Sunday, May 5, 2013

Customizing Windows 8 Tips

There are a lot of things that have changed with the new Windows 8 "Modern Interface" design from Microsoft. Microsoft has had a lot of criticism for the changes and has been pressured to keep or scale back some of the design changes. I don't believe they should. I enjoy the new change and new look. It is very easy to navigate. And some people are even changing Windows 8 to look like Windows 7. What is the point of doing that? Why buy a Windows 8 machine only to get rid of the Modern Interface.
There are some tips to help you customize Windows 8 so you may be more productive, and to better organize your tiles around on your desktop. Because when you do install a program it does just add it to the end of the tiles.
  1. Make Groups: There are plenty of ways to arrange your Start screen tiles to taste: Simply click and drag a tile to change its position on the screen (or hold and drag on a touchscreen). For more global changes, you can pinch to zoom out (or Ctrl-mouse wheel), making your whole screen shrink, with all tiles on multiple screens visible. From this view, you can move and even name groups of tiles.
  2. Lock Screen: You can customize the picture on the lock screen like you can  on a smart phone, which is pretty nice. So when your PC or tablet is in sleep mode or locked it will look nice. :) The way you do that is simple. Just go to the right side of the screen to bring up your settings charms. Then click Personalize--> Lock Screen and then choose either the default pictures or add your own picture. SNAPPY!!
  3. Lock Screen Apps: While we are  customizing our lock screen we might as well provide some useful information. While the screen is locked you can also tell how much battery is left, the time, number emails and other useful information. So the lock screen isn't just for being locked. Under the Lock Screen App section click on the plus sign to add an app you would like to run during the lock screen.
  4. Resize the Tile: If you don't like the size of the tile change it. right click on the tile and a menu will appear at the bottom of the screen. If you want to make the tile smaller the smaller option will appear. If you want to make the tile larger the make larger option will appear.
Those are just a few tips to help make Windows 8 a little more user friendly. I hope this helps, and if you have any questions feel free to leave a comment and let me know.

Thanks

Sunday, July 24, 2011

Metasploit Book Unleashed

I just finished reading a new book from some of the guys at Offensive Security, Metasploit: The Penetration Tester's Guide and all I can say is that it is amazing.  Be sure to check it out and get yours from Amazon.com or your favorite bookseller.

One thing I have to say about it is that if you want to learn how to do a solid penetration test using a tool in every pen tester's toolbox then this has to be in you library. It not only shows you how to test the security of your network using Metasploit.

You learn how to integrate other programs such as nmap, nessus, and nexpose. It also teaches how exploits work and how to craft cleaver exploits that avoid detection. All of this is done with the goal of teaching best practices within pen testing and testing systems. The final step it goes over is cleaning up after the testing.

Another benefit of the book is that it tells you how to configure your lab environment to test some of the techniques and tools to attack both a Windows virtual machine and a Linux virtual machine, and walks you through the steps of doing a pen test in a safe and legal manner. It puts together the steps that you learned throughout the book into a consistent and concise chapter. The pen test is a small one, but with the skills and vm's that they give you it is a good starting point.  

Overall I give this book a 4 out of 5 stars only because I wish it would have been a bigger book. :) I hope they will continue to update the book or expand as the Metasploit Project continues to grow and techniques become more standardized though the Penetration Execution Standards become more firm. 

Friday, June 10, 2011

Gray Hat Hacking 3rd Edition Review

I have just finished reading Gray Hat Hacking: The Ethical Hacker's Handbook 3rd Edition by: Shon Harris. The book has been updated and expanded with new content and expended chapters and techniques.

The book starts out explaining what "Ethical Hacking" is, and what is Responsible Disclosure. You also learn about conducting and managing a penetration test in a professional setting.

Then an exploration of BackTrack 4 R2 is introduced. This is the defacto standard in security and penetration testing used by professionals. The BackTrack chapter could have been longer, but this book isn't designed as a BackTrack manual. Metasploit is also introduced. I think these are the best chapters in the book on using the Metapretor Shell and scripting Metasploit. It goes into real in-depth knowledge on using Metasploit to exploit the systems.
ow to an
The book teaches an introduction on computer programming for security professionals, which is always needed I think. Programming teaches you how to think logically and you can follow what the source code may be trying to accomplish.

The chapters on Malware Analyst is excellent. It builds on the previous chapters of programming and exploitation, which is great. You learn about capturing malware and how to run analysis software to figure out how the malware works and how to possible defend against it.

Monday, May 9, 2011

The Revolution is Coming!!!!

