Security via obfuscation: MAC Address

| 0 comments

Every network interface card has a unique 48 bit identifier known as a MAC address. This address is burned into the EEPROM on the card, and often is used by networking equipment to track users as they come and go, frequently associating MAC address to a hotel, credit card, credentials, and so on. In fact, even most consumer gear will record the MAC addresses of all computers that have ever issued DHCP requests to them, and these logs usually cannot be purged. When you combine this with the fact that most Cable/DSL service providers will also record your MAC address and bind it to your account, and the fact that some of them don’t even seem to wait for a court order to turn your info over, it becomes apparent that your MAC address essentially is your identify, but I of course disagree with this! One particularly useful hack is to change your MAC address. This can be useful if you want to make it a bit more difficult to track your device down. Thus, changing your MAC address is highly desirable for a number of reasons. If you curious about finding the manufacturer and location of a given MAC …

Continue reading

Intelligence and Security Professional Certification

| 0 comments

Next month I embark upon my journey with the Center for Governmental Services at Auburn University to obtain intelligence analytic trade-craft skills essential for analysts in today’s operational environments. My goal is to develop skills in the handling and analysis of locally generated information, intelligence as related to homeland security, and classified and unclassified intelligence generated from the various intelligence communities. This study should prove to be very informative and educational to say the least. The fact that the faculty are former senior intelligence officers and managers from the CIA, DIA, NRO, NSA, State/INR, NGA, ODNI, Military Service intelligence components, and Capitol Hill says it all. If I am going to learn anything, then it makes sense to learn from those who have walked the path. The coursework includes the following subject matter: Introduction to U.S. Intelligence Intelligence For Policy Makers Risk Awareness Intelligence Operational Intelligence Intelligence Budget Process Cyber: Corporate Risk & Responsibility Intelligence Collection Analyst Training: Writing, Analysis, and Preparing Briefings National Security Policy Process History of U.S. Intelligence Homeland Security Intelligence Counter Terrorism: Actionable Intelligence Intelligence and the Law

Cracking MD5 using Hashcat

| 0 comments

If you are not familiar with Hashcat then you are in luck. Before I get started, Wikipedia states Hashcat is the self-proclaimed world’s fastest CPU-based password recovery tool. It is available free of charge, although it has a proprietary codebase. Versions are available for Linux, OSX, and Windows and can come in CPU-based or GPU-based variants. Hashcat currently supports a large range of hashing algorithms, including: Microsoft LM Hashes, MD4, MD5, SHA-family, Unix Crypt formats, MySQL, Cisco PIX, and many others. The MD5 message-digest algorithm is a cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity. Unfortunately many organizations use MD5 to hash customer’s passwords, which of course is not the correct way to protect a password, as you will gather as you work more with Hashcat. If you doubt this fact, then jump over to Have I been pwned and read about the organizations that were using MD5. If you are looking to encrypt a password or other sensitive data, be sure to read What can we learn …

Continue reading

Digital forensics and hardware identification

| 0 comments

I thought I would sit down and begin a series of articles surrounding digital forensics with hardware identification being the lead in. The subject of forensics is one that I personally have not placed a great deal of effort and recently I took the Computer Hacking Forensic Investigator training from EC-Council. On day one, I knew I was hooked and it may not be for reason that you may suspect. I enjoy hacking from a white hat perspective and understanding the black hats is key to being successful. Ironically on day one of the training, I quickly learned that my knowledge and skills were very quickly put to use in the area of forensics. In fact, the more I think about this, the more sense it makes. We all can learn the legal process, which includes process, paperwork, documentation and etc., but I believe the forensics investigator would perform much better with a solid understanding of programming, hardware, network security, and so much more. The Tools I am not going to get into the process of forensics itself, rather I want to cover tools, particularly on the Linux platform. For example, on my trusty MacBook Pro I go to “About …

Continue reading

Rip DEFCON videos from YouTube

| 0 comments

Have you never attended DEFCON and want to watch hours upon hours of conference talks? You could always go the the DEFCON YouTube playlist and click your way around the hundreds of videos or you could download the videos. You could go search for a addon or extension for your favorite browser or search the myriad of software options. Downloading videos from YouTube can be simple, complex, free, or costly depending upon your experience, time, and resources. Years ago, I purchased a MacBook Pro and I also started learning more about Linux distributions such as Kali and Ubuntu. Moving away from Microsoft Windows as my personal daily operating system has made all the difference in the world, at least in my case it has. Of course, if you are happy to shell out your cash for software that performs basic tasks then Linux may not be for you. On the other hand, if you want more control and capability to address a particular circumstance then I am positive you will not regret the move to Linux. The one thing that I would recommend once you make the decision to move to Linux is to learn Python. I recall years ago …

Continue reading