I recently attended #BSidesDFW2012 this past Saturday. A great time was had by all. There was hacking. There was a lock pick village. There was beer. There were two CTFs. This was my first BSides. But I would gladly attend another. Below are some of the highlights. (more…)
So, you have a PC on your network that you think might be infected with some malware. What do you do? Well, you could always PSExec into the computer and run a series of commands. But why not automate that process and store the results?
That was my motivation for writing this IR-Script. It is like a first response tool for investigating a possibly infected PC. You run the tool, gather a bunch of information, and store it for review. The script gathers the following information from a PC: (more…)
Subsonic is a great client/server music streaming application. You can install the server software on a machine of your choice and stream your MP3s or movies from your server to your phone or to a web browser. (more…)
I’ve downloaded the new Tony Hawk Pro Skater HD for Steam. It’s great playing those old levels again, this time in HD. School II! Yeah! However, there is no configuration for a gamepad other than an XBOX controller. If you use any other gamepad, you might want to invert the Y-Axis so that pushing UP will make you go faster. To do this, open the file below:
<steamInstall>\steamapps\common\Tony Hawk's Pro Skater HD\THHDGame\Config\DefaultInput.ini
Find the following line the in the INI file:
.Bindings=(Name="XboxTypeS_LeftY", Command="Axis aBaseY Speed=1.0 DeadZone=0.3")
Change this line to:
.Bindings=(Name="XboxTypeS_LeftY", Command="Axis aBaseY Speed=-1.0 DeadZone=0.3")
Basically, you change Speed from 1.0 to negative 1.0. Save the file, load up THPS HD, and skate.
If you read the computer security news feeds, you’ve probably heard about the recent Java 7 and IE 6-9 exploits. The problem is that these exploits are discovered before there are any patches or reasonable workarounds for them. Fortunately, there is something that can be done to provide some additional protection that doesn’t involve an anti-virus company. Earlier this year, Microsoft released the Enhanced Mitigation Experience Toolkit (or EMET) version 3. The goal of EMET is to make exploitation of Windows applications difficult or impossible using the common attack techniques we see today. It’s not a silver bullet and won’t protect against every type of attack. But it does add additional layers of protection to your system by enforcing DEP, ASLR, Heap Spray Protection and more. (more…)
Just ran across this great metaphor and thought I would share
A security program is like a boat. If it’s poor, it’s like a boat
with holes in it. You can spent so much time plugging the holes and
bailing water that you fail to progress towards your destination.
However, if you take the time make your boat seaworthy, you will have
a much easier time getting where you’re going.
Earlier this year, I discovered that some WebDAV folders at my job were not configured securely. Long story short, it was bad. Not Everyone has access to Everything bad, but close. WebDAV is basically a file share served up by a web server (see the Wikipedia article on WebDAV for more details). If WebDAV is not configured securely, you are open to data theft, server compromise, and probably a lot more. I found some good information about securing WebDAV in various places and thought I would collect what I found in this post. (more…)
Just had the Unibroue 17 Grande Reserve. It’s a really nice beer (as usual from the folks at Unibroue). I do miss the yearly Unibroue releases. 16 was easily my favorite. But I’ll take 17 Grande Reserve any day. It actually smells like Trois Pistoles, but the color and flavor is lighter. You pick up some light wood from the French Oak and some sweetness from the dark ale. As always, Unibroue hides the 10% ABV very well.
17 in my Duvel glass
As I was reading the article detailing Mat Honan’s multiple account compromise (read the Wired article about it), I was surprised at how easy it was to completely subvert standard security processes around user verification. The entire hack was possible because the attackers were able to gather easily attainable information about Mr. Honan and then use that information against Amazon and Apple to gain access to Mr. Honan’s accounts.
So I asked myself, “What could have been done differently? How could these processes have been changed to prevent this attack?” The trick is to find something that is easy to use, hard to forge, and uses information that is hard to discover or intercept. Here are a few of the ideas that I and others have offered. (more…)
I was installing BeEF (The Browser Exploitation Framework) on Windows 7 and ran into a couple of problems. I eventually got all of them fixed, so I thought I would write up a proper installation guide for future reference. (more…)