Patrick Dean
Dissecting The Hack - An Information Security Community. Lares from LOW to PWNED. Privsec. Windows Hardening Guide - Erik's IT-Security notes. Be advised that work on this guide has only just begun. Latest change: 2008-11-29 01 2009 V0.5 Erik Zalitis Security baseline for Windows server 2003 and Windows server 2008 This document describes the steps necessary to harden an already installed Windows 2003 Server installation. This is meant to help you create and maintain a minimum security baseline. Checklist Go through this checklist and document every time when you choose not to adhere to the baseline.
Installation shall be done on a clean system Reason: Security Baseline for Windows 2003 Server When you upgrade a system, you will get a lot of extra files, leftover registry entries and other remaining data that could affect stability and security. Only one Operating System on the server Reason: Avoid dual boot configurations. English version must be used Reason: Localized Service Packs and software are released later than the native English one. All partitions use NTFS Reason: NTFS supports security properties and auditing. Make Your Email Hacker Proof. It's only a matter of time until your email gets hacked. Don't believe me? Just read this harrowing cautionary tale. When [my wife] came back to her desk, half an hour later, she couldn’t log into Gmail at all.
By that time, I was up and looking at e‑mail, and we both quickly saw what the real problem was. In my inbox I found a message purporting to be from her, followed by a quickly proliferating stream of concerned responses from friends and acquaintances, all about the fact that she had been “mugged in Madrid.” The account had seemed sluggish earlier that morning because my wife had tried to use it at just the moment a hacker was taking it over and changing its settings—including the password, so that she couldn’t log in again. Now get everyone you know to read it, too. Your email is the skeleton key to your online identity. The good news, at least if you use GMail, is that you can make your email virtually hacker-proof today, provided you own a cell phone.
Have Your Cell Phone Ready. Four ways to disable or enable USB Ports in Windows 7. How often you have witnessed blocked Pen drive or USB drive access in your work place or college or school? I believe many times; in fact every time you try to use the USB drive, you are not allowed, simply because the administrator has disabled USB drive detection on your PC. Again, how often has your data been stolen because someone connected an unauthorized USB to your computer and copied your files? Well, you don’t need to worry because the solution to disable or enable USB Ports is pretty simple.
There are three ways an administrator can prevent using of USB Drives. They are: Altering registry values for USB Mass Storage Devices.Disabling USB Ports from Device Manager.By Un-installing the USB Mass Storage Drivers. Lets us look at how we can fix these problems and enable USB on Windows 7 PC. 1. If the administrator is smart then he would definitely do this to ensure a tight blockade. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR 2. 3. 4. Learn How to Pass (or Beat) a Polygraph Test | AntiPolygraph.org.
Educate yourself. Before playing Russian roulette with your reputation, learn how to protect yourself against this invalid test. Download AntiPolygraph.org's free book (1 mb PDF): The Lie Behind the Lie Detector The dirty little secret behind the polygraph is that the "test" depends on trickery, not science. The person being "tested" is not supposed to know that while the polygraph operator declares that all questions must be answered truthfully, warning that the slightest hint of deception will be detected, he secretly assumes that denials in response to certain questions -- called "control" questions -- will be less than truthful. An example of a commonly used control question is, "Did you ever lie to get out of trouble? " The polygraph pens don't do a special dance when a person lies.
The test also includes irrelevant questions such as, "Are the lights on in this room? " CBP Polygraph Chief John R. Quarterly Polygraphs for NSA Analysts? U.S. U.S. Court Filings in U.S. v. U.S. Creators. Solowheel. How to Enable Support for Nested 64bit & Hyper-V VMs in vSphere 5. With the release of vSphere 5, one of the most sought out feature from VMware is the ability to run nested 64bit and Hyper-V guest virtual machines in a virtual ESXi instance. Previous to this, only 32bit virtual machines were supported as the VT-x/AMD-V Hardware Virtualization CPU instructions could not be virtualized and presented to the virtual ESX(i) guest.
This feature is quite useful for home and lab setups in testing new features or studying for VMware certifications and running multiple vESX(i) instances. You will still be required to have a 64bit capable system and CPU and you will need to be running ESXi 5.0, this will not work for ESX(i) 4.x or older.
The above diagram depicts the various levels of inception where pESXi is your physical ESXi 5.0 hosts. Note: You will not be able to run a 4th level nested 64bit VM (I have tried by further passing the HV instructions in the nested guest) and it will just boot up and spin your CPUs for hours. 1. 2. 3. 2. 3. Intel Hosts: AMD Hosts: VMware ESX 4 can even virtualize itself | VCritical. NEW: VMware vSphere 5 makes this even easier and supports nested 64-bit guests.
