Archive | June, 2010

Google Chrome Set To Follow Firefox In Blocking Out-of-date Plug-ins

Your website & network are Hackable


It’s good news to see that Google is taking security issues seriously when it comes to its Chrome browser. This has been shown before when Google was Willing To Pay Bounty For Chrome Browser Bugs. And well honestly, we haven’t had a lot of news of exploits in Chrome.

Perhaps it’s because the user-base just isn’t that big yet? But to note, Chrome was the only browser in the recent Pwn2Own contest that did not get exploited.

Anyway the story is in this case, Chrome is taking a leaf from the book of Firefox and is planning to add the ability to block out-of-date plug-ins in the browser.

Google will soon prevent insecure versions of plug-ins from running on top of its Chrome browser to make sure they don’t contain security bugs that can be exploited by malicious websites.

In a blog post, members of Google’s security team said the feature, to be delivered “medium-term,” will prevent Chrome from running “certain out-of-date plug-ins.” It will also help users find updates.

The announcement comes a few months after anti-virus maker F-Secure said Adobe’s Reader application replaced Microsoft Word as the program that’s most often exploited in targeted malware campaigns, like the one that Google disclosed in January that exposed sensitive intellectual property. F-Secure said the increase is “primarily because there has been more vulnerabilities in Adobe Acrobat/Reader than in the Microsoft Office applications.” Other plug-ins such as Adobe’s Flash Player and Oracle’s Java Virtual Machine are also routinely attacked.

Firefox demonstrated the use of this function last October when Firefox Blocked the Microsoft .NET Framework Assistant Add-on.

It is important as there are so many Flash vulnerabilities, problems with PDF plug-ins and so on that the ability to disable/block plug-ins is indeed useful.

Plus there are so many user/3rd party contributed add-ons and plug-ins the browser developers do need a way to control them if they wish to retain a good level of browser security.

The ability to run scores of browser plug-ins makes it hard for users to keep their systems fully patched. Mozilla recently addressed this problem by notifying users who run out-of-date add-ons on top of Firefox. Google seems to be going one step further by blocking them altogether.

“Since many plug-ins are ubiquitous, they pose the most significant risk to our user base,” the Google employees wrote.

The auto-blocking will join several other security features being baked into Chrome. Chief among them is a home-grown PDF reader integrated into Chrome that sports its own security sandbox. This is now available in a developer build. The stable Chrome includes a built-in Flash plug-in that Google will automatically update via the browser’s existing update mechanism, which does not ask for the user’s approval.

Chrome has long boasted one of the most advanced sandbox designs, which thwarts attacks by running individual windows and plug-ins in a separate process with limited access to the operating system kernel. Chrome was the only browser at the recent Pwn2Own hacker contest that wasn’t exploited.

The feature isn’t available in the current version of Chrome but will be added in the ‘medium-term’ future. I’m quite interested in the built-in PDF reader which runs in a security sandbox – I think that’s an excellent idea.

Plus the fact they force Flash updates and don’t even require user confirmation. I think that’s fair enough to keep everyone safe and up-to-date, assuming they’ve installed Flash support in the first place and it’s not being forced on them.

The whole architecture of Chrome is more secure and due to the threading is actually more stable too (if one tab hangs, it doesn’t kill the whole process). Plus it’s very fast rendering pages.

Site: The Register


Posted in: Countermeasures, Exploits/Vulnerabilities, Web Hacking

Tags: , , , , , , , ,

Posted in: Countermeasures, Exploits/Vulnerabilities, Web Hacking | Add a Comment
Recent in Countermeasures:
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,153 views
- Password Hasher Firefox Extension - 117,805 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,731 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


PwnageTool 4.01 Released – Jailbreak For iPhone & iPod Firmware 4.0 (iOS4)

Your website & network are Hackable


The big news in the Apple-sphere recently was the released of iOS 4, which *shock&awe* has folders and multi-tasking – w00t.

You can of course jailbreak it with the newly updated PwnageTool 4.01.

On Monday, Apple released firmware 4.0 for the iPhone and iPod touch devices. This of course was a major upgrade.

As advised, you shouldn’t have upgraded your devices if you have previously relied on our tools for hacktivation and/or a carrier unlock.

With that said, today we are releasing PwnageTool 4.01

PLEASE READ THIS ENTIRE POST CAREFULLY, THERE ARE KNOWN UPGRADE TRAPS AND DIFFERENT UPGRADE SCENARIOS THAT NEED TO BE FULLY UNDERSTOOD AND CONSIDERED BEFORE USING THESE TOOLS.

