Forensic Analysis of a Live Linux System, Pt. 1 1. Introduction During the incident response process we often come across a situation where a compromised system wasn't powered off by a user or administrator. This is a great opportunity to acquire much valuable information, which is irretrievably lost after powering off. I'm referring to things such as: running processes, open TCP/UDP ports, program images which are deleted but still running in main memory, the contents of buffers, queues of connection requests, established connections and modules loaded into part of the virtual memory that is reserved for the Linux kernel. Sometimes the live procedure described here is the only way to acquire incident data because certain types of malicious code, such as LKM based rootkits, are loaded only to memory and don't modify any file or directory. Other problems arise when we plan to take legal actions and need to comply with local laws. 2. This article is divided into four related sections: 2.1 Fitting to the environment Step 2: Media mounting
An Overview of Cryptography As an aside, the AES selection process managed by NIST was very public. A similar project, the New European Schemes for Signatures, Integrity and Encryption (NESSIE), was designed as an independent project meant to augment the work of NIST by putting out an open call for new cryptographic primitives. NESSIE ran from about 2000-2003. CAST-128/256: CAST-128, described in Request for Comments (RFC) 2144, is a DES-like substitution-permutation crypto algorithm, employing a 128-bit key operating on a 64-bit block. A digression: Who invented PKC? 3.3. Let me reiterate that hashes are one-way encryption. Hash algorithms that are in common use today include: Message Digest (MD) algorithms: A series of byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message. A digression on hash collisions. Without meaning to editorialize too much in this tutorial, a bit of historical context might be helpful.
Packet Crafting for Firewall & IDS Audits (Part 1 of 2) With the current threat environment that home and corporate users face today, having a firewall and IDS is no longer a luxury, but rather a necessity. Yet many people do not really take the time to make sure though that these lines of defense are indeed working properly. After all, it is very easy to invalidate your router's entire ACL list by making a single misconfigured entry. The same can be said for your firewall, whereby one poor entry into your iptables script, for example, could leave you vulnerable. It is best to not blindly rely on the output of certain automated tools when auditing devices that safeguard your valuable computing assets. This article is the first of a two-part series that will discuss various methods to test the integrity of your firewall and IDS using low-level TCP/IP packet crafting tools and techniques. Benefits of packet crafting There are some side benefits to learning how to audit your firewall and IDS though the use of packet crafting. Assumptions
Hacktivismo cDc releases Goolag Scanner (posted by MiB on Februari 20th, 2008) SECURITY ADVISORY: The following program may screw a large Internet search engine and make the Web a safer place. LUBBOCK, TX, February 20th -- Today CULT OF THE DEAD COW (cDc), the world's most attractive hacker group, announced the release of Goolag Scanner, a web auditing tool. Goolag Scanner enables everyone to audit his or her own web site via Google. The scanner technology is based on "Google hacking," a form of vulnerability research developed by Johnny I Hack Stuff. He's a lovely fellow. "It's no big secret that the Web is the platform," said cDc spokesmodel Oxblood Ruffin. Goolag Scanner will be released open source under the GNU Affero General Public license. Goolag Scanner is a standalone windows GUI based application. Press Contact Oxblood Ruffin oxblood at hacktivismo.com About Goolag Scanner About Wau Holland and here See J.
Institute - The SANS Security Policy Project Welcome to the SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies. You'll find a great set of resources posted here already, including policy templates for twenty-seven important security requirements. Find the Policy Template You Need! There is no cost for using these resources. Over the years a frequent request of SANS attendees has been for consensus policies, or at least security policy templates, that they can use to get their security programs updated to reflect 21st century requirements. This page will continue to be a work in-progress and the policy templates will be living documents. We'll make improvements and add new resources and sample policies as we discover them. Is it a Policy, a Standard or a Guideline? What's in a name?
Computer Security Resource Center Anti-Virus test file Additional notes: This file used to be named ducklin.htm or ducklin-html.htm or similar based on its original author Paul Ducklin and was made in cooperation with CARO.The definition of the file has been refined 1 May 2003 by Eddy Willems in cooperation with all vendors.The content of this documentation (title-only) was adapted 1 September 2006 to add verification of the activity of anti-malware or anti-spyware products. It was decided not to change the file itself for backward-compatibility reasons. Who needs the Anti-Malware Testfile (read the complete text, it contains important information)Version of 7 September 2006 If you are active in the anti-virus research field, then you will regularly receive requests for virus samples. Other requests come from people you have never heard from before. A third set of requests come from exactly the people you might think would be least likely to want viruses "users of anti-virus software". The good news is that such a test file already exists.
HOWTO bypass Internet Censorship, a tutorial on getting around filters and blocked ports Remote-Exploit.org - Supplying offensive security products to the world Top 75 Network Security Tools Professional Security Testers resources warehouse Linux Exposed :: The Linux Security and Hacking Resource - Home