geschonneck.com » Security

SYSTEM user with Vista

Alexander Geschonneck — Wed, 28 May 2008 16:43:24 +0000

Do you have physical access to a Vista box and need to become SYSTEM user? Try this one:

boot the Vista box with BackTrack or some other Live CD
mount the NTFS partition
rename c:\Windows\System32\Utilman.exe
copy c:\Windows\System32\cmd.exe to c:\Windows\System32\Utilman.exe
reboot
at the login screen: start Utilman with “Windows key + U”
start CMD.EXe
start EXPLORER.EXE
done!

There is a nice screen cam video of this available.

Anonymous Quote

Alexander Geschonneck — Wed, 21 May 2008 16:53:14 +0000

“If you’re a good hacker…everybody knows.
If you’re a GREAT hacker…nobody knows.”

Stealing Credit and Debit Card Numbers

Alexander Geschonneck — Wed, 14 May 2008 10:23:27 +0000

According to a US DoJ press release 3 crackers have been charged in a federal grand jury indictment and complaint with illegally accessing the computer systems of a national restaurant chain and stealing credit and debit card numbers from that system. They indicted for hacking into cash register terminals at several Dave & Busters restaurants at various locations around the US in order to acquire credit and debit card information with packet sniffers.

Full press release

Could have been worse?

Alexander Geschonneck — Tue, 13 May 2008 12:34:18 +0000

No, this time not in the UK. A cracker has posted some online databases containing personal information on 6 million Chilean residents. According to the Chilean technology blog Fayerwayer.com, the cracker, who calls himself “Anonymous Coward” posted three compressed files of data that included names, addresses, telephone numbers and taxpayer identification numbers for Chilean residents. Doh.

nice geeky captchas

Alexander Geschonneck — Sun, 23 Mar 2008 12:57:21 +0000

If you are good at math, you wont have problems signing in at the Ruđer Bošković Institute Quantum Random Bit Generator.

CAPTCHA = Completely Automated Public Turing test to tell Computers and Humans Apart

Security Public Relation Excuse Bingo

Alexander Geschonneck — Thu, 28 Feb 2008 13:43:25 +0000

You know them from a security incident follow up meeting, a security audit exit meeting or a vendor prensentation: excuses for not caring about security the right way. You can now choose your excuse from the Security Public Relation Excuse Bingo.

My favorite is: What kind of a person looks for flaws?

Bypassing a Windows login password with forensic tools

Alexander Geschonneck — Sun, 24 Feb 2008 13:37:40 +0000

Lance Mueller published a good article about bypassing a Windows login password with forensic tools . You can use his instructions if you plan to boot an Windows image within a virtual machine and like to login.The other way is of course attacking the password hash with rainbow tables. But sometimes this is not the best option.

Read the full story on Lance’s blog.

frozen memory aquisition

Alexander Geschonneck — Fri, 22 Feb 2008 15:33:09 +0000

Cool stuff from Princeton researchers. They published a paper “Cold Boot Attacks on Encryption Keys” and showed that whole disk encryption can be defeated by relatively simple methods. They demonstrated their methods by using them to defeat three disk encryption products: BitLocker, FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux.

Link to the project with sample video

Insider Threat Research

Alexander Geschonneck — Mon, 28 Jan 2008 17:25:28 +0000

CERT and the United States Sectret Service published an insider threat research that focuses on both technical and behavioral aspects of actual compromises. The key findings are

Current and former employees carried out insider activities in nearly equal numbers.
Sixty-three percent of the insiders held technical positions within the targeted organizations.
Thirty-eight percent of insiders had prior arrests.
A specific work-related event triggered most (73%) insiders’ actions.
The majority (76%) of insiders planned their activities in advance.
Half (50%) of the insiders had authorized access to the system/network at the time of the incident.
Over half (58%) of the insiders used relatively sophisticated tools or methods for their illicit activities, including scripts or programs, autonomous agents, toolkits, probing, scanning, flooding, spoofing, compromising computer accounts, or creating unauthorized backdoor accounts.
Insiders committed their illicit activities both from the workplace (51%) and remotely (43%) in nearly equal numbers.
The incidents took place during (51%) and outside (49%) normal working hours in nearly equal numbers.
Most (80%) of the insider incidents were only discovered through manual (non-automated) detection of an irregularity or failure of an information system.
The majority (74%) of the insiders took steps to conceal their identities and their activities.

http://www.cert.org/insider_threat/

Certified Wireless Analysis Professional Official Study Guide

Alexander Geschonneck — Mon, 14 Jan 2008 12:25:29 +0000

The Certified Wireless Analysis Professional Official Study Guide is now free available for download. Very useful if you have to analyse wireless captures. Please take a look at the content:

Unit I 802.11 MAC and PHY Layers

Chapter 1 Introduction to Wireless LAN Analysis

Chapter 2 802.11 Protocol Architecture

Chapter 3 Connectivity and Data Protection

Chapter 4 Configuration Options and Protection Mechanisms

Chapter 5 802.11 MAC Frame Format

Chapter 6 802.11 Management Frames

Chapter 7 802.11 Control and Data Frames

Chapter 8 802.11 PHY Layers

Unit II Applied Analysis

Chapter 9 802.11 System Architecture

Chapter 10 802.11 Protocol Analyzers

Chapter 11 802.11 Performance Variables

Chapter 12 Additional Information

Chapter 13 Case Studies

Download

illegal migrants in security jobs

Alexander Geschonneck — Sun, 16 Dec 2007 16:43:17 +0000

A couple of weeks ago I read an british article about the fact, that thousands of illegal migrants may have been working for private security companies in the last three years in the UK. Badly enough, that up to 5,000 people without a proper background check and with unverified criminal records may infiltrating the industry. My thoughts about this story: What if the government starts to “blackmail” the illegal migrants?

Microsoft’s wireless keyboards cracked

Alexander Geschonneck — Sun, 02 Dec 2007 11:40:30 +0000

The swiss based company Dreamlab Technologies has shown that it is possible to capture and decrypt keystrokes, meaning that user names, passwords, bank details or confidential correspondence can be very easily eavesdropped. According to their Press Release they found a way to sniff the data traffic between Microsoft’s wireless keyboards and their base stations, which communicate with each other on the 27 MHz band. The devices use a simple XOR mechanism for encryption and the keys are only one byte long.

via