Each supported device has few different scenarios that users need to consider when performing the upgrades, you need to check below and perform the upgrade in the particular way that matches your current device state.

NB: With PwnageTool 4.01 certain devices are not supported this is because they are not supported in iOS 4.0 or they are not supported by our software. We’re working on ways to get past these restrictions.

  • iPhone 2G – not supported
  • iPod Touch – not supported
  • iPod Touch 3G – not supported

Check out the full post for all the details and the download links.

Source: iphone-dev


Posted in: Apple, Hardware Hacking

Tags: , , , , , , , , , , , ,

Posted in: Apple, Hardware Hacking | Add a Comment
Recent in Apple:
- FBI Backed Off Apple In iPhone Cracking Case
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan
- XcodeGhost iOS Trojan Infected Over 4000 Apps

Related Posts:

Most Read in Apple:
- KisMAC – Free WiFi Stumbler/Scanner for Mac OS X - 83,005 views
- Apple Struggling With Security & Malware - 24,138 views
- Java Based Cross Platform Malware Trojan (Mac/Linux/Windows) - 15,934 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


UK Metropolitan Police To Investigate Google Wifi Data Collection

Your website & network are Hackable


Well Google has been getting quite a lot of flack lately over the fact that it had been scanning open Wi-fi access points whilst compiling data for street view.

At first people just thought it’s fair enough, they are just scanning for the SSID and recording if it’s publicly accessible or not – which in all honestly is useful info to have in a mapping system. What alarmed people was after some investigation they were also recording the actual payload data from the Wi-fi networks including any passwords that happened to be sent in plain text.

And they’ve been doing this for 3 years!

The Metropolitan Police force has confirmed it will investigate Google following the company’s recent admission it had mistakenly collected data from unsecured Wi-Fi networks for the past three years. “The MPS has received a complaint regarding alleged access to online activities broadcast over unprotected home and business Wi-Fi networks,” the police force told PC Pro.

“The matter is now under consideration. It has yet to be determined what, if any, offences may have allegedly occurred.” The police will first identify if any laws have been broken. If so, the initial investigation is expected to take up to ten days. The investigation follows a complaint from Privacy International over Google’s activities.

“I don’t see any alternative but for us to go to Scotland Yard,” Simon Davies from Privacy International said last week. Davies was referring to the UK Information Commissioner’s Office’s (ICO) reluctance to investigate the matter. The ICO said while it was aware of the issue, it would only investigate if it finds “evidence of significant wrongdoing”.

The initial investigation is currently ongoing to firstly ascertain if any laws have actually been broken, and well the UK has some pretty tight privacy and data protection laws so I’d be surprised if Google come out of this smelling of roses.

Thankfully the German’s had audited the data so everyone else in the World got to know what Google was really doing, now it’s up to individual countries to protect their users and do something about it.

Or not as the case may be as the people were basically broadcasting that data to the World by using an unencrypted public Wi-fi network and not logging in via SSL/TLS.

Google’s error came to light after the German data protection authority audited the Wi-Fi data collected by Street View cars for use in location-based products such as Google Maps for mobile.

The authority revealed that as well as collecting SSID information (the network’s name) and MAC addresses (the number given to Wi-Fi devices such as a router), Google had also been collecting payload data such as emails or web page content being viewed. However, the French National Commission on Computing and Liberty (CNIL), which has started its own investigation into the issue, passwords and emails were among the Wi-Fi data mistakenly collected.

“We are pleased that the police have taken up this complaint for investigation. An evidence based approach to this complex matter is sorely needed now,” said Davies. “We hope that this difficult process will give Google pause for thought about how it conducts itself. Perhaps in future the company will rely less on PR spin and more on good governance and reliable product oversight.”

Google did not respond to a request for comment.

The French are also stepping up and investigating the matter under CNIL, and it was they who exposed the fact Google were capturing e-mails and passwords.

At the moment it all stands under the premise of ‘mistaken collection’ and that perhaps the Google Engineers had enabled some testing features which captured too much data by mistake.

Google hasn’t responded to the claims or accusations so we’ll have to wait and see how this pans out.

Source: Network World


Posted in: Legal Issues, Privacy

Tags: , , , , , , , , , , , , , , , , , ,

Posted in: Legal Issues, Privacy | Add a Comment
Recent in Legal Issues:
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,705 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,636 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,628 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


w3af 1.0-rc3 Available For Download – Web Application Attack & Audit Framework

Find your website's Achilles' Heel


Our last mention of w3af was back in 2008 when the fifth BETA was released, the team have recently released a new version 1.0 – Release Candidate 3.

