Suggested Blog Reading – Friday May 25th, 2007

ReadThere’s just something about having to get up at 4:15am to get on a plane that kind of ruins your day.

Here’s the list:

Enhanced Operating System Identification with Nessus – I’m in favor of finding better ways to profile OS’…how about you?

Tenable’s Research group recently introduced a highly accurate form of operating system identification. This new method combines input from various other plugins that perform separate techniques to guess or identify a remote operating system. This blog entry describes this new process and shows some example results .

Prefetch Analysis – I’ve never known so much about something I previously knew nothing about 🙂

I’ve seen a couple of posts recently on other blogs (here’s one from Mark McKinnon) pertaining to the Windows XP Prefetch capability, and I thought I’d throw out some interesting stuff on analysis that I’ve done with regards to the Prefetch folder.

Essential Bluetooth hacking tools – I can honestly say that I haven’t run into a situation where I’ve had to test and/or analyze Bluetooth devices yet. At least I now know where to get some tools.

If you are planning to gain a deeper understanding of Bluetooth security, you will need a good set of tools with which to work. By familiarizing yourself with the following tools, you will not only gain a knowledge of the vulnerabilities inherent in Bluetooth-enabled devices, but you will also get a glimpse at how an attacker might exploit them.

VMware Security and NAT Problems – This is the first I’ve heard of such problems.

As helpful as VMware is I can honestly say that it has caused me quite a bit of grief lately. My feelings of frustration have mainly been my fault but tonight I also received a warning to update to the latest version of VMware Workstation. And when Ed Skoudis tells you to update immediately I listen, as should you.

The problems with VMware started on Tuesday when the culmination of the SANS Hacker Techniques, Exploits & Incident Handling started. During the last week of this SANS @Home course the whole class is given access to a virtual lab which contains a vulnerable environment for the hacking. As it is a training situation Ed provides detailed instructions on how the students are suppose to set up their attacking systems. I spent the better part of that night and the next night hacking with a team and individually. I thought that I would do really well but in the end I just could not get anything to work correctly.

Recovering a FAT filesystem directory entry in five phases – Good article to cap things off.

This is the last in a series of posts about five phases that digital forensics tools go through to recover data structures (digital evidence) from a stream of bytes. The first post covered fundamental concepts of data structures, as well as a high level overview of the phases. The second post examined each phase in more depth. This post applies the five phases to recovering a directory entry from a FAT file system.

Written by Andrew Hay


  • Cutaway


    Yes, NAT in VMware, although helpful, easy, and secure, does provide an additional level of complexity to any tasks you are trying to accomplish. For persons doing security activities like vulnerability assessments, network enumeration, or penetration testing the recommended interface configuration is bridge mode. By not doing it you will find that your results are inconsistent often in a manner that is not readily apparent to the enduser.

    Go forth and do good things,


Devastatingly handsome CISO @DataGravityInc.

Security, DFIR, DevOps, cloud, business, and BBQ renaissance man of most trades (master of some).