It is that time again for me. On-call at where I work means little sleep and a lot of work. The first wasn’t too bad. I stayed busy during the day. I left for home (around an hour drive) and didn’t even make it out of town and had to turn around. Worked till 7:30pm and then headed home. Got paged when I was about 15 minutes from my house. Got home and fired up the laptop. I was on that call until 2am. Went to bed and woke up at 5:45am like I normally do. Off to work at 6:50am. Work today has been constant. The bad part is that this is a holiday weekend so there will be no level 1 support fielding the easy calls. This also means that I will get every page this weekend. Could be worse, could be a lot worse.
There is something about on call that is fun. All day long you have that level of anticipation of when the next page is coming. Then when you get the page what is the issue. You got pressure to get it fixed fast as the company could be loosing money by the minute. That rush can be awesome. The lack of family time and sleep is not any fun, but that is the price of the job.
Wireshark 1.2.0 has been released. This is the new stable release branch of Wireshark and many new and exciting features have been added since 1.0 was released.
In this release
- Wireshark has a spiffy new start page.
- Display filters now autocomplete.
- A 64-bit Windows (x64) installer is now provided.
- Support for the c-ares resolver library has been added. It has many advantages over ADNS.
- Many new protocol dissectors and capture file formats have been added.
- Macintosh OS X support has been improved.
- GeoIP database lookups.
- OpenStreetMap + GeoIP integration.
- Improved Postscript(R) print output.
- The preference handling code is now much smarter about changes.
- Support for Pcap-ng, the next-generation capture file format.
- Support for process information correlation via IPFIX.
- Column widths are now saved.
- The last used configuration profile is now saved.
- Protocol preferences are changeable from the packet details context menu.
- Support for IP packet comparison.
- Capinfos now shows the average packet rate.
Many time you might need to access a system but have been locked out or the password to access the local system has been forgotten. There are many ways to deal with that.
If you just want to get in quickly you can use NT Offline. NT Offline will allow you to blank/clear or change the password of an existing local account. This boots up in to a linux command line utility. From here you select the drive the OS is on, the path to the config files, and then which account(s) you would like to modify.
Being able to change a password is great and all but what if you need to get the password. fgdump will allow you to dump the dump the LSASS. This will allow you to get the users accounts and their hashed passwords. How to find the password from the hash is another story. You might start by looking at RainbowTables.
This is the new tool. It is getting quite a bit of hype right now. This tool will boot a different kernel of the OS and then load Windows or Linux during the boot. Once you get to the login screen, simple select a local user or a cached user and press enter with no password and you are in. There is not much you can do to the account, but you have access to the machine.
Yes I know that these can be listed as “hacker” tools. But the “hacker” tools are a administrator’s best friend.
I will post these in the links section also.
I am finding in my daily work that everyone talks about and wants the least privilege security model until want access to something. We can redesign a network share and say that only groups are allowed and that we are not to allow user access to directly to have access and within a month of going live there is a handful of user accounts listed. What I also find funny is how people react when you ask why? Why do you need this access? You would think I am asking them to justify why they exist. My goal is to be able to document and justify why I have granted access to something (share, server, etc.) and they get offended. Using the model of least privilege help to protect everyone and the company.
I am having a slow start updating this current site. I have set this WordPress up as the main site now. I need to update all the sections.
FYI – A new version of instructions on building your own Intrusion Detection System (IDS) is coming out soon. I switched to CentOS from Fedora for stability.
Austin had a tee ball game today. The team they played were the stereotypical parents living their dreams through their kids. That the best thing about the whole game was the fact that Austin’s team won. They play three innings normally. This game they started about 15 minutes late. After 45 minutes, they finished the 3 innings. The other coach wanted to keep playing even if the other team in the waits and their game to start at 4pm. My family sat next to the 3rd base laughing and having a good time at their coaches. We had a great 2nd inning where Austin got all three out in a row! He was playing short stop and the ball was hit near him. He fielded the ball, checked if anyone was covering second, and seeing there was no-one at the base, he ran to 2nd. Each time getting there right before the person gets to the base.
A few of us at work have started using Microsoft One Note. All I can say is so far it is the best collaboration software I have used. Near real time changes. You can be working on a document in a tab and you can see the changes that someone else from the team is making as their One Note syncs with yours. You can add files, pictures, documents, etc to the page while adding notes to the page. We now use it for projects and meeting notes. One thing I really like is I can go offline and then once I am back online it syncs all the changes I made and any change other people have made. You then can also have a personal notebook to keep your work seperate. You can password protect areas or notebooks also. Who knew I would like a Mirosoft product so much?
I am sitting here on my main desktop writing this. On one tab of FireFox I have my Facebook open. On the next tab I have this page open. I have my uTorrent runningin the background. My laptop sits next to me with a VPN connection in to work. I am running scripts and adding accounts in to group and verifying that the servers got the correct grouping. My IDS is humming along. My ESXi server is pumping out the heat as the server tries to keep the 8 processors cool. I have 4 IM windows up on the laptop and 3 chat windows in facebook. I have 7 command prompt windows pinging servers asking them if they are still up.
It is now 1:35am and I have been up since 5:30am the day before. No worries, I got my energy drink (Monster Khaos). Odds are I will be in to work between 9 and 10am. Why? Because I have 40 tickets to complete and more to be assigned.
Such is the life of a geek.