

  1. Open “regedit.exe”
  2. Open the key “HKEY_CLASSES_ROOT”
  3. Locate the file extension class you want.* (“dllfile” and “exefile”)
  4. Open the sub key “shell”, it the key does not exist create it
  5. Create a new key
  6. Give it the text label you want displayed when you right click the file type
  7. Create another key under the label and name it “command”
  8. Open the “(Default)” key under the newly created label key
  9. Add the path to your installation of IDA Pro’s idag.exe binary in double quotes followed by “%1”
  10. Repeat for any other file extensions you want
  11. Close “regedit.exe”

Edited Registry:

Right click in action:
Andrew Waite

Aggressive Network Self-defense

I’m a fan of ‘case study’ type research and analysis, so I think I hit pay-dirt when I found this book. I’ve had the book on my shelf for a couple of years now and keep coming back to it and re-reading whenever I’m looking for inspiration (or just a good read).

The basis of the book is explained in part two of the book, basically methods and techniques for the ‘good guys’ to fight back against the ‘bad guys’. The line is far too blurred and ambiguous in these cases for me to recommend anyone trying these techniques in the real world, at least not without a very good understanding of all of the relevant laws.
In real-world examples so far I’ve seen researches err on the side of caution and not fight back. A real world example and debate of the possibility can be read with Tipping Point’s blogs regarding the research of Kraken, article in question can be found here although I’d recommend reading all of their posts regarding the Kraken research as it is still interesting, even after nearly twelve months.
In the first part of the book each chapter (8 in part one) focuses on a different topic and scenario, and is written by a different author (including Johnny Long and Dan Kaminsky, with all authors being recognisable from their own fields). Topics range from modifying network games to trap and identify a system intruder, to a blow by blow account of an intruder and sys admin fighting to gain/maintain control of the corporate net.
The book doesn’t go into enough depth regarding any of the attacks, exploits or techniques to allow you to replicate what you read, however it does instil a desire to go out to learn and play with new ideas, the only problem I found was deciding where to start…
Andrew Waite

First Lab Victim

I’ve spent the last couple of hours installing my next victim machine for lab, thought I’d share the process if for nothing else it’ll be a useful reminder next time I delete the wrong file and need to re-do tonight’s work.
Target in this case is a Windows XP install, patched to service pack 2. I’m intending to use this VM for dual purposes, for exploit development (both MS native and third party apps) and for malware analysis. As a result I’m going to make extensive use of VMWare’s snapshotting capabilities, allowing me to have multiple states of essentially the same machine depending on what I’m working on at any point in time.
For resource allocation the VM has a 4GB HDD and 512MB of RAM, the RAM may get expanded depending on performance if I’m working on the VM (during malware analysis) rather than just exploiting it.
There is a NIC configured (not connected at power on) to the WAN network to allow access to the web for tool downloads etc. Permenant NIC has access to a ‘malicious’ ESXi vLAN which has not outside access. Once the OS was installed it was connected to the outside world to allow the OS to allow it to phone home and authenticate. At this point the VM was snapshotted to provide a ‘clean’ base incase I need to start from scratch without having to re-install.
Following this I changed the desktop wall paper, so I can tell if I’m in a VM or my real machine, hopefully should help prevent ‘accidents’. Basic tools were installed at this point, before I final generic snapshot:

I’m fully expecting this list of tools to expand as I gain experience, but for now this should provide a workable environment. Just need to go and exploit something now…
Andrew Waite

Satellite Hacking

Just read an interesting article on El Reg about Adam Laurie, who has supposedly been ‘hacking’ satellite feeds. Unless I’m missing something it appears to be more a case of sniffing unencrypted communication coming from and going to satellites, but it is interesting in any case.
One of the parts of the article I liked was the comment on the UK’s Privacy laws:

A resident in the UK, Laurie says he’s careful to obey the country’s privacy laws. While he is able to identify certain traffic as email, for instance, he doesn’t actually read the contents of the message. Still, he says it isn’t always easy to follow the letter of such laws because they prohibit people from receiving a message if they aren’t the intended recipient.

“It’s a bit of a quandary,” Laurie says. “You can’t tell you’re not supposed to see that data until after you see it. I can’t unsee what I’m not supposed to have seen.”
Whilst I’ll agree that some of the privacy laws are ‘strange’ the actions Laurie took was looking for traffic in which he wasn’t the intended recipient for any of it, as someone pointed out: if you’re concerned you might be breaking the law you can stop looking.
Andrew Waite

Lab environment

I’m currently in the process of getting my lab environment in place so I’ve got a safe (and secure) place to test all of my projects and thoughts. To assist I’ve been reading Michael Gregg’s “Build your own security lab“, it is a good resource and comes with some good tools (like a trial of Core Impact). However, it may not provide too much you didn’t already know if you’ve got some experience in the field.
For hardware I picked up an HP Proliant ML110 from Ebuyer at a great rate. I’ve since upgraded the RAM to 5GB (will max it to 8gig as needed and finances allow), this has become a great virtualised server running VMWare ESXi.
Going forward I intend to add in a Cisco switch (probably 2960) to segregate my lab network from my home net, whilst still mixing physical hardware with virtual.
Andrew Waite


Thought I better get around to christening this blog with the first post. I’m intending to use this as a place to log my projects and ‘interesting’ findings. Along the way I may even produce something useful to the wider world.
Hopefully you’ll find my wibblings useful, informative or just humorous. Let me know either way.
Andrew Waite