Tuesday, July 23, 2013

VMware Player Lab Installation Instructions

I recently had the opportunity to attend a course on Comprehensive Cyberterrorism Defense . At the end of the course, our instructor told us that we could take the virtual machines that we had been using with us and integrate them into our own lab.

I work with both VMware Workstation and Virtual Box so this was exciting news. I am writing this so that others who need to know how to import virtual machines into VMware Player can follow along.


VMware Player Lab Installation Instructions
  1. Download and install VMware Player
  2. Locate the Virtual Machines to install (Currently in C:\CyberSecurity\CCD Virtual Machines)
  3. Open the VMware Player application.
  4. Select "Open a Virtual machine" *
  5. Browse to the VM image. (i.e.: C:\CyberSecurity\CCD Virtual Machines\WXP\WXP.vmx) then click "Open". The virtual machine will be added to the player and you will be asked where the VM image came from. Answer, "I copied it."




  6. When prompted, download and install the "VMware Tools for Windows 2000 and later" and/or the "VMware Tools for Linux" add-on package(s).


  7. Configuring the Virtual Machine(s) Network
  8. In the VMware Player, right click on a virtual machine, and then select “Virtual Machine Settings…”
  9. Select “Network Adapter” in the left pane, then click the “Host-only” radio button on the right under network connection”



  10. Repeat Steps 5–8 for each subsequent virtual machine that will be imported

  11. Running the Virtual Machines **

  12. To run the virtual machine(s), double-click on the VMware Player.
  13. Next, ensure that that the Network Adapters are set for “host-only” before starting them
  14. Right-click on the virtual machine
  15. Select “Virtual machine Settings…”, then click the “Host-only” radio button on the right under “Network connection”

  16. Finally, select the virtual machine, the click the “Start” button to boot the VM.


  17.  

  18. When running, the virtual machines will obtain a 192.168.206.x IP address from the VMware DHCP Windows service on the host OS.


  19. If no IP address or an APIPA address is obtained:
    • Check to ensure if the VMware HCP service is running
    • Check to ensure that the “Host-only” option is enabled for the VM




* Due to an issue with long-mode support on Windows 7, any virtual machine installed will not be able to run 64-bit code, however this should not affect any lab work.
** Steps 10-12 will need to be repeated for EACH virtual machine that you need to run.




Thursday, October 18, 2012

SkyDogCon is almost here!

Wow, I can't believe that it's already time for SkyDogCon. It seems like DerbyCon was just here. Well, I guess that it was, but I haven't had time to post anything from it yet.

Anyway, SkyDogCon is only 7 days away and we just secured our tickets. The conference which if from October 26-October 28th  states "SkyDogCon is a technology conference held annually in Nashville, TN. It is for the individual with the Renaissance Mind. 

It mixes Hacking and Making with a healthy dose of technology. SkyDogCon exists to facilitate learning, information sharing and mingling with like-minded people in a relaxed atmosphere."

Regarding the host, if you've never met SkyDog, he is a great guy and is the real deal. I've had the pleasure of meeting him way back at another conference for which he was involved, and got a chance to speak with him again in Louisville at DerbyCon this year.

SkyDog brings the best of what people like in other hacker/security cons and leaves out the "stuff" that don't seem to work.

In looking at the speakers and events that are linked up, this looks to be a great con.

See everyone there!


Wednesday, September 26, 2012

DerbyCon Countdown!

Countdown... T-minus 1 day and counting...

Ok, it's Wednesday and I am in full DerbyCon mode. If this years convention is anything like last years, it's going to be an awesome time.

The speakers lined up for this year look pretty cool, which in itself creates a problem, but a good one... which talks to go to.

Anyway, between the talks and events, like the movie Reboot screening this year looks to surpass last years con.
 

Monday, September 24, 2012

Nashvilel InfoSec 2012 Capture The Flag

This past September 13th saw the culmination of all of our hard work pay off as my colleagues and I put on our (and Nashville InfoSec's) 2nd Capture the Flag challenge.

This years challenge differed from last years in that there were no servers to attack, but instead, a series of 13 challenges was developed for the attendees to tackle. Of the 13 challenges, 8 were downloadable (below in green) for the conference attendees to take with them so that they could attend other talks and still work on the them.

