Tool review: NetworkMiner Professional 1.2
I've been slow in undertaking this review as NetworkMiner's Erik Hjelmvik sent me NetworkMiner Professional 1.1 when it was released and 1.2 is now available.Seeing Richard Bejtlich's discussion of Pro...
View Articletoolsmith: Registry Decoder
PrerequisitesBinaries require no external dependencies; working from a source checkout requires Python 2.6.x or 2.7.x and additional third-party apps and libraries.Merry Christmas:"Christmas is not a...
View ArticleChoose the 2011 Toolsmith Tool of the Year
Merry Christmas and Happy New Year!It's that time again.Please vote below to choose the best of 2011, the 2011 Toolsmith Tool of the Year.We covered some outstanding information security-related tools...
View Articletoolsmith: ZeroAccess analysis with OSForensics
PrerequisitesWindows Happy New Year:“A New Year's resolution is something that goes in one year and out the other.” - Author UnknownIntroductionDecember is the time of year when I post the Toolsmith...
View Article2011 Toolsmith Tool of the Year: OWASP ZAP
Congratulations to the OWASP ZAP team!The Zed Attack Proxy is the 2011 Toolsmith Tool of the Year.ZAP finished with 338 votes (36.5% of the total), slightly edging out Security Onion.SO finished a...
View Articletoolsmith: Splunk app - Windows Security Operation Center
PrerequisitesWindows 2003, 2008, 7 Splunk (Free or Enterprise)IntroductionAs a volunteer handler for the SANS Internet Storm Center, I am privileged to work with some incredibly bright, highly capable...
View ArticleA Tribute to Tareq
This past Sunday we lost an extraordinary human being.Tareq Saade perished doing something he loved as his was an adventurous spirit. My heart breaks for his family and his girlfriend Cindy, and as...
View Articletoolsmith: Pen Testing with Pwn Plug
PrerequisitesSheevaplug4GB SD card (needed for installation)Dedicated to the memory of Tareq Saade 1983-2012:This flesh and bone Is just the way that we are tied in But there's no one homeI grieve for...
View ArticleMore Mayhem with Pwn Plug
In my last post regarding Pwn Plug I discussed the features available to those of you who build your own with a Sheevaplug and Pwn Plug Community Edition.Here I'll give you an overview of some of the...
View ArticleMIR-ROR 2.0 released
MIR-ROR 2.0 has been released as the project has benefited from Jon Mark Allen's (ubahmapk) many contributions, giving MIR-ROR some much needed attention. MIR-ROR, or Motile Incident Response - Respond...
View Articletoolsmith: Log Parser Lizard
PrerequisitesWindowsMicrosoft Log Parser 2.2Microsoft.Net 3.5IntroductionAt RSA Conference 2012 I gave a presentation called Evil Through The Lens of Web Logs. This presentation is built on research...
View Articletoolsmith: Buster Sandbox Anayzer
PrerequisitesWindowsSandboxie 3.64 or laterIntroductionOn April 10th, 2012 a new version of Sandboxie was released, and on April 16th so too was a new version of the Buster Sandbox Analyzer which uses...
View ArticleBredolab author jailed, rehash of Bredolab analysis
Just read that the Bredolab botnet author was sentenced to 4 years in prison in Armenia.In July 2010, when Bredolab was in it's heyday I used Netwitness Investigator to do analysis of a...
View Articletoolsmith: Security Investigations with PowerShell
PrerequisitesWindows, ideally Windows 7 or Windows Server 2008 R2 as PowerShell is nativeThere are 32-bit & 64bit versions of PowerShell for Windows XP, Windows Server 2003, Windows Vista and...
View Articletoolsmith: Collective Intelligence Framework
PrerequisitesLinux for server, stable on Debian Lenny and Squeeze, and Ubuntu v10Perl for client (stable), Python client currently unstableIntroductionAs is often the case when plumbing the depths of...
View ArticleMORPHINATOR & cyber maneuver as a defensive tactic
In June I read an outstanding paper from MAJ Scott Applegate, US Army, entitled The Principle of Maneuver in Cyber Operations, written as part of his work at George Mason University.Then yesterday, I...
View Articletoolsmith: NOWASP Mutillidae
PrerequisitesXAMPP is most convenientNOWASP can be configured to run on Linux, Mac, and WindowsIntroductionI’m writing this month’s column fresh on the heels of presenting OWASP Top 10 Tools and...
View Articletoolsmith: SearchDiggity - Dig Before They Do
PrerequisitesWindows .NET FrameworkIntroductionI’ve been conducting quite a bit of open source intelligence gathering (OSINT) recently as part of a variety of engagements and realized I hadn’t...
View ArticleThe replacement security analyst's Top 10
I'm a huge football fan so the depth of my joy at the return of the "real" NFL referees cannot be measured. Given the replacement ref debacle I felt compelled to share a replacement security analyst's...
View Article