Talking Technical Security. All the stuff I find interesting and enjoy. Covering Protective Monitoring, Penetration Testing, Network Security Monitoring, Forensics, and Incident Response. Go deep!
Entropy in a given character set
This is a python program to work out the Bits of Entropy for a given character set for a specific password size. In other words how random can a password be at a specific size when drawn from a range of characters.
I’ve been using Security Onion (SO) a lot lately, exploring the many great features of this awesome distro. Security Onion provides IDS either through Snort or Suricata as well as many other excellent network security monitoring tools such as Squert, Bro, NetworkMiner, Xplico, and many others. SO also has great open source IDS front end monitoring tools, Sguil and Snorby built in. I like using a VM on my desktop machine running Security Onion as my monitoring station, whilst deploying the Security Onion on my VMware ESXi lab server. I’m going to cover my test lab set up a little in this article for anyone interested in setting up their own.
One of things I love about using VMWare in the test lab is that gives you the ability to build a complete virtual network with different security zones, firewalls and IDS/IPS systems. Not to mention the fact that I couldn’t possibly have ten’s of servers deployed in my home office space, something I can easily do with just a couple of machine…
About netsa SiLKSiLK provides a way to capture netflow and interrogate flow data. It can be used for a variety of purposes including situational awareness, forensics and anomaly detection.
Before installing SiLK examine the perquisites for the build. I’m using CentOS 6.3 minimal install with a virtual machine disk of 100GB in total with a separate partition for /data of about 60GB. The virtual machine will be allocated 4GB of RAM and 2 virtual processors.
Configure the network settings for your lab environment. In order to use YUM for installing software the the lab system will require access to the Internet.
Download the following source code files from the netsa CERT project home page libfixbuf-1.2.0.tar.gznetsa-python-1.3.tar.gzsilk-2.5.0.tar.gzyaf-2.3.2.tar.gz
Copy the required packages to the /usr/local/src directory. If you are using scp to copy over the packages dont’ forget ‘yum install openssh-clients’ first on the server.
Start by updat…
A few weeks ago I decided to generate Rainbow Tables for LM hash password cracking. The Rainbowcrack project provides Windows and Linux software that can be used to generate the tables and do the actual cracking. I also wanted to leverage the CUDA GPU support to make the cracking as fast as possible. The first thing I needed to do was to generate the actual rainbow tables. In my lab I have two Proliant ML350 servers running ESXi 5.1 (dual Xeon E5645 in each) so rather than running the table generation on my laptop I created a Windows VM on one of the servers gave it 8 vcpu's and cut 'n' paste the commands for the table generation into a batch file. I set the batch file running and went to bed.
The next morning I checked on progress and calculated how long it was going to take to complete. With a bit of rough math I reckoned about six weeks!
Six Weeks Later...
After running at a near constant 100% CPU utilisation for the full six weeks my rainbow tables were finally ready. …