Category: Tools

Introducing The Open Event Log Project

OELThe Open Event Log (OEL) Project was conceived by Andrew Hay in May 2006 as a repository for system/server/application event logs to aide in incident response and forensic analysis. Many tools are now available to assist the analyst in interpreting event logs but a better understanding of the logs, as well as samples, were lacking. Most vendors post their event log specifications but it helps to have a central location that displays samples of these logs.

The ultimate goal of this site is to educate users on proper event log collection and analysis techniques which goes hand in hand with our motto: “No log left behind!”

Please note that there is no corporate backing of this site in order to remain as independent as possible.

Each device/application will display the following information to help the community:

  • Log Sample
  • Log Description
  • How To Enable Logging
  • Regular Expression Matching

An example of this format can be seen with the Juniper NetScreen entry here: http://www.openeventlog.com/index.php/Juniper_NetScreen

I’d appreciate any feedback you might have and invite you to contribute as much as possible.

MS Windows Vista forged ARP packet Network Stack DoS Exploit

omgI’m not sure how recent this is but Daniel Cid brought it to my attention.

Description: Microsoft Windows Vista (SP0) dumps interfaces when it receives this ARP packet. This DoS is useful for an internet cafe, wireless venue, or legitimate local attack. The victim will need to manually refresh their network interface. OK, sure it’s a dumb local attack, but why does Vista disable iface!?!??

The python code can be found here: http://www.milw0rm.com/exploits/3926

Try it out, it’s kind of…well…disturbing.

Ophcrack

ophcrack Many of you are familiar with L0phtcrack for cracking passwords. LC5 was discontinued by Symantec in 2006, but you can still find the LC5 installer floating around. The free trial only lasts 15 days, and Symantec won’t sell you a key, so you’ll either have to cease using it or find a key generator.

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.

The ophcrack LiveCD contains a full linux system (SLAX), ophcrack for Linux and rainbow tables for alphanumerical passwords. The LiveCD cracks passwords automatically, no installation necessary, no admin password necessary (as long as you can boot from cd).

More information about this tool can be found here: http://ophcrack.sourceforge.net/
Screenshot:

pic

Scroll to top