Running VMware ESX inside a virtual machine is a great way to experiment with different configurations and features without building out a whole lab full of hardware and storage. It is pretty common to do this on VMware Workstation nowadays — the first public documentation of this process that I know of was published by Xtravirt a couple of years ago. But what if you prefer to run ESX on ESX instead of Workstation? You may be pleased to know that the GA build of ESX 4 allows installing ESX 4 as a virtual machine as well as powering on nested virtual machines — VMs running on the virtual ESX host. VMware vSphere 4.1 UPDATE: VMware ESXi 4.1 has a keyboard issue when virtualized on an ESX 4.0 host. The extra tweaks to make it all work are minimal, and I will show you how without even opening up a text editor. Create a new VM with the following guidance (choose “Custom”): To prevent this, just one tweak is needed: NIST SP 800 Series.
NIST uses three NIST Special Publication subseries to publish computer/cyber/information security and guidelines, recommendations and reference materials: SP 800, Computer Security (December 1990-present): NIST's primary mode of publishing computer/cyber/information security guidelines, recommendations and reference materials (SP 800s are also searchable in the NIST Library Catalog); SP 1800, NIST Cybersecurity Practice Guides (2015-present): A new subseries created to complement the SP 800s; targets specific cybersecurity challenges in the public and private sectors; practical, user-friendly guides to facilitate adoption of standards-based approaches to cybersecurity; SP 500, Computer Systems Technology (January 1977-present): A general IT subseries used more broadly by NIST's Information Technology Laboratory (ITL), this page lists selected SP 500s related to NIST's computer security efforts.
Note: Publications that link to dx.doi.org/... will redirect to another NIST website. The FIPS by Numerical Order Index. Download. Infosec Island. SecTools.Org Top Network Security Tools. Justbeamit.com. Data Director Documentation Center. Karishma Bagga's review of Philips PD9000/37 9-Inch LCD Portable DVD ... USB support for ESX/ESXi 4.1. How to optimize PostgreSQL database size. PostgreSQL is a powerful, open source relational database system.
It has more than 15 years of active development and a proven architecture that has earned it a strong reputation for reliability, data integrity, and correctness. One of the PostgreSQL's most sophisticated features is so called Multi-Version Concurrency Control (MVCC), a standard technique for avoiding conflicts between reads and writes of the same object in database. MVCC guarantees that each transaction sees a consistent view of the database by reading non-current data for objects modified by concurrent transactions. Thanks to MVCC, PostgreSQL has great scalability, a robust hot backup tool and many other nice features comparable to the most advanced commercial databases.
Unfortunately, there is one downside to MVCC, the databases tend to grow over time and sometimes it can be a problem. Test setup For this interesting test I have used a real database that was taken from a great commercial antispam/antivirus product. ALFA NETWORK. Montgomery County Maryland High School Football. [ROOT] Droid 3 root instructions (One Click added for Windows/ Linux/ OSX) Thanks to Framework43 for writing the early one click and psouza4 for rewriting the whole damn thing 6 times Instructions couldn't be more simple: The new Do-All One Click by psouza4. This version can root, unroot, restore to factory, and re-enable ADB temp root(not to be confused with temp root of the phone).This is a link to psouza4's website Screenshot of Version 1.06 ↑↑This is the latest and greatest version. 1.
For Windows XP users having trouble try this -> v7 .bat One Click.The instructions are the same as the EXE version. More help can be found here --> psouza4's website You now have a rooted Droid 3 thanks to the hard work of the following:djrbliss - finding the exploitframework43 - writing the OG one clickpsouza4 - rewriting the whole damn thing 100 timeskrazykrivda - gathering developers and making shit happen As per P3Droid, this method should work on the following devices, as tested:Droid 3, Droid Bionic, Droid X, Droid X2, Droid Pro, Droid 2 Global, Cliq and Cliq 2 Extra advice: Motorola DROID Bionic Rooted with one-click-root [Download] We already knew this was going down but you can now root your DROID Bionic using the simple one-click-root method found to work on a slew of other recent Motorola phones such as the Droid X2 and the Droid 3 all running on Moto's latest Gingerbread builds.
Last week we saw the Bionic was already rooted, but today we have instructions and the download for you. This literally took me about 1 minute to download the latest Motorola drivers and another minute or two to actually root and it was a done deal. Now I'm free to fly around and do titanium backup's and all that good stuff.
Obviously this doesn't fix or do anything with the bootloader "situation" but we'll take root any day for now. Image thanks to kellex. Instructions: -Install Motorola drivers - [click here] -Download the MotorolaOneClickRoot -Plug phone into PC and select “Charge Only” -Enable USB debugging -Navigate to MotorolaOneClickRoot folder and run MotorolaOneClickRoot.exe. Quick, easy and simple right? [device id=1476] Upside-Down-Ternet. My neighbours are stealing my wireless internet access. I could encrypt it or alternately I could have fun. I'm starting here by splitting the network into two parts, the trusted half and the untrusted half.
