The reaction most people have when you point out people are naive enough to post pictures of credit and debit cards online is to laugh, surely no one could be that unaware of the risks. But the fact is that the situation has become that common place that a number of Twitter accounts have been […]
Author archives: infosanity
New Download Sources
I’ve been meaning to tidy up some of my older older scripts for some time, and as a colleague recently pointed me in the direction of BitBucket for free hosting of source code repositories this gave me the kick I’d been looking for. The result is my newly created BitBucket account, I’ve released a public repository containing […]
ms12-020 mitigations
This week has been an interesting one for followers of the info-sec arena. On Tuesday Microsoft released a patch and security bulletin for MS12-020 for a critical flaw in remote desktop protocol, allowing for remote code execution without the need to authenticate to the target system first. Since the patch was released the good, the bad […]
echo "fat" | sed s/a/i
I’m a geek (no surprises there), and thanks to too many hours hunched of the keyboard in the dark coding away into the small hours I’ve come to resemble the stereotype; overweight, four-eyed and (preferably) in black. I always assumed that this was me, and was happy with that; but towards the end of last summer there appeared to be an increase in geeks and hacker-types pushing to get fitter: Hackerrun came and went, and a couple of my clients participated in a local 10k run. So I thought I’d see what all the fuss was about and join in.
Pipal password analysis of Kippo password useage
Trying to find an opportunity to give Pipal a run out, I decided to take a look at the passwords gathered by my Kippo installation. First up, I decided to take a look at the passwords used with added accounts once intruders compromise the system. Curious to see if the passwords chosen by those that break systems are vulnerable to the same weaknesses of standard users.
HoneyD network architecture
I was recently asked about the network configuration I use for my honeyd sensor. As I now have a pretty(ish) network diagram showing my setup as a result, decided sharing is caring.
Cuckoo Sandbox 101
It’s a while since I’ve found time to add a new tool to my malware environment, so when a ISC post highlighted a new update to Cuckoo sandbox it served as a good reminder that I hadn’t got around to trying Cuckoo, something that has now changed. For those that don’t know, from it’s own site:
[…] Cuckoo Sandbox is a malware analysis system.
Book Review: Kingpin
Written by journalist Kevin Poulsen, KingPin spans the hacking, cracking and carding underworld spread over several decades. The narrative covers the life and activities of Max Vision, a computer consultant, key member of the carding underworld and ultimately convicted criminal.
Book Review: Zero day
If you’ve got any interest in information security, computer/network administration to just good sci-fi I’d strongly recommend picking up a copy of Zero Day, it may be shorter that I would have liked but I thoroughly enjoyed the time spent in its created scenario
Starting with Artillery
announced the alpha release of a new honeypot, Artillery.
Artillery is a combination of a honeypot, file monitoring and integrity, alerting, and brute force prevention tool. It’s extremely light weight, has multiple different methods for detecting specific attacks and eventually will also notify you of insecure nix configurations.