Thursday, October 30, 2008

Some lessons learned from my last trip

I just got back from my latest testing trip and I've come up with a small list of things that I learned from the trip. For this trip, there were a couple of items I didn't bring, and need to remember for future trips.

Wire-bound notebook - I brought my planner, and figured that would be enough. A) The planner is just too big to carry around. B) I was carrying around more than I needed. C) A notebook will be great as I can date the pages (and number them) for each testing engagement. D) The notebook will be smaller (and lighter) than the planner.

Site Physical Security Checklist - While this is loaded on our test laptops, there was no easy way (in this particular case) to get access to a printer. I need to remember to print this out ahead of time so I can use it on site.

Notebook mouse - wired or wireless, doesn't matter. My wrists were killing me after using that pointer above the B. And the touchpads were horrible. A USB travel mouse will go along way.

Tuesday, October 21, 2008

Hacking Wired Keyboards

I first saw a blog on this yesterday, and didn't take the time to read it. It wasn't until I saw the video that I was amazed.

The Zero Day blog had the scoop.

And a video here.

Richard's write-up of SANS' WhatWorks in Incident Response and Forensic Solutions Summit

Richard Bejtlich wrote up his notes from the Incident Response and Forensic Solutions Summit. They can be read here.

Hopefully, the conference in July near DC takes place so I can attend.

Thursday, October 16, 2008

FIOS set top box download

Our dog isn't doing well. He's pretty old, and his age has started to catch up with him. So, when he gets up to walk around at night, I usually wake up. Mostly to make sure that he is ok. Unfortunately, I'm becoming a lighter sleeper than I used to be. Anyway, last night at around 4:00 a.m., I hear the set top box to the TV in our bedroom turn on. Then, I hear the box in the living room turn on. I went out to the living room and saw "DL" on the box, and a line going around in a circle next to it.

My best guess was that Verizon was pushing out either a software or firmware update to the boxes. It only lasted a minute or two, and the boxes turned on and off a couple times at the end. It probably would have been nice to know the activity was planned.

I still love the Fios service, I just think some communication would have been nice.

The next assignment

It looks like my next assignment has been handed out. I'll be part of a team testing a lan for a research hospital. The lan is pretty big so four of us are being sent.
I'm already looking forward to it, though we will be away for a full week the last week in October.

Forensics conference update

Not so much an update by me, I could not attend. Though it was killing me not to be there.

Harlan has a write up on his blog on his thoughts of the conference. He mentions in his post that the next Forensics conference is slated for July 2009. Time to start saving those nickles and banking the vacation time.

And, while I'm at it, I can't remember where I saw it, but SANS set up a site dedicated to forensics. I just quickly went through it, I've bookmarked it so that I can dig deeper when I have a few free minutes of time.

Thursday, October 9, 2008

In-House Testing Class

The last two days were spent in an in-house testing class; which I thought was really well done. And, I thought it made more sense after having been out testing once. I think it might be tougher to get a good feel for what's expected if you haven't been out. Some of the modules were less meaningful, but that's probably because the material was familiar due to a project management background. The tools modules were awesome though.
Gold Disks
our home grown tools
the Linux/unix SRR scripts

Plus, we went over what makes a good physical security inspection. Probably the toughest part of the class was the module on document review: COOPs, ISSPs, IR Plans, HIPAA, etc. I'm itching to go back out again, and it looks like my wish will be granted at the end of the month.

Thursday, October 2, 2008

SRR scripts for IOS

I'm pretty sure my next engagement will entail more than Microsoft products. I know there are scripts for databases and different flavors of *nix for testing the various components of a site. However, are there scripts or specific actions to be taken when testing Cisco routers? I have read through the Network Security checklist so I see the vulnerabilities to test for. I'm just wondering if there are pre-defined scripts for testing IOS.

Base Security

I just got back from my first testing engagement, and I'm still trying to organize my notes from everything that I learned. I went with an accomplished tester, and was able to learn many of the tricks of the field. Fortunately, the site we were at was not that big, nor were there many machines and servers to test. I think we had 10 servers to test, and 10% of the 70+ workstations. So, it wasn't that bad. Site physical security was pretty easy to test, as the grounds were relatively pretty small.

However, getting on the base was pretty interesting. When driving on, contractors were supposed to stay to the right and go through a special checkpoint. We missed that. We ended up in the regular truck checkpoint. We were greeted by an 'older' gentleman who asked to see our IDs. Upon showing them, he asked where we were going. He seemed entirely put out by the fact that we would have to turn around and go through the regular contractor checkpoint. So, he "cleared" us right there, and called ahead to the booth and told them we were clear. We drove up, they gave us our pass, and we drove off.

The next day, we followed the proper procedure.