http://www.digininja.org/rss.xml Security and general IT tools and tips en-gb Copyright DigiNinja 2012-05-17T11:25:53+01:00 DigiNinja IT Security http://www.digininja.org/projects/breaking_in_part_2.php The second part of my write up of the conclusions I've taken from my Breaking In data. This part looks at the qualitative answers given which give some meaning behind some of the stats. http://www.digininja.org/projects/breaking_in_part_2.php http://www.digininja.org/projects/breaking_in_part_1.php This post, along with part two coming soon, is an accompaniment to my BSides slides and the raw data which I published the other day. Here I try to summarise the results and add my commentry to them. http://www.digininja.org/projects/breaking_in_part_1.php http://www.digininja.org/projects/breaking_in_bsides.php At BSides London I presented the findings from the Breaking in to Security survey, here are my slides and a link to the data collected so far. http://www.digininja.org/projects/breaking_in_bsides.php http://www.digininja.org/projects/breaking_in_interim.php Seeing as I had over 200 responses to the "Breaking In" survey in just 5 days I've plucked out a couple of interesting stats from the responses and posted them to whet your appitite. http://www.digininja.org/projects/breaking_in_interim.php http://www.digininja.org/blog/owasp_leeds.php The story of how I analysed a new IP web camera and found how it automatically tried to punch a hole through my firewall and register itself with dynamic DNS server to tell the world it was there. The slides also contain a bonus talk covering my blog post and project on 'Whats in Amazon's buckets' http://www.digininja.org/blog/owasp_leeds.php http://www.digininja.org/projects/breaking_in_1.php This is my attempt to collect enough data to be able to answer the eternal question, 'How do I get started in Information Security?'. I've put together a questionnaire which I'll summarize the answers from and hopefully present at conferences and also summarise here on the site. http://www.digininja.org/projects/breaking_in_1.php http://www.digininja.org/projects/zonetransferme.php Ever found yourself in a position where you have to teach or explain DNS zone transfers but not had a domain to run the transfer on? This domain is set up to allow transfers and contains plenty of information to work with. I've also explained how I would interpret the information. http://www.digininja.org/projects/zonetransferme.php http://www.digininja.org/projects/pipal.php Pipal analyses a cracked password list to help analysts spot patterns. Stats are generated on everything from the different lenghts to the character types to the words that other words are based on. http://www.digininja.org/projects/pipal.php http://www.digininja.org/blog/check_ctl.php A write up on my experiences taking, and passing, the CHECK Team Leader Web App Exam http://www.digininja.org/blog/check_ctl.php http://www.digininja.org/blog/burp_intruder_types.php Burp Intruder has four different attack modes, this post shows the differences between those four modes. http://www.digininja.org/blog/burp_intruder_types.php http://www.digininja.org/blog/compress_filter_avoidance.php Using decompression to avoid filters - Decompressing data to get it past filters such as IDS. http://www.digininja.org/blog/compress_filter_avoidance.php http://www.digininja.org/projects/fdb.php File Disclosure Browser, an application to parse files such as .DS_Store to reveal otherwise unlinked files on web sites. http://www.digininja.org/projects/fdb.php http://www.digininja.org/projects/cewl.php An upgrade to Ruby version 1.9 and fixes to work with Back Track 5. http://www.digininja.org/projects/cewl.php http://www.digininja.org/projects/wifi_honey.php Automation of setting up a bunch of APs and airodump-ng to work out what encryption a client is probing for. http://www.digininja.org/projects/wifi_honey.php http://www.digininja.org/blog/analysing_mobile_me.php Analysis of the content I found when trawling Mobile Me accounts looking for public information. http://www.digininja.org/blog/analysing_mobile_me.php http://www.digininja.org/blog/mobile_me_madness.php A brief description of how Mobile Me allows access to its file listings and how to interpret them. http://www.digininja.org/blog/mobile_me_madness.php