So here is our updated list of articles, tutorials, and what not. # great tutorials and two articles for you all to dig into.
Using Transport Rules
Accepted Domains
Malware Delivery Techniques
Domain Name Change and Exchange 2010
MS Kills another botnet
All of the various findings, articles, videos, pictures, and other stuff I dig up on the web. Anything on this site was posted by me. Any opinion expressed here is only my own
2011/10/26
2011/10/21
New Metasploit
A community version was announce by Rapid7. THi sversion is going to be a bridge between the open source version and the full Pro edition.
announcement here
announcement here
2011/10/20
Ubuntu 11.10 articles
Well 11.10 has just been released, and How To Forge is already on top of the tutorials for the perfect Desktop or Server. Choose your lesson of choice from the ones I have found so far......
Perfect Desktop #1
ISP Config
Upgrade
Kubuntu Desktop
LAMP Server
Dig in and get that perfect configuration running on your hardware now!
Perfect Desktop #1
ISP Config
Upgrade
Kubuntu Desktop
LAMP Server
Dig in and get that perfect configuration running on your hardware now!
2011/10/14
Thank you Dennis Ritchie
Another truly great and innovative mind has left us for the great computer lab in the sky. Dennis Ritchie you will be missed and your contributions to computing will never be forgotten. Thank you from all of us!
Message from Rob Pike
Message from Rob Pike
2011/10/03
Learning articles for the month
So here is the October round of articles and tutorials to check out for the next month. Again, these are just the ones that peak my interest, so by all means please go to the original site and look through all of the great articles they have.
Strategies for Monitoring Failover Clusters
Advanced Group Policy Management (Part 4)
Single Item Recovery (Part 2)
Deploying Lync Server 2010 (Part 3)
Monitoring Exchange 2007 / 2010 with Powershell (Part 3
Enabling Forms-based Authentication for OWA published using Forefront TMG 2010 (Part 3)
Configuring Web Proxy Automatic Discovery in Forefront Threat Management Gateway 2010
Windows Security Tools
Eight Things You Can Do Today to Improve Security on Your Microsoft Network
Data Leakage Prevention
Troubleshooting Event Log Entries
Back to basics
Getting Started with ESXi 5
Strategies for Monitoring Failover Clusters
Advanced Group Policy Management (Part 4)
Single Item Recovery (Part 2)
Deploying Lync Server 2010 (Part 3)
Monitoring Exchange 2007 / 2010 with Powershell (Part 3
Enabling Forms-based Authentication for OWA published using Forefront TMG 2010 (Part 3)
Configuring Web Proxy Automatic Discovery in Forefront Threat Management Gateway 2010
Windows Security Tools
Eight Things You Can Do Today to Improve Security on Your Microsoft Network
Data Leakage Prevention
Troubleshooting Event Log Entries
Back to basics
Getting Started with ESXi 5
Holy Crap...... Android Exploits.......
So I received the link to this article from a guy i work with, and this scared the living *&^% out of me. Basically any app that asks for "Internet permissions" on your HTC phone, can basically grab whatever it wants from the logging application that HTC included in their android phones.
immediately right after this, a co-worker responds with this link about Trojan'ed QR codes.Then someone added this link tot he email thread started, and .......
mobile security is still in its infancy, but Google and the Mobile device manufacturers do not need to take us back to the security levels of pre-2000.
A lock screen timing out, and you can circumvent the password? That is just a little short of ridiculous.
immediately right after this, a co-worker responds with this link about Trojan'ed QR codes.Then someone added this link tot he email thread started, and .......
mobile security is still in its infancy, but Google and the Mobile device manufacturers do not need to take us back to the security levels of pre-2000.
A lock screen timing out, and you can circumvent the password? That is just a little short of ridiculous.
2011/09/29
OS fingerprinting with Packets
This article goes into how to passively fingerprint a machine or device to determine what OS the machine or device is running.
2011/09/27
New Whitepapers #3
some more white papers from Source Forge for you to check out.
You must register to get these whitepapers.
Maximizing Configuration Management IT Security Benefits with Puppet
Real-time Protection for Hyper-V
Data Growth and Protection
Physical Security in Mission Critical Facilities
AES New Instructions
You must register to get these whitepapers.
