Windows 7 GodMode

On a Windows 7 box create a folder named:

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

The folder will change into a shortcut. Click to access the folder, and exposes all (or most?) of the admin interfaces.

I will test that you all remember this GUID off by heart...

Marc Maiffret--the quick rise of a teen hacker

Insightful interview with March Maiffret who wrote Retina:
Marc Maiffret--the quick rise of a teen hacker (Q&A) InSecurity Complex - CNET News

Schneier in print

The Great God Schneier has released his wisdom of the ages upon us once more. This time he's giving you a withering stare on the front cover.

"The closest the security industry has to a rock star" has combined all his essays together for bedtime reading! Now if only I had £20 ($40) to get a signed copy. Does this mean the last page is a hash of the book encrypted using his private key? :)

dD

CSI Stick me baby

This is sooooooo cool, I want one, I want one, gimme, gimme.
http://news.cnet.com/8301-1009_3-10028589-83.html

Now off to practice my slight of hand and magic fingers so I can connect it to phones without people seeing! :)

dD

Cool, Evil Tracking Site

Guys, it has been a while!

Anyways just trawling the Internet highways and byways and came across this little Gem,
http://www.team-cymru.org/
The use of the map from xkcd, gets my vote! Plus they have afew security hardening guidelines and other interesting docs.

Well worth a look.

dD

SIW

dD just cam accross this fantastic tool from Gabriel Topala:
http://www.gtopala.com/

To quote the web site:
"SIW is an advanced System Information for Windows tool that gathers detailed information about your system properties and settings and displays it in an extremely comprehensible manner. SIW can create a report file (CSV, HTML, TXT or XML), and is able to run in batch mode (for Asset Inventory Tracking, Computer (Software and Hardware) Inventory, PC Audit, Software Audit, Software License Compliance Management)."

There is an installer and also a stand alone executable.
There is also functionality similar to SnadBoy (the password revealer) to reveal any password areas. Just click on the Eureka! button. You can change the machine's MAC address, scan the network 'hood, ....

This one is going straight into dD's toolkit. It beats the pants of msinfo in gathering data from a Windows box!

dD

my kind of captcha

if only all all captchas were this interesting! It works well though and I wonder if it has any merit. It still boils down to multiple choice.

http://www.hotcaptcha.com/

dD

GNU Citizen projects

Hi All,
Just had a chance to start trawling through GNUCitizens project list and the are some really interesting ones here.
For a start the Massive Enumeration Toolset sounds really cool.

dD

social engineering

trawling through a back log of RSS feeds, this interesting little nuget was found on gnucitizen about a side attack for social engineering. Using a pki database you can query for email addresses tied to certain keys. the author, pdp, has some demo code up but it appears to not be working. However it is a really neat idea.

http://www.gnucitizen.org/projects/pki-book/

CAPATCHA Goooooootcha

It looks like gooles capatcha is under attack with a 20% success rate: http://www.websense.com/securitylabs/blog/blog.php?BlogID=174

That's a lot of accounts to send me stock tips or enlargement pill ads. The more interesting thing would be if the bots could do something cool with all that storage! Say that this process is yeilding 1 account per minute, thats 1440 accounts a day and around 525600 accounts a year. With 6Gb of storage space per account that is 3.2 PB of distributed storage.

check out these tools to mount a single account
http://www.sizlopedia.com/2007/08/11/utilities-to-use-gmail-space-as-google-drive/
If they are clever enough to crack the captcha, they should be clever enough to create something that would mount all of these counts together as some sort of distributed file store with redundancy and resiliency.

Cool.

What would dD look like

This is dD as a Simpsons character. Have a go yourself at http://www.simpsonsmovie.com

Cool sites

found these, thought they were cool:
GNUCitizen
The Hacker Webzine

please feel free to add more cool links in the comments

Mobile Phone Sniffing: smells kind of cheesey!

Apparently a couple of guys at the black hat conference over in DC have demonstrated a GSM crypto cracking system in 1/2 and hour and $1,000 of storage.
Take me >>
As dD is impoverished and busy attendendance was not an option. However, the good old blackhat folks will be making the whole things available in there archive in a couple of weeks. Groovey!

Cold Hacking: what we leave behind

It seems that DRAM is not so forgetful after all! It would seem that some plucky researchers over at Princeton have demonstrated how to obtain critical cryptographic keys for disk encryption systems such as BitLocker and TrueCrypt by cold booting a system an having a look at what is left in memory.

They even have a video of the talk and a paper. This is another example of side attacks on cryptosystems which the great might big boss Bruce has been mentioning for some time now.