Back|Track Linux 5.0 Codename Revolution is being released on May 10, 2011. This is an exciting release for the security community. Check out Backtrack-linux.org to find out more information and download it.

It may take a couple of days to get to the site because with such a big release the site usually will go down or is slow downloading. That is just the effects of having such a popular computer program.

Some of the features include:
  • 32-bit, and 64-bit Versions (Which is a first for BackTrack)
  • More GPU processing power to crack passwords faster
  • Using Ubuntu 10.04 as the Base OS
  • Updated the Tools.
  • GPL v 3 compliant (Which means this is finally 100% free software with the source code)
  • Redesigned Repository that will be kept up-to-date
  • and so much awesomeness I cannot talk about.

Monday, February 21, 2011

Top Twenty-three Network Administration and Information Security Applications on Android

I decided to review some of the top network administration and infosec applications that I have been using on my Droid 2 phone. Most of these applications are free, and some of them have more advanced features that you can buy in the marketplace. Check it out and if you have any questions or have problems installing or using the application leave me a comment and I will try to help you out.
Thanks,
  1. DNSLookUp: DNS and WHOIS lookup tool that supports the use of multiple nameservers and DNS records types. 
  1. DNS Lookup Tool: DNS Lookup tool provides the ability to perform MX, A, NS, TXT and Reverse DNS lookups
  1. DroidSCP: SCP for Android devices. Transfer your files over SSH for maximum security. Features a recent connection log, local and remote file browser, public/private keys and batch upload/download. With the free version you are limited to transfer only 2 files in batch transfers. And ads are included at the top of the screen. If you don’t won’t those restrictions get the Unlock Key version for $1.49.
  1. Dropbox: Synch your files between your computers and your mobile device. Now you can browse the files in your Dropbox folder from anywhere. Share links to files, save photos and video from your camera to your computers, and open files using your favorite Android apps.
  1. G-Mon: This is a powerful wardriving scanner and GSM/UMTS Netmonitor and drive test tool. It scans for all WiFi networks in range and saves the data with GPS coordinates into a file on your SD card. You can create a kml file for Google Earth. It shows you the encryption, channel and signal strength. It shows all Aps in range in a live map. G-MoN is a wardriving scanner to collect and map all received wifi access points. It is also a 2G/3G netmonitor and field test drive tool for radio planning engineers. You do need to enable GPS for correct position in map.
You can log GSM or UMTS RX levels into a kml file for Google Earth or a csv file. There are 5 color groups for different levels. These levels can be defined by the user in the settings menue. This file is saved into the gmon folder on the sdcard or external memory. When the log is running the G-MoN Notification icon changes color to red. 2G/3G logging does not work when the screen is off.
  1. IP Calculator (IPv4 and IPv6):Performs calculations on IPv4 and IPv6 addresses, networks and netmasks.
  1. Ipconfig:
  1. Location Spoofer: A simple utility to set a fake wireless network location. You have to allow mock locations under Settingsà Applicationsà Development. Pro Version is available for $2.04 which includes: No ads. Spoof a GPS path, setting start and destination or loading a KML file from the sdcard. Set accuracy, max distance allowed from fake location. Search in map screen. Improved location history. Save your favorite places.
  1. ConnectBot: A powerful open-source SSH client. It can manage simultaneous SSH sessions, create secure tunnels, and copy/paste between other applications. This client allows you to connect to Secure Shell servers that typically run on Unix-based servers.
  1. HTTPing: This is a ping but for http-requests. Give it an URL, and it’ll show you how long it takes to connect, send a request and retrieve the reply (only the headers).
  1. NetInfo
  1. OSMonitor
  1. Passdroid: Password manager that stores your passwords in a secure way on your Android device. The passwords are guarded by a master password and strong cryptographic algorithms (AES and SHA256). Includes a password generator.
  1. Mobile Remote Network Controller: Use mobile through WiFi, you can control your PC. Download the PC client to your PC and you are all set. You are also able to use it to control powerpoint presentations or iTunes or any media player. Instructions: http://ben-works.blogspot.com/2011/01/remote-network-controller.html     Desktop Client: https://docs.google.com/leaf?id=0B_VLOKCL5YljMTlmYTc0ZmYtNTc0Mi00NDhhLTgwYTgtOTczZTlhZjhkOWU0&sort=name&layout=list&num=50&pli=1
  1. PingUp
  1. Shark: This is a version of wireshark for the Andriod. It sniffs traffic on both 3G and WiFi. You can download the dumped traffic, which is saved on the SD card, using wireshark on the PC or Shark Reader on the Android.
  1. Shark Reader: This is an application for reading pcap files. It does have problems with large files. But it works good if you do not have access to a PC at the time and need to look at your pcap files quickly.
  1. W&YPages: White and Yellow Pages directory. Easy to use.
  1. Wardrive: Wardriving app, stores scans in sqlite db on the sdcard and displays found networks around in the map. Requires Google Maps installed. Requires valid GPS position to work. You can also filter based on information that you want to show.
  1. Wifi Analyzer: Turns your android phone into a Wi-Fi analyzer. Shows the Wi-Fi channels around you. Helps you to find a less crowded channel for your wireless router. It is a good diagnostic tool to find out where issues with clients wireless may exist.
  1. WifiScanner: A simple scanner for wireless networks.
  1. Wireless Tether: Enables tethering (via wifi and Bluetooth)  for “rooted” handsets running android. Clients can connect via wifi (ad-hoc mode) or Bluetooth and get access to the internet using the 3G, 2G mobile connection. Features: Access-control features. Allow/deny clients to use your mobile-data connection. Wifi-Encryption. 128-bit WEP in general. WPA/WPA2 on supported devices. Settings for wifi-ssid, wifi-channel, lan-network and more.
  1. Z4root: Gain SuperUser Privileges on your android phone.  One of the simplest solutions I’ve seen. All you have to do is load the app onto your phone, run it, and click the button. It will give you root access to your phone, allowing you to install and run apps that require root access. If you run into any probles, just reboot your device and everything should be back to normal, since z4root doesn’t make any major changes to your system files. To find z4root go to http://4shared.com and search for z4root.apk.