Maximizing Configuration Management IT Security Benefits with Puppet
Real-time Protection for Hyper-V
Data Growth and Protection
Physical Security in Mission Critical Facilities
AES New Instructions
2011/09/24
Quick Look at Forefront Protection for Exchange
A quick overview of the advantages and features with using Forefront protection for your Exchange servers.
2011/09/23
More SSL Issues
So it seems the high amount of SSL news will continue through this whole week. Starting off with DigiNotar filing for bankruptcy after their recent compromise. Especially when word was released that over 200 certificates were issued during the compromise.
Then we find out that researchers have discovered A vulnerability resides in versions 1.0 and earlier of TLS. Their new tool, BEAST, is going to be released at the Ekoparty Security Conference. Our intrepid researchers say they've figured out a way to defeat SSL by breaking the underlying encryption it uses:
Much going on in the SSL/TLS world still........
Then we find out that researchers have discovered A vulnerability resides in versions 1.0 and earlier of TLS. Their new tool, BEAST, is going to be released at the Ekoparty Security Conference. Our intrepid researchers say they've figured out a way to defeat SSL by breaking the underlying encryption it uses:
“While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests.”This is also being discussed on the ISC Diary and other places, as there is some debate on whether or not this type of attack was discussed already in an earlier paper. Google has already included a work around in the developer version of Chrome, but i don't think there has been word on when the fix/ work around will be introduced in the consumer version of the browser.
Much going on in the SSL/TLS world still........
Want to play with malware...........?
Here is an article to get you started with your own malware lab.
2011/09/21
2011/09/20
Domain Security in Exchange 2010
The first article in a series going over domain security in the newer version of Exchange.
2011/09/19
2011/09/18
a couple of articles for you this time.....
2011/09/13
2011/09/12
CISSP Exams
I have been studying for the CISSP exam this past month and this past Saturday finally sat down for the exam. Practice exams became a big part of my study curriculum towards the end there, and here is one of the free ones I found online.
Good Luck to any who might pursue this Certification!
2011/09/11
Kill malware with SysInternals
First article in a two part series going over how to kill malware on your windows machine using the sysInternals tools from Microsoft.
2011/09/10
2011/09/09
For the Gamers out there.........
here is a weekend ready post for you just in case you needed something to do this weekend.....
Reset Glitch Hack
From their Blog/wiki website. seems like quite an effort to go through for this.....
"""
We found that by sending a tiny reset pulse to the processor while it is slowed down does not reset it but instead changes the way the code runs, it seems it's very efficient at making bootloaders memcmp functions always return "no differences". memcmp is often used to check the next bootloader SHA hash against a stored one, allowing it to run if they are the same. So we can put a bootloader that would fail hash check in NAND, glitch the previous one and that bootloader will run, allowing almost any code to run.
"""
Reset Glitch Hack
From their Blog/wiki website. seems like quite an effort to go through for this.....
"""
We found that by sending a tiny reset pulse to the processor while it is slowed down does not reset it but instead changes the way the code runs, it seems it's very efficient at making bootloaders memcmp functions always return "no differences". memcmp is often used to check the next bootloader SHA hash against a stored one, allowing it to run if they are the same. So we can put a bootloader that would fail hash check in NAND, glitch the previous one and that bootloader will run, allowing almost any code to run.
"""
2011/09/08
Android apps for Network Admins
Yes, there is an app for that now. Why you would allow your mobile devices on your internal network, is still beyond me, but if you do, here are some apps you could use.....
15 Android Apps for Network Admins
15 Android Apps for Network Admins
2011/09/06
need to update once again.............
This is just a quick reminder to everyone in the wide internet world, that the recent CA getting hacked has resulted in over 500 invalid certificates being issued for very popular websites. Updates for various products are being released today and in the past few days, please make sure to update your OS, your browser, and any other application that can go on the internet.
TOR announcement of compromised certificates
This is the complete list of domains compromised.
