Digital forensics and hardware identification

| 0 comments

I thought I would sit down and begin a series of articles surrounding digital forensics with hardware identification being the lead in. The subject of forensics is one that I personally have not placed a great deal of effort and recently I took the Computer Hacking Forensic Investigator training from EC-Council. On day one, I knew I was hooked and it may not be for reason that you may suspect. I enjoy hacking from a white hat perspective and understanding the black hats is key to being successful. Ironically on day one of the training, I quickly learned that my …

Continue reading

They Live at DEFCON22

| 0 comments

Every year in August thousands upon thousands of people flock to Las Vegas, NV for the anual DEFCON conference. This is my second year attending and I knew once I attended DEFCON21 that I was forever hooked. I cannot begin to describe what the experience is like, because the experience is what you make of it. Last year, I had fun, but I did sit back and try to determine what I should and should not do. At the end of DEFCON21, I knew that I was going to jump head first into DEFCON22 and that is exactly what I …

Continue reading

Getting started with the Mark IV WiFi Pineapple

| 0 comments

The WiFi Pineapple is an amazing and fun piece of technology. To be honest, I purchased this technology late in 2013 and I never really sat down and played with it until recently. I sat down with my MacBook Pro and in no time at all I was frustrated that I was not able to get the Pineapple working properly. My issue was either I was successful at obtaining an external IP address, but I was not successful at accessing the Pineapple’s web interface of 172.16.42.1:1471 and it took a bit of research to find out the root cause. In …

Continue reading

Metagoofil makes metadata extraction easy

| 0 comments

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf, doc, xls, ppt, docx, pptx, xlsx) belonging to a given target or victim website. The tool will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information-gathering phase. Metadata serves five purposes: resource description; information retrieval; management of information; rights management, ownership and …

Continue reading

TrueCrypt goes dark

| 0 comments

Today was an interesting day in term of security within the encryption community. The developers of TrueCrypt have made the following statement: “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.” It is not clear exactly what is driving this decision and one can only guess at this point unless the development team comes out an conclusively comments on what the driving factor was. What makes this even more interesting, at least from my perspective, is the fact a security audit was just completed in April 2014. At that time, the phase 1 audit did not …

Continue reading

Security Live CD listing

| 0 comments

A live CD, live DVD, or live disc is a complete bootable computer installation including operating system which runs in a computer’s memory, rather than loading from a hard disk drive; the CD itself is read-only. It allows users to run an operating system for any purpose without installing it or making any changes to the computer’s configuration. Live CDs can run on a computer without secondary storage, such as a hard disk drive, or with a corrupted hard disk drive or file system, allowing data recovery. A live ISO is an ISO image of a Live CD which can …

Continue reading