Sunday, December 5, 2010

Social Culture of Hackers



Hacking is seen as an underground group. They are very social in nature. No man is an island in the hacker or security community. Hackers share information very liberally. Sites spring up every day to share tools, techniques, news, and other information to fellow hackers and security professionals. Security professionals need to be embracing joining the hacker community not in order to use the techniques of crackers, but so the techniques are known and defenses can be developed.

A couple of well known hacker underground sites include:
Hackers Center Security: http://forums.hackerscenter.com/index.php, T
he Hacker Community:
http://www.hacker.org/,
The 2600:
http://www.2600.com/
Defcon: http://www.defcon.org/.
Most of the hacker community never meets face-to-face. They hang out on irc, chat sites, and IM.
The only time a person get together are at Defcon and Blackhat security conferences.

Mailing lists and RSS feeds are the lifeblood to the security professional. Within the mailing lists and RSS feeds information is delivered as soon as it is available. If you keep up with the research and
security holes within software packages then you are better able to defend against these weaknesses.

Its a fine line between a criminal cracker and a security professional. They both use the same tools and techniques to defend and attack a computer security system. They both run in the same hacker
community because they are both curious about technology and gadgets. The only way you can tell the difference is by their actions.


Hackers have big egos. They love to talk and in most instance they love to share their secrets. Hacking is not hard. You just have to know what you want to accomplish before you start the hack. You can go to forums and chat sites and discover all sorts of new techniques and procedures to hack.

Friday, December 3, 2010

Personal Information as a Security Vector

Personal information such as SSN, medical records, and academic records are as secure as the knowledge that the staff has gained in order to protect the information. The security team can be well trained in computer and physical security. They can be the expert in the field of cryptography and a firewall or security architect, but if the security team does not train and pass along some of their knowledge then it will not be long before the information that they are trying to protect will be owned by an evil cracker that knows how to get within the company and compromise the integrity of the data.

No matter how good a security policy is companies are always vulnerable to penetration from the outside or even from the inside. Just this past week the employees of my company was told that we could no longer bring USB devices or any other storage devices including personal laptops because one employee was caught bringing company information to his home. Although I was not informed of what information the employee was taking home or why, the fact is that he brought the information home. We used to have a program that was supposed to encrypt the drive and the drive would then only be useful only on the computer that encrypt the drive, so I’m not sure what happened with that security measure. The bad thing is my company deals with social security
numbers and medical information every day, so I know that system and procedure would not be HIPPIA compliant.

Also it would not be hard to gather the username and password of the employees at the company because most of the time the information is on their desk or you can just ask them and they will be happy to give you the information, and most of the time the users do not lock their desktops when they leave their desks. This provides instant access to every SSN in the country and the person that would get called out would be the user because SSA knows who accesses what SSN and when it is accessed.
Remember to go to the training classes when offered. If you don't then you may unknowingly give out personal information that you may not have the right to release.