Building an InfoSec RedTeam from Dan Catalin VASILE
Change MAC address in iOS for iPhone/iPad
In older versions it used to be as easy as: # ifconfig en0 ether xx:xx:xx:xx:xx:xx For iOS versions >5 you have to resort to nvram: # nvram wifiaddr=xx:xx:xx:xx:xx:xx and then reboot the device. Prerequisite: jailbroken device, terminal access (local or SSH) and sudo.
Traffic mirroring in Linux
It comes in hand when analyzing traffic to forward a copy of the traffic to a specific IP where a machine is listening and running Wireshark & stuff. It’s very useful for routers that don’t have the capabilities to run network analysis tools (like DD-WRT). Just run the following commands replacing the xxx.xxx.xxx.xxx field with the… Continue reading Traffic mirroring in Linux
Permanent IP forwarding in Linux
We usually do # echo 1 > /proc/sys/net/ipv4/ip_forward when we want to enable forwarding in Linux. If you want to make this change permanent, you need to edit the /etc/sysctl.conf file and add or uncomment the following line net.ipv4.ip_forward = 1
Password policies in Windows
To access the password policy in Windows just go to Start and type in the search box secpol.msc. Click on secpol and you’ll be presented with the security policy. Go to Account Policies, then click on Password Policy. The options, explained: History – how many passwords will Windows store (you won’t be able to reuse… Continue reading Password policies in Windows
OWASP Romania
If you are an English speaker, well, this is a post announcing and promoting the Romanian Chapter of OWASP. You can join your local chapter or the global effort of OWASP to improve information security. ### OWASP (The Open Web Application Security Project) are acum deschisa o organizatie locala si in Romania. Suntem in cautare de noi… Continue reading OWASP Romania
Techniques to play with custom and encrypted protocols
An interesting presentation from DEFCON20 provided by Elie Bursztein and Patrik Samy called “Fuzzing Online Games” touches areas of application security where traffic analysis is not enough to perform a penetration test. As stated by the authors: “In a nutshell the lack of direct access to the game server and having to deal with clients… Continue reading Techniques to play with custom and encrypted protocols
Webmin and Virtualmin installation on Debian
Now that we have a fresh and clean Debian installation we can proceed to Webmin and Virtualmin installation. Althou installing Apache, MySQL and other stuff needed for a web server by hand is not hard and you can find a lot of support I prefer installing Webmin and Virtualmin to ease the administrative tasks. If… Continue reading Webmin and Virtualmin installation on Debian
Install a clean Debian on Virtualbox
I don’t test my ‘ideas’ on live servers, nor do I keep unnecessary hardware around the house to play with them. So I use the other option in hand, a virtual machine. Despite the fact that this will be a VM installation of Debian, the idea for a very clean and basic installation is the… Continue reading Install a clean Debian on Virtualbox
Installing TCPDump on DD-WRT
Now that we have JFFS enabled we can install new apps on our router. Note that the apps are installed into RAM and will vanish when you log out. You can write a script to automatically install your preferred applications during the log in process. DD-WRT does not come with a repository but we can… Continue reading Installing TCPDump on DD-WRT