It never fails that someone asks how they can spoof their IP address as they want to make sure they are totally anonymous on the Internet. Well fallacy number one is that you have any privacy at all on the Internet, and secondly that spoofing a TCP/IP connection is really rather limited in scope. Basic TCP/IP principles dictate that to complete the three way TCP/IP handshake then the orginator of the connection must be there to receive the returning stimulus ie: SYN/ACK. If you are spoofing someone's IP address then guess who is going to get the SYN/ACK? It will be them, and not you. I also had the same vision of what IP spoofing was all about until I stopped wasting my time with such idea's and started studying networking principles.
It is strange how complex networking really is. It never ceases to amaze me how programmers turn their noses up at anything that is not programming related. Funny thing is though when you ask a programmer how networking actually works you will rarely if ever get a correct answer. The topic of networking is far more complex then first thought. As they say "still waters run deep". Any of you guys have a favourite networking story to pass on?
For those of you who do reverse engineering or system forensics for that matter it would be advisable to get acquainted with the PE Header layout. Contained in this header is some key information which can be useful in certain cases. Some neat tools that will also help you in that regard are the ones offered by www.heaventools.com There is also some, for once, nicely written documentation from Microsoft on the PE Header format, which you can view if you have an MSDN account. Any of you guys done some work/research on the PE Header???
There will be the second iteration of the REcon 2006 conference this Jun 16-18 in Montreal, Quebec. This was a really good conference last year I was told, and I decided to attend it this year. Quite a few good speakers will be there, and they have the now "de rigeur" training tracks available both before and after the con dates. Should be a good time, and I hope to catch up with some friends who will also be attending. Just playing with a tool right now that will help you do some rev eng. I will post more on it a little later on.
It really was one of those classic moments of true inspiration for me. A couple of colleagues of mine who are programmers were chewing the fat with me when one of them said that his bike ride to work was too short. It was only fifteen minutes or so for him to pedal in to work. Hmmmmmm, that was when inspiration struck me….. "seen as you are a programmer why don't you just go into a loop?" I said as I began to crack up laughing. He really did me in when he took the joke and ran with it by saying "oh my God! I am stuck in the look I forgot the conditional!". Mwuahahahahahahahha. You really had to be there I suppose, but it really was quite funny.
For immediate release
Acunetix Web Site Security Centre Exposes Web Site Hacking
New information center offers advice on how to prevent SQL injection, Cross Site scripting, Google hacking and other web application attacks
London, UK – April 19, 2006 – Acunetix has launched the Acunetix Web Site Security Center, a comprehensive web site security information center that educates visitors on the latest and most threatening web application hacking techniques. The new information center is hosted at http://www.acunetix.com/websitesecurity/ and is frequently updated with current information concerning new hacking techniques.
There is a site survey up on WindowSecurity.com now that is hoping to get some valuable input from you. Please take the minute or so to fill it out. As the saying goes, "help us, help you". Getting some constructive criticism back from you would be great, and help us better the site. Also, don't forget to take the opportunity to say what you would like to see more of on the site. We are looking forward to your input!
Most everyone dreams of being their own boss one day. In the security world you very much have that option available to you. Problem is though to be a full time consultant you realistically need a regular client base. If not then you are back to the old consultant adage "feast or famine". While that may be alright for a single person if you have kids and a house you may not be willing to take the plunge. Can't say I blame you really as it can be a very daunting step to take.
Have any of you taken the plunge and gone from a good job to the volatile world of the consultant? The money can be very good as a consultant, but then again you have a lot more expenses to pay for as well. I have had some people blink twice when I give them my per diem. Heh, after I explain to them the expenses I have to pay for my per diem does not seem so big suddenly. Any of guys got some stories to share?
It is always the nightmare scenario ie: disk failure! It really sucks when your hard drive cannot be accessed anymore. All of those files that you only wished you had backed up. Well that very thought crossed my mind a while back and almost happened to me. I rebooted my computer a couple of years ago, and nothing happened. Well long story short I was able to get my computer fixed and my data was intact.
With that close call in mind I decided that I really had to start backing up client work that I was doing, and other miscellaneous documentation regarding my contract work. I did this back then with some USB sticks, but last year bought a 160 GB NAS and have been quite happy with it. Though I still have a backup to my backup on my USB sticks it is nice to have peace of mind. I know my clients couldn't care less about my computer problems they just want their work done. With backups close by that is no longer an issue. Any of guys go that route?
Well having pen-tests performed against your network is now an accepted common practice. These can range from the fairly simple to rather complex. It all depends on the outbound facing services, and any backend databases that may be there as well. Not to mention the vagaries of the website itself. Unlike a malicious hacker I can without reservation use something like Nessus or Nikto as I have been legally retained to do the pen-test. Using one of these tools is akin to marching into church with a brass band ie: very, very noisy.
On the other hand I have also done what is less known; the internal pen-test. This is where as you would likely guess are performing a pen-test of the internal network. I would actually be on the inside of the network in the building itself to see what weaknesses can be exploited. Having such a test done is crucial as disenfranchised employees can wreak havok if your internal network is not hardened. Hmmmmmm, not a bad idea to write about actually. Do any of you have some thoughts on internal vs. external pen-tests???