2011/09/05
New Whitepapers #2
Take Steps Now to Safeguard Print Devices and Printed Data
Future-Proofing Your Authentication Infrastructure
7 Criteria for Evaluating Securityas-a-Service Solutions
The Art of Teleworking
Countering modern threats requires hunting intruders
Put Together a Data Protection Plan
S e l e c t i n g a F i l e A c t i v i t y Mo n i t o r i n g S o l u t i o n
Future-Proofing Your Authentication Infrastructure
7 Criteria for Evaluating Securityas-a-Service Solutions
The Art of Teleworking
Countering modern threats requires hunting intruders
Put Together a Data Protection Plan
S e l e c t i n g a F i l e A c t i v i t y Mo n i t o r i n g S o l u t i o n
2011/09/03
2011/09/02
MIT Researchers Craft Wireless Defense Against MITM
Not so sure about this, but glad they are looking at it.
MIT Researchers Craft Wireless Defense Against MITM
MIT Researchers Craft Wireless Defense Against MITM
5 Features of vSphere 5 That You Should Care About
5 Features of vSphere 5 That You Should Care About
Pretty cool. I know they had talked about doing this awhile ago, but this is nice to finally see.
"With vSphere 5 auto-deploy, you can provision new ESXi hosts amazingly fast. With this new method, the physical server boots over the network using PXE/gPXE, contacts the auto-deploy server, and loads ESXi into memory. Then, the auto-deploy server works with the vCenter server to get the new ESXi host properly configured (according to host profiles and new vSphere 5 answer files).With auto-deploy in vSphere 5, you can deploy tens or hundreds of ESXi servers faster than ever before possible. For more information, watch this presentation on vSphere 5 auto-deploy."
Pretty cool. I know they had talked about doing this awhile ago, but this is nice to finally see.
"With vSphere 5 auto-deploy, you can provision new ESXi hosts amazingly fast. With this new method, the physical server boots over the network using PXE/gPXE, contacts the auto-deploy server, and loads ESXi into memory. Then, the auto-deploy server works with the vCenter server to get the new ESXi host properly configured (according to host profiles and new vSphere 5 answer files).With auto-deploy in vSphere 5, you can deploy tens or hundreds of ESXi servers faster than ever before possible. For more information, watch this presentation on vSphere 5 auto-deploy."
Windows GPO Management Part II
Ccontinuing our tutorial on Change Control Management for Windows GPO Objects
2011/09/01
New Juniper Books
Here are a couple of new Networking Books that have been released for you all to check out.......
Developing Basic QoS
Mobile Security for Dummies
QoS Enabled Networks
Developing Basic QoS
Mobile Security for Dummies
QoS Enabled Networks
Google as DoS tool
Google as DoS tool
can you imagine this? harnessing all of the bandwidth that Google has to literally punish a server? This guy doesn't go that far, but he most certainly brought his server to its knees.
can you imagine this? harnessing all of the bandwidth that Google has to literally punish a server? This guy doesn't go that far, but he most certainly brought his server to its knees.
New Tool! (New HTTPD DoS tool)
Slowhttptest is sending partial HTTP requests, trying to get a denial of service from the target HTTP server.
This tool actively tests if it's possible to acquire enough resources on an HTTP server by slowing down requests to get denial of service at the application layer.
This tool actively tests if it's possible to acquire enough resources on an HTTP server by slowing down requests to get denial of service at the application layer.
2011/08/31
More Fake Certificates
New Whitepaper #1: Musings on the PSN Attack Vector
New whitepaper available if you want to provide your information.
this one is on the Sony PSN attacks.
Here are the power point slides from the presentation.
this one is on the Sony PSN attacks.
Here are the power point slides from the presentation.
Windows GPO Management
So this begins a discussion of how to manage change control on your Windows GPO elements. These tutorials and tricks do require a few extra MS products, but are still worth reading, even if you do not have these tools.
Stay tuned for upcoming posts with more tutorials in this series.
2011 Federal Cybersecurity Conference and Workshop
The 2011 Federal Cybersecurity Conference and Workshop is a National Cyber Security Awareness Month event that will examine these challenges from a variety of perspectives, and aligns with the Month’s theme of “Cybersecurity: Our Shared Responsibility.” The conference is supported by an advisory council of representatives from National Institute of Standards and Technology (NIST), National Security Agency (NSA), Department of Defense (DoD), the Intelligence Community (IC), and various Industry partners.
Read more here.....
Read more here.....
