Sunday, January 29, 2012
Monday, October 17, 2011
Saturday, January 29, 2011
I do not know how to code. I only know a limited amount of Python and Ruby scripts. I can't figure out assembly language and C++. Shellcode scares me. Socket Programming, yeah, a little bit.
But there's a couple of tricks that I do know. I know how packets are made of and how they behave. The OSI layer and TCP-IP 3-way handshake is something close to my heart. I know how to leverage the MSF3 Framework for a goal-oriented penetration testing engagement. I know how to evade firewalls and overall detection using NMAP. I know how to craft my own packets using NPING. I know what a reflective DLL injection is. I know how to migrate an existing exploit from one running process to another. I know the difference between a compromised Windows XP and a clean one by just looking at a running Wireshark capture. I know how to maintain my connection. I know how clean my tracks.
Thank you for hearing me vent by reading this blog. I am just frustrated because everyone is looking for "paper-certified" security researchers when I go over Dice.com, Monster.com and other job hunting websites.
Wednesday, December 15, 2010
Meet Evan Kohlmann "The Terrorist Search Engine"
However, despite having an unprecedented success rate inside the court as an "Expert Witness" in putting bad guys to jail, a lot of IT Security Experts are questioning his research and investigation methods.
One good question from a fellow IT Security Professional posted at Schneier on Security:
@Clive "court recognized Expert Witnesses"
This is related to the profile on Kohlmann. There was the comment on "if his method is sound". Well what's an expert? Someone who knows what they are talking about. How can you tell they are an expert? They know more than me.
Kohlmann should be being challenged by the opposition lawyers as to his qualifications and knowledge. But what can a lawyer really know about any experts’ area? They usually just get the CV and "has testified in many trials of this nature" kinds of anecdotal assurance. While the opposition can try to challenge an expert's testimony they really can't try to impeach an expert, can they?
They are limited to putting their experts up to testify, to rebut the other side’s expert. So the jury has two sets of conflicting expert opinion. What's needed is an expert cross examining the witnessing expert to reveal those misstatements, lies, distortions, and 'reduction in detail' that technical people use to make complex ideas understandable by executives, lawyers, judges, and their juries.
In my opinion, every research and investigative methodology, framework, etc. in used by an expert for Computer Forensics purposes and presented in Court, should be heavily scrutinized no matter how effective and successful it is when it comes to putting bad guys to jail. Of course we value the credibility and integrity of the Expert based on his track record, but as technology progresses things are getting easier to be digitally manipulated, even worst, "hacked".
Sunday, October 10, 2010
Thursday, July 29, 2010
Attackers can spoof the firewall and SBC into determining that the RTP stream is safe to relay. Passing the attacks through the RTP stream is called Vunneling. The alternative is to inspect the RTP packets which can slow down the transmission and distorts the voice.
The Salare solution , vPurity software, relies on a number of techniques to solve the Vunneling problem. Network Behavior Analysis (NBA) is employed by Salare. The passive NBA technique is well known for producing many false positive and false negative alerts. Salare's Active NBA virtually eliminates false positives. This is accomplished by introducing stimulus events and observing the reaction or non-reaction This provides accurate and precise recognition of the traffic types passing through the network.
The Salare technique inserts distortion in the packet that destroys embedded data and executable transmissions; this distortion is not perceptible by the listener. The insertion does not impact the quality of the voice conversation.
Complete article and links here:
Wednesday, April 7, 2010
"Mission Statement: To Promote Education, Research and Certification of Secure and Interoperable Identity in the Cloud
The Trusted Cloud Initiative will help cloud providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations, and practices. We well develop reference models, education, certification criteria and a cloud provider self-certification toolset in 2010. This will be developed in a vendor-neutral manner, inclusive of all CSA members and affiliates who wish to participate."Trusted Cloud focuses on the notion that eventually it will be us users and the industry itself, that will make the Cloud more secure and trustworthy. We need to start trusting the Cloud, we need to start educating users what to and what not to expect when they join the bandwagon of Cloud Computing, we need to reiterate to users that the Cloud is not the solution for the recession, and finally, we need to let them know that Cloud Computing services, may it be Software-as-a-Service (SaaS), Platform-as-A-Service (PaaS) and Infrastructure-as-a-Service (IaaS) is now a mature and capable platform that promotes business and IT objectives alignment. Trusting the Cloud is a win-win situation, but of course with a few caveats.
We just don't have the solid security framework yet to manage and implement effective IT controls. Which is what the guys at http://www.cloudaudit.org/ and http://cloudsecurityalliance.org/ is working on. It might be early, but I would like to thank these guys for driving the Cloud Computing community to the right path of security with a common sense in mind, and not completely reliant on well-known IT controls and "best practices" which does not really scale and apply well to Cloud Computing.