http://www.digininja.org/projects/me_finder.php This tool will brute force user accounts with Mobile Me and then enumerate files associated with any public accounts found. http://www.digininja.org/projects/me_finder.php http://www.digininja.org/blog/analysing_amazons_buckets.php Analysis of the content I found when trawling Amazon's buckets looking for public information. http://www.digininja.org/blog/analysing_amazons_buckets.php http://www.digininja.org/blog/whats_in_amazons_buckets.php The description of how I wrote a tool to brute force bucket names from the Amazon S3 system and then take it a step further. http://www.digininja.org/blog/whats_in_amazons_buckets.php http://www.digininja.org/projects/bucket_finder.php This tool will brute force bucket names from Amazon's S3 system and then enumerate files associated with any public buckets found. http://www.digininja.org/projects/bucket_finder.php http://www.digininja.org/blog/tomcat_laundanum.php Going to WAR on Tomcat with Laundanum - A short how to on using Laundanum to attack Tomcat servers and how to setup a lab to try it at home. http://www.digininja.org/blog/tomcat_laundanum.php http://www.digininja.org/projects/gpscan.php Google Profile scraping can be used a part of recon work to gather staff lists, this script automates that process http://www.digininja.org/projects/gpscan.php http://www.digininja.org/blog/cleartext_creds.php A little trick to extract stored FTP details by setting up a fake server then capturing the clear text. http://www.digininja.org/blog/cleartext_creds.php http://www.digininja.org/blog/double_tunnel.php Double tunnels to help a colleague in distress - Setting up SSH tunnels to allow external access to an internal network. http://www.digininja.org/blog/double_tunnel.php http://www.digininja.org/blog/tiger_ctm.php Tiger Scheme Check Team Member Exam - A review of the Check Team Member exam. http://www.digininja.org/blog/tiger_ctm.php http://www.digininja.org/metasploit/getwlanprofiles.php A Meterpreter script to download wireless profiles from Windows 7 and Vista boxes. http://www.digininja.org/metasploit/getwlanprofiles.php http://www.digininja.org/projects/counter.php A short script to do frequency analysis on lines in a file, specifically designed for password reuse analysis. http://www.digininja.org/projects/counter.php http://www.digininja.org/blog/when_all_you_can_do_is_read.php A look at what files are good to try to read when all you have is read only access to a machine, i.e. no directory listing ability. http://www.digininja.org/blog/when_all_you_can_do_is_read.php http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php Running a Nessus scan through a Meterpreter pivot using a SOCKS4 Proxy. http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php http://www.digininja.org/projects/rsyaba.php A modular brute force tool currently supporting HTTP(S), MySQL and SSH. Written in Ruby and designed to be easily extendable by using off the shelf protocol libraries. http://www.digininja.org/projects/rsyaba.php http://www.digininja.org/blog/http_banner_grab_dir.php HTTP Banner grabbing beyond the root, where do you do your web banner grabbing? http://www.digininja.org/blog/http_banner_grab_dir.php http://www.digininja.org/blog/pages_linux.php Viewing Pages documents in Linux - A short shell script to display a document created in Pages in Linux http://www.digininja.org/blog/pages_linux.php http://www.digininja.org/blog/pocket_trojan.php The Trojan in your pocket - Do you know what your phone is doing? http://www.digininja.org/blog/pocket_trojan.php http://www.digininja.org/projects/rsmangler.php A custom wordlist generator that creates permutations of all the input words as well as just manipulating them individually http://www.digininja.org/projects/rsmangler.php http://www.digininja.org/metasploit/mssql_idf.php A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases. http://www.digininja.org/metasploit/mssql_idf.php http://www.digininja.org/blog/finding_interesting_db_data.php Automating looking through MSSQL databases to find interesting sounding column names. Once found automating pulling back some sample data to give a feel as to whether it is worth investigating. http://www.digininja.org/blog/finding_interesting_db_data.php