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

New Features

  • Enhanced GUI, including huge changes in the MITM proxy and the Fuzzy Request Editor
  • Increased speed by rewriting parts of the thread management code
  • Fixed tons of bugs
  • Reduced memory usage
  • Many plugins were rewritten using different techniques that use less HTTP requests to identify the same vulnerabilities
  • Reduced false positives

You can download w3af 1.0-rc3 here:

Windows – w3af-1.0-rc3.exe
Linux/BSD/Mac – w3af-1.0-rc3.tar.bz2

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- dnmap – Distributed Nmap Framework
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,981,845 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,435,408 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 681,075 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Scotland Yard Arrests Teenages For Involvement In Largest English Language Cybercrime Forum

Find your website's Achilles' Heel


It seems both the US and UK governments have been cracking down pretty harshly on cybercrime operations over the past two years. A number of ‘underground’ forums and cybercrime operations have been shut down including those involving botnets, carding and phishing.

One of the big stories earlier this year was the Former DarkMarket Admin Facing a 10 Year Jail Sentence, and earlier that the site was actually part of an FBI sting operation.

This time two teenagers have been caught by the PCeU (part of Scotland Yard) in London for involvements in various shady activities.

Two teenagers have been arrested for their alleged involvement in the world’s largest English-language cybercrime forum. The pair were detained by appointment in central London on Wednesday by the Police Central e-Crime Unit (PCeU), a national unit based at Scotland Yard.

An eight-month investigation into the forum, which hasn’t been named, found it had almost 8,000 members who traded malware, cybercrime tutorials and stolen banking information. The cybercrime tools for sale included the ZeuS Trojan and data stolen from machines it has already infected. Detectives have so far recovered 65,000 credit card numbers from the forum.

It’d be interesting to know which forum this is with over 8000 members and being English language, there’s not very many of those around. There’s not really much detail included in this initial report, no names or handles, the forum is not disclosed and how they were caught has also not been shared.

I’m pretty sure all the details will come out sooner or later, perhaps the operation is still on-going so they don’t want to let too much slip.

The two males, aged 17 and 18, were arrested on suspicion of encouraging or assisting crime, unauthorised access under the Computer Misuse Act and conspiracy to commit fraud. The have been bailed pending further investigations.

The PCeU’s Detective Chief Inspector Terry Wilson said: “Today’s arrests are an example of our increasing effort to combat online criminality and reduce national harm to the UK economy and public.” The unit has already had its budget slashed as part of Home Office cuts.

It’s a shame to see this unit facing a budget cut, but well the UK economy is in a mess now so it’s fair enough.

We’ll be watching for a follow-up on this story.

Source: The Register


Posted in: Legal Issues, Malware, Spammers & Scammers

Tags: , , , , , , , , , , , , , , , ,

Posted in: Legal Issues, Malware, Spammers & Scammers | Add a Comment
Recent in Legal Issues:
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,705 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,636 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,628 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


nwmap v0.1 Released – Map Network From PCAP File

Find your website's Achilles' Heel


This is a neat little tool especially for people doing penetration testing assignments, especially if you’ve done some packet dumps and have PCAP files you can use nwmap to map out live IP addresses.

I’d guess it’d be used in the information gathering stage before you fire up your port scanners etc.

nwmap is basically a Perl script which takes a PCAP file as input and identifies valid subnets in the file. It then assumes a netmask of /24 and searches all those subnets for live IPs. It then groups all the IP addresses based on the number of hops.

Requirements

Make sure you have the following:

  • sort
  • host(DNS lookup)
  • nmap(Port scanner)
  • tcptraceroute(traceroute to IP addresses)
  • Tshark(Network sniffer)

You can download nwmap here:

nwmap_0.1.tar.gz

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- dnmap – Distributed Nmap Framework
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,981,845 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,435,408 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 681,075 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Australians Propose ‘No Anti-virus – No Internet Connection’ Policy

Your website & network are Hackable


So after a year of research and debate, what did the Aussies come up with? A policy to disconnect people from the Internet if they get infected by a virus..

Rather naive isn’t it? Plus if your ISP cuts you off, how exactly are you supposed to resolve the problem without a connection to do research and download updates/patches?

AUSTRALIANS would be forced to install anti-virus and firewall software on their computers before being allowed to connect to the internet under a new plan to fight cyber crime. And if their computer did get infected, internet service providers like Telstra and Optus could cut off their connection until the problem was resolved.