The trusted half has one netblock, the untrusted a different netblock. We use the DHCP server to identify mac addresses to give out the relevant addresses. /etc/dhcpd.conf IPtables is Fun! Suddenly everything is kittens! /sbin/iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -j DNAT --to-destination 64.111.96.38 For the uninitiated, this redirects all traffic to kittenwar. For more fun, we set iptables to forward everything to a transparent squid proxy running on port 80 on the machine. /sbin/iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1 That machine runs squid with a trivial redirector that downloads images, uses mogrify to turn them upside down and serves them out of its local webserver.
The redirection script. NetShareMonitor : Watch your Shares from Intruders - www.SecurityXploded.com. Unroot/Unbrick using .sbf post from -ikithme- - Droid Forum - Verizon Droid & the Motorola Droid Forum. I take no credit for the release of the .sbf file nor any of Motorola's software or drivers Reactivate means dialing *228 in the phone app and choosing option 1, for those that don't know. Requirements A. 2.0.0 VZW_A855_ESD20_QSC6085BP_C_01.3B.01P_SW_UPDATE.sbf (.sbf file) or 2.0.1 VZW_A855_ESD56_QSC6085BP_C_01.3E.01P_SW_UPDATE_03. sbf (.sbf file) B. RSDLite4.6.7z (RSDLite 4.6) C. ... _4.2.0.zip (32-bit Motorola USB Drivers) ... _4.2.0.zip (64-bit Motorola USB Drivers) Instructions: 1.
Download all of the files above including the 32-bit OR 64-bit Motorola USB Drivers. 2. Install RSDLite 4.6 AND the 32-bit or 64-bit Motorola USB Drivers (Depends on your system most will need 32-bit some will need 64-bit) 3. Credits: dordodim for the sbf file. End notes: Have fun. Edit: If I missed someone in the credits please tell me and I will make sure to add them. Edit 2: TurnKey Linux Virtual Appliance Library: 45+ free ready-to-use applications for virtual machines, the cloud, and bare metal. About Dynamic-Link Libraries. Dynamic linking allows a module to include only the information needed to locate an exported DLL function at load time or run time. Dynamic linking differs from the more familiar static linking, in which the linker copies a library function's code into each module that calls it.
Types of Dynamic Linking There are two methods for calling a function in a DLL: DLLs and Memory Management Every process that loads the DLL maps it into its virtual address space. After the process loads the DLL into its virtual address, it can call the exported DLL functions. The system maintains a per-process reference count for each DLL.
Like any other function, an exported DLL function runs in the context of the thread that calls it. The threads of the process that called the DLL can use handles opened by a DLL function. For more information about DLLs, see the following topics: Injecting a VNC server into a remote computer | nullpointer.dk. Unleashing the power of GDB (part 2) The GNU Debugger[1] is my favorite debugging tool and I personally think it’s essential for any *nix developer to know how to use it properly if you’re working with C/C++, D, Go, Obj-C, Fortran, Pascal, Modula-2 or Ada[2]. This is the second part of Unleashing the power of GDB. It is recommended reading the first ...
Unleashing the power of GDB The GNU Debugger[1] is my favorite debugging tool and I personally think it’s essential for any *nix developer to know how to use it properly if you’re working with C/C++, D, Go, Obj-C, Fortran, Pascal, Modula-2 or Ada[2]. Sed tricks The stream editor, most commonly know as sed, is a wonderful tool for modifying data from files and stdin. Shodan achieved Tonight I was awarded the Shodan (or first black belt) in the martial art Bujinkan Budo Taijutsu. Upgrading to Xcode 4.4 or later Xcode moved to the App Store as of version 4.4 and it had certain consequences to the common programmer.
Profiling with Instruments.app. Solaris Buffer Overflow Protection. Tim Minchin. City of Austin - Parks and Recreation Department: Barton Springs. Google. Yara-project - A malware identification and classification tool. Password Safe - Quickstart Guide. Quickstart Guide Steve McPherson has created this amusing clip highlighting the cooler features of PasswordSafe (Thanks, Steve!) HowToAnswer.com has written a nice introductory guide showing how to get started with PasswordSafe. Here's a short video demonstrating PasswordSafe's menus and features, courtesy of FindMySoft: [The following short guide is taken from Password Safe's online help] Creating and Opening a Safe Password Safe allows users to store all passwords in a single "safe" (password database), or to create multiple databases for different purposes (e.g., one for work, one for personal use).
Each database is independent can be moved and used on different systems, as long as the same version of Password Safe is installed. If you are using Password Safe for the first time, press the New Database button. Create a New Database There are two ways that a new database can be created. Using Stored Passwords Password Safe provides several mechanisms for using stored names and passwords. Trike Scooter Conversions Kits by Treasure Coast Scooters. Master splynter. Openfiler — Openfiler - Open Source Storage Management Appliance. National Cyber-Forensics & Training Alliance. Account Summary. Free2Work, Corporate Responsibility, Slave Labor, Watch List - Free2Work. Call + Response.
Performance impact when using VMware snapshots. iPhone. ONI Home Page. Hacking. App Inventor for Android.
Help.