Hyp0tez Blog!
Hey and Welcome to The "Rehnskrällets Blog".
I hope you will at least find this blog to contain alot o crap :)
Thing is, I have no pretention to become a pro-blogger, I just do it for fun and to learn, but also to share some knowledge.It's a karma thingy.
You give some and get some back. Most of the posts and pages will be about/around security in the so called CyberSpace.
Feel free to nagg/compliment about things by making a comment ;)
All info/articles/posts are served As Is. It is all informational, not instructional. All guides/tips are aimed to be done in YOUR test environment, not towards anything "live"
Knowledge blasé!
Which where an old saying from my old days as a IRC nerd, pointing it towards all those who saw themselves as the utter 1337 haxx0rs, whith meerely a knowledge about how to run scripts and tools.
ÖHK, Svenska fans- Örebros lagbygge inför 2012-13: Peter Andersson lämnar Örebro! Och Dahlberg försvinner också 2012/05/07
- Simon Olssons nya klubb är Örebro 2012/05/06
- Enström till Örebro 2012/05/04
- Christoffer Norgrens ersättare klar! 2012/04/26
- Ridderwall och Andreasson till Örebro 2012/04/24
- Örebro nästa klubb för Kalle Olsson 2012/04/22
This website worth
Tag Archives: security
DefCon 20 Social Engineering CTF
Ett kommande event på DefCon 20, det är heller inte den första gången :) Så det nedanstående är en ”kass översättning” efter översättningen kan det komma en eller annan fundering ;) The Original Article http://www.social-engineer.org/defcon-sponsorship/ —-Snipe—- Social-Engineer.Org Team meddelar att de kommer att hålla Social Engineering CTF och Social Engineering CTF för barn igen på Defcon 20. Vi söker fortfarande företag som vill bli sponsorer av ett eller av båda våra evenemang. EventetVårt Social-Engineering CTF är inte ett traditionell Capture the Flag Event. I denna är CTFlaggorna oskyldiga bitar av information som vi ber de tävlande att få. Hur? Varje deltagare tilldelas ett målföretag. De tävlande får två veckor … Continue reading
Codesigning in PKI
After some time working with PKI, one runs into the fun world of codesigning as a feature. Security, PKI, codesigning and lots of other words would fit as keywords :) This article is just a ”brain dump” of what has come up (in my head) this far. I won´t bet on that I will not change my opinion but… Hey this is a personal blog :) Summary of the handeling (internally in a org) of Code … Continue reading
Linux is safe? Linux security?
Linux is a safe system…….. When talking about IT security often people mention that Linux security is the highest/best one ;) Yeah it is, most of the time. Some bugs do at time pop up. This one is a ”old” one but probably alot of systems do still run the exploitable versions :) rofl I got this from a colleague after some Linux / patching discussions. ———————————————————————- Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +–++> [ Authors ] … Continue reading
Publik Key Infrastructure
Some stuff about PKI PKI or Public Key Infrastructure is a strange thing. Or rather it is a somewhat hard to grasp issue. Most of this will be about PKI in a Microsoft environment but the basics are applicable on PKI as a concept. CA or Certificate Authority is the supplier of certificates, the structure is somewhat like DNS with the TLD at the top and subordinates in a chain, though with PKI it is … Continue reading
PKI Jargong (Svenska)
ADCS: Active Directory Certificate Service Asymmetrisk kryptering: (kryptering och dekryptering med två olika nycklar) Den ena nyckeln används för kryptering, den andra för dekryptering. Nyckeln som används för kryptering är allmänt tillgänglig (öppen nyckel), men nyckeln som används för dekryptering hålls hemlig (privat nyckel). Asymmetrisk kryptering är förutsättningen för nästan all krypterad kommunikation på internet, till exempel banktjänster och andra betalningar. Fördelen, jämfört med den äldre typen av kryptering, symmetrisk kryptering, är att parterna inte … Continue reading
Wetware
The Mentality of WetWare (written since some do not understand HoaX) Don´t you just love those emails you get with the warnings about viruses, often they are sent to a whole bunch of people stating that the lastest findings from antiviral vendors found a .exe which is an actual infection. The mail then walks us through how to search and desrtoy the ”virus” and the users are happily rebooting into in many cases a hurt … Continue reading
VSSadmin
Qute stuff to do when running ShadowCopy (VVS) :) Comments from notepad while watching a online capture from some haxxor show. Prolly abit mixed, but a kewl thing it is ;pLinux Common Directory Names:-space/dotspace/dotdotspace/namespace -mkdir ´.[space]` -mv malware /path/.\[space]/ -/path/.\[space]/malvaremkdir `temp[space]´Windows Alternate Data Streams (ADS) type malware.exe > harmless.txt:evil.exe start c:\path\to\harmless.txt:evil.exe dir /r will find it. (vista and later) sysinternals Streams list alternate data streams (LADS) fairly easy to eradicate ADS on Steroids echo anything > … Continue reading
Utility NC
A short NC thing! NC or NetCat is often described as a swiss-armyknife of networking utilities. I basically agree allthough there could be things you won´t be able to do. If you haven´t got it installed just fire up your browser and point it to google.com and do a quick search for it. DL and Install. Upon completion of the above task, at your cli (command line interface) type: nc <enter> and you hopefully get … Continue reading
Pondering abit on Public Key Infrastructure
Why, Oh Why! Since I am currently working with PKI from microsoft I have had to read up abit on that. There is alot of different junk out there on the Internet, but a basic google search will get you started, and there are a bunch of different books too. Brian Komar have written a exceptionally good book on that subject it is namned: Windows Server 2008 PKI and Certificate Security you can get it from … Continue reading
Securing SCADA
Securing scada A pondering upon things within security and SCADA/ICS, do´s and don´ts for a safer everyday operational environment SCADA Security With the latest newsbuzz, not many have missed out on the fact that our dear SCADA/ICS are under pontentially massive attack. And I could have understood parts of this back in the ”good old days” when there was HackForFame, who wouldnt be g0d-like pwning a powerplant? but now…. Terrorists: by either religious or political reasons, are … Continue reading
SCADA security (Obscurity)
A little ranting about scada security and some of the problems therein. Imagine going to your economics department asking for exchanging a piece of hardware after 10 years, when the piece of harware has an economical lifespan of 15-20 years. And to the question –”why?” you answer; well NT4 isn´t supported anymore and our SCADA-IT guy retired 5 months ago and he was the only one knowing NT4, the control system for the pumps/turbines/feeders/plc is … Continue reading
Patching is fun.
Here are a few thoughts and pointers about patching and updating systems… Have you ever thought about the fact that security thing that is a somewhat ”point of view´ish”? Security bulletins and misc things pound out their newly found flaws and patch info daily. It is frankly a fulltime job to just keep up to it all. But some of the flaws are flagged as minor impcations and some are Important while the ”must have” … Continue reading
SCADA (Un)Security
What is SCADA? Supervisory Control And Data Aquisition. So an Overviewing controling data hogging system, – could I then call my wife a SCADA system? you might ask. No, she hasn’t got as much connections to all your processes and aren’t that event driven,(yet, but with the evolution of social networks, we are soon there). Common use of SCADA is energy/oil/nukelear/heating/cooling and a bunch of other utilities. Some are calling it ICS … Continue reading