http://www.digininja.org/blog/ultrasound.php This scan result beats any I've seen from Nessus, Nikto or Nmap. I'm going to be a daddy! http://www.digininja.org/blog/ultrasound.php http://www.digininja.org/karma/index.php Karma was originally written for Madwifi and I then updated it to work with Madwifi-ng. This update adds the same functionality to hostapd. http://www.digininja.org/karma/index.php http://www.digininja.org/metasploit/dns_dhcp.php My DHCP and DNS Metasploit attack modules, now fixed up to work with Ruby 1.9.x http://www.digininja.org/metasploit/dns_dhcp.php http://www.digininja.org/projects/nexcser.php Converts Nessus v2 reports to various CSV files to help with reporting and continued scanning. http://www.digininja.org/projects/nexcser.php http://www.digininja.org/blog/giskismet_ignore_gps.php A patch to GISKismet so it will import Kismet data which doesn't include GPS positions. http://www.digininja.org/blog/giskismet_ignore_gps.php http://www.digininja.org/metasploit/session_created.php Now with added verbosity, reads IP address and port of connecting clients. http://www.digininja.org/metasploit/session_created.php http://www.digininja.org/metasploit/dns_dhcp_beta.php I've updated these to run with the latest version of Metasploit. http://www.digininja.org/metasploit/dns_dhcp_beta.php http://www.digininja.org/projects/ossec_kismet_rules.php Handle alerts generated by Kismet Newcore in OSSEC. http://www.digininja.org/projects/ossec_kismet_rules.php http://www.digininja.org/projects/ossec_rule_converter.php Save the effort of having to keep an XML file up-to-date and create your rules in a spreadsheet then convert to XML with my app. http://www.digininja.org/projects/ossec_rule_converter.php http://www.digininja.org/blog/door.php I really want to know what is behind this door. http://www.digininja.org/blog/door.php http://www.digininja.org/metasploit/session_created.php A patch for Metasploit to have it play a wav file telling you a new session has been created. Similar to the Core 'Agent Deployed'. http://www.digininja.org/metasploit/session_created.php http://www.digininja.org/blog/password_experiment.php A write up of an experiment where I asked a class to give me their passwords. http://www.digininja.org/blog/password_experiment.php http://www.digininja.org/projects/cewl.php Now with JS redirect checking and a bug fix for an issue I found in the ruby spider gem http://www.digininja.org/projects/cewl.php http://www.digininja.org/projects/calc_ip_range.php Given a IP address calculate the top and bottom of its available subnet range http://www.digininja.org/projects/calc_ip_range.php http://www.digininja.org/blog/secvidofday.php What is #secvidofday and why am I doing it? http://www.digininja.org/blog/secvidofday.php http://www.digininja.org/blog/ap_collection.php I'm going to be doing some AP testing and this is a small part of the collection. http://www.digininja.org/blog/ap_collection.php http://www.digininja.org/kreiosc2/ KreiosC2 can now channel data over TinyURL and JPEG as well as the original Twitter. http://www.digininja.org/kreiosc2/ http://www.digininja.org/blog/pentester_scripting.php How I got involved in yet another new project, this time the PenTester Scripting community wiki http://www.digininja.org/blog/pentester_scripting.php http://www.digininja.org/metasploit/dns_dhcp_beta.php Two new beta Metasploit modules, one for DNS MiTM and one for DHCP Exhaustion attacks http://www.digininja.org/metasploit/dns_dhcp_beta.php http://www.digininja.org/blog/microsd.php This Micro SD reader is so small it is only just larger than the USB connector it is built on http://www.digininja.org/blog/microsd.php http://www.digininja.org/projects/kreiosc2.php#download Split KreiosC2 commands over multiple tweets, a very simple example language http://www.digininja.org/projects/kreiosc2.php#download http://www.digininja.org/blog.php Do you know what the VM or live CD you have just downloaded really contains and if you don't, how do you find out? http://www.digininja.org/blog.php http://www.digininja.org/ Launching KreiosC2, version 2 of Twitterbot with new name and new dynamic language options http://www.digininja.org/ http://www.digininja.org/ I've finally got round to styling the new site http://www.digininja.org/