I hope you will at least find this blog to contain alot o crap :)
Thing is, I have no pretention to become a pro-blogger, I just do it for fun and to learn, but also to share some knowledge.
You give some and get some back. Most of the posts and pages will be about/around security in the so called CyberSpace.
Feel free to nagg/compliment about things by making a comment ;)
All info/articles/posts are served As Is. It is all informational, not instructional. All guides/tips are aimed to be done in YOUR test environment, not towards anything "live"
Which where an old saying from my old days as a IRC nerd, pointing it towards all those who saw themselves as the utter 1337 haxx0rs, whith meerely a knowledge about how to run scripts and tools.
ÖHK, Svenska fans
Ubuntu 12.04 is here. Apparently it is way better than ever, at least thats what I heard ”through the grapevine”. But I am really annoyed by the obscurity and obnoxiousness of Unity and like some things to be as they ”always has been”. Here´s a quick way to make your brand new 12.04 ubuntu run with Classic Gnome! Go to the ”Software Center” Search for ”gnome shell” <– without quotes ;) Mark the gnome shell … Continue reading
Ett kommande event på DefCon 20, det är heller inte den första gången :) Så det nedanstående är en ”kass översättning” efter översättningen kan det komma en eller annan fundering ;) The Original Article http://www.social-engineer.org/defcon-sponsorship/ —-Snipe—- Social-Engineer.Org Team meddelar att de kommer att hålla Social Engineering CTF och Social Engineering CTF för barn igen på Defcon 20. Vi söker fortfarande företag som vill bli sponsorer av ett eller av båda våra evenemang. EventetVårt Social-Engineering CTF är inte ett traditionell Capture the Flag Event. I denna är CTFlaggorna oskyldiga bitar av information som vi ber de tävlande att få. Hur? Varje deltagare tilldelas ett målföretag. De tävlande får två veckor … Continue reading
Just making a small effort to use Google Chrome on my computer hehe trying out a few apps to help my daily internetism go smoothly =) Those who thisfar have helped me good are: ScribeFire Xmarks TweetDeck (Like the windows app better though) Google+ StumbleUpon LastPass Clearly Prolly gonna add a few more pretty soon but we´ll see :) also will Rank the apps later on if I find the time for it :p … Continue reading
After some time working with PKI, one runs into the fun world of codesigning as a feature. Security, PKI, codesigning and lots of other words would fit as keywords :) This article is just a ”brain dump” of what has come up (in my head) this far. I won´t bet on that I will not change my opinion but… Hey this is a personal blog :) Summary of the handeling (internally in a org) of Code … Continue reading
Linux is a safe system…….. When talking about IT security often people mention that Linux security is the highest/best one ;) Yeah it is, most of the time. Some bugs do at time pop up. This one is a ”old” one but probably alot of systems do still run the exploitable versions :) rofl I got this from a colleague after some Linux / patching discussions. ———————————————————————- Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +–++> [ Authors ] … Continue reading
Some stuff about PKI PKI or Public Key Infrastructure is a strange thing. Or rather it is a somewhat hard to grasp issue. Most of this will be about PKI in a Microsoft environment but the basics are applicable on PKI as a concept. CA or Certificate Authority is the supplier of certificates, the structure is somewhat like DNS with the TLD at the top and subordinates in a chain, though with PKI it is … Continue reading
ADCS: Active Directory Certificate Service Asymmetrisk kryptering: (kryptering och dekryptering med två olika nycklar) Den ena nyckeln används för kryptering, den andra för dekryptering. Nyckeln som används för kryptering är allmänt tillgänglig (öppen nyckel), men nyckeln som används för dekryptering hålls hemlig (privat nyckel). Asymmetrisk kryptering är förutsättningen för nästan all krypterad kommunikation på internet, till exempel banktjänster och andra betalningar. Fördelen, jämfört med den äldre typen av kryptering, symmetrisk kryptering, är att parterna inte … Continue reading
The Mentality of WetWare (written since some do not understand HoaX) Don´t you just love those emails you get with the warnings about viruses, often they are sent to a whole bunch of people stating that the lastest findings from antiviral vendors found a .exe which is an actual infection. The mail then walks us through how to search and desrtoy the ”virus” and the users are happily rebooting into in many cases a hurt … Continue reading
Qute stuff to do when running ShadowCopy (VVS) :) Comments from notepad while watching a online capture from some haxxor show. Prolly abit mixed, but a kewl thing it is ;pLinux Common Directory Names:-space/dotspace/dotdotspace/namespace -mkdir ´.[space]` -mv malware /path/.\[space]/ -/path/.\[space]/malvaremkdir `temp[space]´Windows Alternate Data Streams (ADS) type malware.exe > harmless.txt:evil.exe start c:\path\to\harmless.txt:evil.exe dir /r will find it. (vista and later) sysinternals Streams list alternate data streams (LADS) fairly easy to eradicate ADS on Steroids echo anything > … Continue reading
A short NC thing! NC or NetCat is often described as a swiss-armyknife of networking utilities. I basically agree allthough there could be things you won´t be able to do. If you haven´t got it installed just fire up your browser and point it to google.com and do a quick search for it. DL and Install. Upon completion of the above task, at your cli (command line interface) type: nc <enter> and you hopefully get … Continue reading
Why, Oh Why! Since I am currently working with PKI from microsoft I have had to read up abit on that. There is alot of different junk out there on the Internet, but a basic google search will get you started, and there are a bunch of different books too. Brian Komar have written a exceptionally good book on that subject it is namned: Windows Server 2008 PKI and Certificate Security you can get it from … Continue reading
OMG! Sometimes it feels as if I am double parked in a pararell universe. Feeling needs to shape up my knowledge and feel at ease with myself within that sphere, but is this only a good thing? Perhaps not only good. I was in Frankfurt am Main in Germany last week at ”The Experts Conference 2011″, this a flagship for knowledge and more technical to it´s nature than for instance TecEd. It is supposed to … Continue reading
Securing scada A pondering upon things within security and SCADA/ICS, do´s and don´ts for a safer everyday operational environment SCADA Security With the latest newsbuzz, not many have missed out on the fact that our dear SCADA/ICS are under pontentially massive attack. And I could have understood parts of this back in the ”good old days” when there was HackForFame, who wouldnt be g0d-like pwning a powerplant? but now…. Terrorists: by either religious or political reasons, are … Continue reading
What, how and why SCADA System parts Three main elements are part of a SCADA system, Remote Telemetry Units or RTU’s, Human Machine Interface or HMI, and communications. How For the most part, the brains of a SCADA system are the Remote Terminal Units (RTU’s). The RTU collects information at the site, while communications bring the collected information from the different RTU sites to a central location, and on occasion returns instructions to the RTU. … Continue reading
