Don Parker Blog

Don Parker is lead analyst, and technical trainer at Bridon Security & Training Services located in Ottawa, Ontario, Canada. He has worked for SANS in the capacity of Local Mentor for the Intrusion Detection In-Depth track, and has enjoyed speaking at various security conferences, as a guest speaker. Being a widely published author he continues to write for various online, and print media like Securityfocus, and SCMagazine in an effort to share knowledge. Don also does technical book editing for various publishers, and enjoys teaching various custom courses for clients. Rounding out his activites he volunteers his time to various local efforts.

Immunitysec’s SILICA

A good many of us who work in the computer security industry have heard of Dave Aitel. He is the CTO of Immunitysec and has also generously donated his time and skills to develop and release, for free, programs such as SPIKE proxy, Immunitydbg to name but a few. This brings me to the latest commercial product offering from Immunitysec, SILICA. SILICA is a pen-testing tool for Wi-Fi and Bluetooth, which leverages the Immunitysec flagship product CANVAS. SILICA comes in the nice form factor of a PDA. This is one of the features which makes SILICA rather attractive, its very small size. Instead of sitting in the hallway of a high rise office building with your laptop probing a clients Wi-Fi network, you can instead sit there with a small PDA looking rather innocuous. Anyhow, seeing is believing, so let’s take a look at some screen grabs.
First up we see below the SILICA start menu, which is pretty easy to figure out.

Next up is the list of preferences seen below which is fairly intuitive and does not really need explaining. Though if you need some feel free to drop me a line.

We see below what SILICA looks like while scanning.

Noted below is a list of AP’s that SILICA can associate to and then proceed to scan if so desired.

Lastly, we see what a SILICA report looks like

Anyhow, I don’t want to do "death by screenshot". My point is that SILICA can replace some other very expensive s/w programs which scan for AP’s and nothing more. SILICA will do that and also allow you to leverage CANVAS for a pen-test of them. I have several s/w programs

WiFi audits

Do any of you perform wireless audits, or pen-tests of them, as part of your work? Reason I ask is that I have done them in the past whilst using some high-end aka expensive Win32 tools. I am just in the middle of looking at another tool that is not Win32 based that I will blog about shortly. It seems quite nice, and takes the guesswork out of WiFi for those pen-testers/auditors who are not up to snuff on the technology,Technorati Tags: WiFi, Wifi, Pen-test, Audit and some of its weaknesses. Anyhow, I would be most interested to hear of any experiences some of you may have had.

Max Butler busted for hacking again

I remember the first time I read that Max Butler was busted for hacking. It struck me as incredibly stupid that someone who actually had spent time trying to get a reputation as a good hacker would get busted for illegal hacking. Well it would seem Max just hasn’t learned his lesson. He was busted yet again! This time however he is looking at spending a good chunk of his young life in prison. It really is a shame that he had to continue his petty larceny ways. Heck, even spammers make more money then Max did with his lame credit card site. Crime just doesn’t pay, and in this case, that is a fact.
Technorati Tags: Max Ray Butler, Credit card fraud, Hacking, Prison

Windows network security key

Well as we all know most every network is built and based around some version of Microsoft Windows. Securing these networks is the usual assortment of firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), content checkers and so on. What though in your opinion is the most underrated element of security in a Windows network? For my two cents worth I would say the judicious use of group policy objects(GPO). Much like using egress filtering on routers the use of GPO’s can be most beneficial. Much like egress filtering though GPO’s are often misunderstood or poorly applied. Your thoughts on this?
Technorati Tags: Group policy, Egress filtering, IDS, IPS

Posting of usernames and passwords?!?

Some of you may have heard of the hacker who posted 100 username and password pairs for sensitive government email accounts. What was his reasoning you ask? Well he did so to ensure that the affected governments improve their security of course. What an asinine comment. If you wanted to help them improve their security idiot stick then you should of emailed them. Posting login credentials on a website is not the way to go about it. If the hacker thought he was doing the world a favor he needs a harsh reality check. Were he in the United States he would likely be sitting in prison right now, and rightly so. Bottom line is this. If the government, private sector company, slash whatever, has horrible security practices then warn them about it. If it continues then so be it. Posting it online and the claim that you are helping them by forcing them to do something about it is quite simply put criminal, and you’re an idiot.
Technorati Tags: Dan Egerstad, Swedish hacker, Hacker

Your home lab

What is in your home computer lab? For myself I have gotten rid of a lot of old hardware and gone the way of VMware. Still some pieces though that I might pick up in the near future to flesh out my lab. Thing of it is though, is that my home time is already limited and I don’t know if realistically I should bother adding more h/w, in the form of Cisco routers/switches. Time is certainly at a premium. What about you guys though? Anything interesting in your lab, be it on a shoestring budget or other.
Technorati Tags: Computer lab, VMware, Cisco router, Switch

Chance to win a book!

Hey guys,
There will soon be an opportunity going up on WindowSecurity to win a copy of Windows Group Policy Guide. Make sure you check the site regularly, and best of luck!
Technorati Tags: Group policy, Book

Virtual realms and rootkits

It was only a matter of time before rootkits and other assorted malware became cognizant of running in VMware type environments. There has been a lot of research lately concerning this by various researchers. For those of you who see running a VMware image as a failsafe be aware, it isn’t. That said, it is a huge step forward in terms of security though one that is not widely deployed by corporate networks. Equally fun thought is performing reverse engineering on malware that has code built into it to detect its running in VMware. Any of guys looked at any such malware?
Technorati Tags: VMware, Rootkit, Reverse engineering

Becoming a contractor

It is always a very difficult decision to make; that of leaving a good full-time job to become a contractor. That is when you realize what a safety net it is working for someone else. That switch though can be done right with some proper planning. The one method that I would recommend is the following one. First off we will have to assume that you have a security clearance and the appropriate experience in computer security. With that said, apply to one of the agencies that staffs positions with the government or military. There are always vacancies that need to be filled. The trick is to get a one year contract or better if available. Having that first long term contract will allow you to save up a bankroll to see you through any lean times. Remember, contract work should pay you roughly 2.5 to 3 times what your normal full-time salary is.
Technorati Tags: Contracting, Security clearance

The virtues of virtualization

It seems that with that every passing year the virtualization market is growing. Many companies are waking up to the fact that running virtual servers makes good business sense. Though the same cannot be said of running VM images for end-users. That has yet to be adopted by mainstream corporate networks. Though I would wager it will gather steam in the next five years. Do any of you guys runs virtualized servers or workstations?
Technorati Tags: Virtual network, VMware, Server

Scroll to Top