New Wireshark

Wireshark 1.2.0 has been released. This is the new stable release branch of Wireshark and many new and exciting features have been added since 1.0 was released.

In this release

  • Wireshark has a spiffy new start page.
  • Display filters now autocomplete.
  • A 64-bit Windows (x64) installer is now provided.
  • Support for the c-ares resolver library has been added. It has many advantages over ADNS.
  • Many new protocol dissectors and capture file formats have been added.
  • Macintosh OS X support has been improved.
  • GeoIP database lookups.
  • OpenStreetMap + GeoIP integration.
  • Improved Postscript(R) print output.
  • The preference handling code is now much smarter about changes.
  • Support for Pcap-ng, the next-generation capture file format.
  • Support for process information correlation via IPFIX.
  • Column widths are now saved.
  • The last used configuration profile is now saved.
  • Protocol preferences are changeable from the packet details context menu.
  • Support for IP packet comparison.
  • Capinfos now shows the average packet rate.

2 Old Tools and 1 New Tool

Many time you might need to access a system but have been locked out or the password to access the local system has been forgotten. There are many ways to deal with that.

NT Offline
If you just want to get in quickly you can use NT Offline. NT Offline will allow you to blank/clear or change the password of an existing local account.  This boots up in to a linux command line utility.  From here you select the drive the OS is on, the path to the config files, and then which account(s) you would like to modify.

Being able to change  a password is great and all but what if you need to get the password.  fgdump will allow you to dump the dump the LSASS.  This will allow you to get the users accounts and their hashed passwords.  How to find the password from the hash is another story.  You might start by looking at RainbowTables.

This is the new tool.  It is getting quite a bit of hype right now.  This tool will boot a different kernel of the OS and then load Windows or Linux during the boot.  Once you get to the login screen, simple select a local user or a cached user and press enter with no password and you are in.  There is not much you can do to the account, but you have access to the machine.

Yes I know that these can be listed as “hacker” tools.  But the “hacker” tools are a administrator’s best friend.

I will post these in the links section also.

Least Privilege Security Model

I am finding in my daily work that everyone talks about and wants the least privilege security model until want access to something. We can redesign a network share and say that only groups are allowed and that we are not to allow user access to directly to have access and within a month of going live there is a handful of user accounts listed. What I also find funny is how people react when you ask why? Why do you need this access? You would think I am asking them to justify why they exist. My goal is to be able to document and justify why I have granted access to something (share, server, etc.) and they get offended. Using the model of least privilege help to protect everyone and the company.

Slow Start

I am having a slow start updating this current site. I have set this WordPress up as the main site now. I need to update all the sections.

FYI – A new version of instructions on building your own Intrusion Detection System (IDS) is coming out soon. I switched to CentOS from Fedora for stability.

Tee Ball

Austin had a tee ball game today.  The team they played were the stereotypical parents living their dreams through their kids.  That the best thing about the whole game was the fact that Austin’s team won.  They play three innings normally.  This game they started about 15 minutes late.  After 45 minutes, they finished the 3 innings.  The other coach wanted to keep playing even if the other team in the waits and their game to start at 4pm.  My family sat next to the 3rd base laughing and having a good time at their coaches.  We had a great 2nd inning where Austin got all three out in a row!  He was playing short stop and the ball was hit near him.  He fielded the ball, checked if anyone was covering second, and seeing there was no-one at the base, he ran to 2nd.  Each time getting there right before the person gets to the base.

Microsoft One Note

A few of us at work have started using Microsoft One Note.  All I can say is so far it is the best collaboration software I have used.  Near real time changes.  You can be working on a document in a tab and you can see the changes that someone else from the team is making as their One Note syncs with yours.  You can add files, pictures, documents, etc to the page while adding notes to the page.  We now use it for projects and meeting notes.  One thing I really like is I can go offline and then once I am back online it syncs all the changes I made and any change other people have made.  You then can also have a personal notebook to keep your work seperate.  You can password protect areas or notebooks also.  Who knew I would like a Mirosoft product so much?

Life as a G33k

I am sitting here on my main desktop writing this.  On one tab of FireFox I have my Facebook open.  On the next tab I have this page open.  I have my uTorrent runningin the background.  My laptop sits next to me with a VPN connection in to work.  I am running scripts and adding accounts in to group and verifying that the servers got the correct grouping.  My IDS is humming along.  My ESXi server is pumping out the heat as the server tries to keep the 8 processors cool.  I have 4 IM windows up on the laptop and 3 chat windows in facebook.  I have 7 command prompt windows pinging servers asking them if they are still up.

It is now 1:35am and I have been up since 5:30am the day before.  No worries, I got my energy drink (Monster Khaos).  Odds are I will be in to work between 9 and 10am.  Why?  Because I have 40 tickets to complete and more to be assigned.

Such is the life of a geek.