2011/08/29
2011/08/27
2011/08/25
Killer Apache Update
There is an official announcement now......
announcement
---------------------------------------------------
almost sounds like a monster movie, and for some of us it could be a real monster soon....
announcement
---------------------------------------------------
almost sounds like a monster movie, and for some of us it could be a real monster soon....
Your Router is out to Get You.....!!!
So I have seen people playing with this for some time, but it looks as if the stakes have been raised a little bit now.
So for those who don't know:
"UPnP, or universal plug and play, is a handy feature that lets devices on your network self-configure on a network, but it’s also a security hazard. A Trojan horse or virus on a computer inside your network could use UPnP to open a hole in your router’s firewall to let outsiders in."
Home Router Security Tips
Andy Garcia has written up a little tool that can demonstrate this problem. Attackers can redirect your traffic, reconfigure your router, and scan your internal network. .....And this is because the WAN port accepts UPnP commands? WTF! Why can't vendors turn stuff like this off on default, since most people don't use it or really even know what it does.
Ugggh!
So for those who don't know:
"UPnP, or universal plug and play, is a handy feature that lets devices on your network self-configure on a network, but it’s also a security hazard. A Trojan horse or virus on a computer inside your network could use UPnP to open a hole in your router’s firewall to let outsiders in."
Home Router Security Tips
Andy Garcia has written up a little tool that can demonstrate this problem. Attackers can redirect your traffic, reconfigure your router, and scan your internal network. .....And this is because the WAN port accepts UPnP commands? WTF! Why can't vendors turn stuff like this off on default, since most people don't use it or really even know what it does.
Ugggh!
Killer Apache Perl Script
almost sounds like a monster movie, and for some of us it could be a real monster soon....
Apache Killer
For any who might be worried, there has been a functional workaround published on the Full Disclosure website.
Apache Killer
For any who might be worried, there has been a functional workaround published on the Full Disclosure website.
Microsoft Announces Collaboration With CS2C in China
MS announcement
So Microsoft announced a formal agreement to work with one of the largest Linux firms in China. Interesting......
It was announced that it was for cloud services offerings in China, but I am sure it is also tied into the many agreements forged recently that has various vendors pay Microsoft patent royalties on the Linux implementations.
“While cloud computing promises to move computing to the next level, a critical challenge that many organizations face is rationalizing diverse technologies and different platforms,” said Lu Shouqun, chairman of China OpenSource Promotion Union. “The commitment between Microsoft and CS2C to provide mixed source solutions will not only allow the co-existence of different operation platforms in the cloud environment, but also enhance choice for customers.”
So Microsoft announced a formal agreement to work with one of the largest Linux firms in China. Interesting......
It was announced that it was for cloud services offerings in China, but I am sure it is also tied into the many agreements forged recently that has various vendors pay Microsoft patent royalties on the Linux implementations.
“While cloud computing promises to move computing to the next level, a critical challenge that many organizations face is rationalizing diverse technologies and different platforms,” said Lu Shouqun, chairman of China OpenSource Promotion Union. “The commitment between Microsoft and CS2C to provide mixed source solutions will not only allow the co-existence of different operation platforms in the cloud environment, but also enhance choice for customers.”
2011/03/15
2011/03/08
New Look......
Today, rolled out the new look for the blog, which is using the new (at least to me.) Blogger template designer. Really easy to do, and only takes a few minutes to drastically improve the look and feel of your blog.
2011/03/03
QMail Scanner with AV & Spam Assassin
Saw this article on How To Forge, and figured i would share and pass along.
QMail scanner with clamav and spamassassin
How To Forge is a great website for those needing information on how to install, configure, administer, learn about different Linux distros. Generally they have a specific section for each service, and they have tailored articles for the specific distribution you are using.
QMail scanner with clamav and spamassassin
How To Forge is a great website for those needing information on how to install, configure, administer, learn about different Linux distros. Generally they have a specific section for each service, and they have tailored articles for the specific distribution you are using.
2011/02/24
Some Power Shell Tricks
Some quick links that a colleague from work gave me.
PowerGui
AD CMdlets
There are extra pieces that must be installed for Exchange and VMWare. It will tell you what is required during the install.
Subscribe to:
Posts (Atom)