Those are two of the recommendations to come from a year-long inquiry into cyber crime by the House of Representatives Standing Committee on Communications. Results of the inquiry, titled Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime, were released last night in a 260-page report. In her foreword, committee chair Belinda Neal said cyber crime had turned into a “sophisticated underground economy”.

“In the past decade, cyber crime has grown from the nuisance of the cyber smart hacker into an organised transnational crime committed for vast profit and often with devastating consequences for its victims,” Ms Neal said.

Also if they push to make software developers legally responsible for flaws in their software I think the Aussie market is going to miss out on a lot of software that’s being sold elsewhere. Who’s going to want to sell software when a 0-day exploit in your software opens you up to direct claims from the consumers using your software?

I applaud what they are doing, because consumer education and Government action is required for a country to increase its level of information security and reduce the cases of phishing and fraud.

During its inquiry the committee heard a growing number of Australians were being targeted by cyber criminals and that increasing internet speeds were likely to make the situation worse. It also heard the problem was costing Australian businesses as much as $649 million a year.

The committee looked at several different examples of cyber crime, including hacking, phishing, malware and botnets. Among its final 34 recommendations were:

  • The creation of an around-the-clock cyber crime helpline.
  • Changes to the law to make unauthorised installation of software illegal.
  • Companies who release IT products with security vulnerabilities should be open to claims for compensation by consumers.

Another of its recommendations was to create a new “e-security code of practice” that would define the responsibilities of internet service providers and their customers.

There’s no realistic way that the ISPs can monitor the level of security on consumers computers, Microsoft is already pushing this hard with its ‘Action Center’ that warns users if they have disabled the firewall, don’t have anti-virus software installed or have not configured Windows Update.

Either way I don’t think consumers and software producers will be very happy if the government do actually implement this policy.

Source: News.com.au


Posted in: Legal Issues, Malware, Privacy

Tags: , , , , , , , , ,

Posted in: Legal Issues, Malware, Privacy | Add a Comment
Recent in Legal Issues:
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,705 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,636 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,628 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


OpenSCAP – Framework For Implementing SCAP (Security Content Automation Protocol)

Your website & network are Hackable


The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities. It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP

SCAP is a line of standards managed by NIST. It was created to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise.

The SCAP suite contains multiple complex data exchange formats that are to be used to transmit important vulnerability, configuration, and other security data. Historically, there have been few tools that provide a way to query this data in the needed format. This lack of tools makes the barrier to entry very high and discourages adoption of these protocols by the community. It’s our goal to create a framework of libraries to improve the accessibility of SCAP and enhance the usability of the information it represents. Tools for parsing SCAP documents and querying content must be created to achieve this. This requires common set of interfaces to be defined and implemented to meet this need. It is the intent of this project to provide these interfaces and functional examples that would allow others in the open-source and vendor communities to make use of SCAP while minimizing the effort needed to gain value from it.

You can download OpenSCAP here:

openscap-0.5.11.tar.gz

Or read more here.


Posted in: Countermeasures, Legal Issues, Security Software

Tags: , , , , , , , ,

Posted in: Countermeasures, Legal Issues, Security Software | Add a Comment
Recent in Countermeasures:
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,153 views
- Password Hasher Firefox Extension - 117,805 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,731 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Windows Help Vulnerability Exploited In The Wild

Your website & network are Hackable


So the other big news this week apart from the AT&T iPad/iPhone 4 screw-up is that a recently announced critical vulnerability in Windows XP is being exploited in the wild.

It was disclosed fairly recently and is a vulnerability in the Windows XP help system disclosed by Tavis Ormandy, a Google researcher who has appeared on this site quite a number of times.

It’s dangerous because a victim can be compromised completely (including remote code execution) just by visiting a malicious web page.

Five days after it was disclosed in a highly controversial advisory, a critical vulnerability in Microsoft’s Windows XP operating system is being exploited by criminal hackers, researchers from anti-virus provider Sophos said on Tuesday.

The flaw in the Windows Help and Support Center was disclosed on Thursday by researcher Tavis Ormandy. His public advisory came just five days after he privately informed Microsoft of the defect, prompting fierce criticism from some circles that he hadn’t given the software giant adequate time to fix the hole. That made it easier for attackers to target the bug, which allows attackers to take complete control of vulnerable machines when a user views a specially designed webpage, the critics howled.

According to Sophos, researchers have seen the first case of a website using the vulnerability to install malicious software on victim machines. “This malware downloads and executes an additional malicious component (Troj/Drop-FS) on the victim’s computer, by exploiting this vulnerability,” they warned.

Well there’s some discussion on the issue going on about responsible disclosure with people saying Tavis made the advisory public too quickly after informing Microsoft. It’s a fair comment considering Microsoft and it’s Patch Tuesday policy which limits the speed in which they can push patches out.

We all know how often Microsoft pushes out-of-bound patches out, very rarely if at all.

Add the fact that Windows XP is coming to the end of it’s life-cycle soon, it’s unlikely they are going to be scrambling to get a patch out.

Microsoft soon amended its own advisory on the vulnerability to say researchers are “aware of limited, targeted active attacks that use this exploit code.” Although the vulnerability also afflicts Windows Server 2003, Microsoft’s advisory said that OS wasn’t “currently at risk from these attacks.”

Ormandy’s advisory has reignited the age-old debate over full disclosure, in which researchers publish complete details of a vulnerability under the belief that it is the best way to ensure a company fixes it quickly. Ormandy has defended his decision to give Microsoft just five days of advanced warning saying in a recent tweet: “I’m getting pretty tired of all the ‘5 days’ hate mail. Those five days were spent trying to negotiate a fix within 60 days.”

Users of XP and Server 2003 should consider disabling features within Help Center that allow administrators to remotely log onto machines.

Oh well, the debates about disclosure will rage on I guess, either way it’s out there now and it’s being exploited in the wild – so as of now it’s a real risk.

For individual users you can use the online application from Microsoft here:

Vulnerability in Help Center could allow remote code execution

Source: The Register


Posted in: Exploits/Vulnerabilities, Windows Hacking

Tags: , , , , , , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,014 views
- AJAX: Is your application secure enough? - 120,153 views
- eEye Launches 0-Day Exploit Tracker - 85,577 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks

Your website & network are Hackable


raw2vmdk is an OS independent Java utility that allows you to mount raw disk images, like images created by “dd”, using VMware, VirtualBox or any other virtualization platform supporting the VMDK disk format.

It could be an interesting tool for doing forensics examinations on compromised boxes when all you have is a dd dump of the drive to work on, it allows you to easily mount the disk in your favourite virtualization platform and get to work doing some forensic analysis.

It analyzes the raw image and creates an appropriately formatted “.vmdk” file that can be used to mount the image right away.

raw2vmdk is written in Java and is designed to be OS independent, simple and flexible. It creates an appropriately structured VMDK file that refers to the raw image, which can then be mounted by VMware, VirtualBox or any other virtualization platform supporting the VMDK disk format, as if it were an actual virtual drive. Thus preserving space and allowing for very fast deployment.

It is extremely simple to use and provides the required results in seconds. This is a new tool, so if you have any feedback please do leave it in the comments below or contact the author directly.

You can download raw2vmdk here:

raw2vmdk-0.1.1.tar.gz

*EDIT* 18/6/2010

keydet89 on Twitter asked about the difference between this tool and LiveView so I asked the author and here’s his reply:

Actually I’m using a couple of their classes to get the disk geometry details needed for the vmdk file. I acknowledge that in my blog and the AUTHORS file.

You see I needed to boot a 74GB pfSense raw image for analysis and “qemu-img convert” is too slow for that kind of thing. Then I came across LiveView, I reviewed the code and manually replicated the process of creating a suitable vmdk file in order to boot the image using VMware.

After I was done my first plan was to port LiveView to *nix, but after a chat with the maintainer and a more detailed review of the LiveView code it proved to be too time consuming. So I decided to automate the manual process I followed and because there’s no need to reinvent the wheel I reused the classes LiveView is using to get the disk geometry.

LiveView is a good tool but very tightly coupled with MS Windows and can’t work from the command line. I needed something OS independent and easy to incorporate into scripts, mainly because I don’t use Windows. Plus, in the code it seemed that LiveView is actually manipulating the VMware ESX, I didn’t much care for that.

I think it’s best to just create the required .vmdk file to allow someone to boot/mount the drive they need and just get the hell out of their way. So overnight I had raw2vmdk ready and you know the rest. :)

You can read more about raw2vmdk at his blog here:

Zapotek’s train of thought…

Or read more here.


Posted in: Forensics, Security Software

Tags: , , , , , , , , , , , , , , , ,

Posted in: Forensics, Security Software | Add a Comment
Recent in Forensics:
- Web Application Log Forensics After a Hack
- CapTipper – Explore Malicious HTTP Traffic
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,447 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 34,338 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 29,163 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95