The challenges, which covered different types of hacking were:

Challenge 1 (Flag Ridden App)           Web Application / Database
Challenge 2 (ModifyMe)                      Reverse Engineering
Challenge 3 (DiabloMania)                  Network Forensics
Challenge 4 (User Reports)                  Web Application / Database
Challenge 5 (Jurassic Park)                  Obfuscation / Data Forensics
Challenge 6 (TheScrambler)                 Reverse Engineering
Challenge 7 (File Reader)                     Web Application
Challenge 8 (War of Information)        Obfuscation / Encryption Tools
Challenge 9 (Not Authorized)              Web Application / Encryption Tools
Challenge 10 (The View)                     Web Application
Challenge 11 (What's your status?)      Network Forensics
Challenge 12 (Thoreau)                        Obfuscation
Challenge 13 (Rick Roll)                      Obfuscation



Most of the participants in the challenge (including 2 teams sent by CHS) stayed in the CTF room throughout the conference, each team battling it out for the top spot.

At the end of the day, a team, TABC, which was made up of individuals without a team came in first place.

All in all, from all of the feedback that we received, this was a great day. Everyone had fun and seemed to really enjoy the CTF.

Thursday, September 6, 2012

Nashville InfoSec CTF 2012

This year marks the second year that a few colleagues and myself will be hosting a Capture the Flag (CTF) competition at this year's Nashville InfoSec.


WHAT: Capture The Flag

WHEN: Thursday, September 13, 2012 during InfoSec 2012 conference. You must be registered to attend the conference to participate in Capture the Flag.

TIME: Capture the Flag will begin after the Morning Keynote Speaker (aprox 10am) and will end at 4pm. You will be able to attend the evening Keynote speaker session. The lunch break will coincide with conference lunch time, however those who wish to keep working may work through lunch. Team members can come and go as they please, but the timer will run continuously.

TEAMS: 4 persons per team max. You can register as a team or as an individual who will be assigned to a team. There will be a total of 10 teams max.

ABOUT: The Nashville InfoSec Capture The Flag (CTF) competition is a contest designed to test a teams’ knowledge and skill in a variety of areas related to information security, including areas of web application security, cryptography, system exploitation, reverse engineering andnetwork analysis and forensics.

Throughout the game, ten teams of up to four members will probe, attack and solve offensive security challenges using skill, cunning and widely-available free tools. Points are awarded to teams based  upon the difficulty of the challenge that was needed to capture that particular flag. The winning team will be the one having the most points at the end of the competition.
Teams will be scored based upon a weighted point system. Points are awarded based upon the level of difficulty that was needed to capturing that particular flag.

PRIZES: First Place Trophy and prizes will be awarded during the reception/ prize drawing at the end of the conference.

Email chris.centore@tn.gov, steve.swann@tn.gov or george.romano@tn.gov with any questions concerning the event.

Monday, August 6, 2012

Is Demonoid Dead?

Demonoid, a website and BitTorrent tracker was shut down on August 6th, 2012 by Ukrainian authorities. Demonoid, in it's latest incarnation was hosted out of Ukraine's largest data center ColoCall. TorrentFreak reported that "A source in the country’s Interior Ministry says that the action was scheduled to coincide with Deputy Prime Minister Valery Khoroshkovsky’s trip to the United States." What the connection is aside from trying to cooperate with US authorities is unknown.

The service's troubles go back to 2007 when it was hosted in Canada and was inundated with cease and desist orders. It experienced trouble over the next several years culminating with a DDoS attack from about July 27th onward. In early August, the site started redirecting unsuspecting users to malware sites.

According to TorrentFreak, the current administrator of the site stated "I don't plan on shutting down, but if Im going to fix it I have to do it properly,... That means upgrading a lot of our 7 year old hardware and maybe bringing up the beta only. You know how it goes with demonoid. It might take a while but it will come back."

There are numerous heated debates on both sides of the aisle, but all this being said, what are your thoughts on the service? Is it a rights issue? What about the RIAA and CRIA?

Wednesday, February 22, 2012

So long, Scroogle...

Well, It looks like it's finally happened. The site that many people rely on for anonymous web searching, Scroogle has been taken offline. While I have been wondering about Scroogle's future for sometime due to Google intermittently blocking the Scroogle Scraper servers.

According to Scroogle's founder, Daniel Brandt, the site was a constant target of around-the-clock Denial of Service attacks and as a result it, along with Mr. Brandt's other domains, were simply just taken permanently offline.


What was Scroogle?
Scroogle.org, not to be confused with Scroogle.com, a pornography site, was a web service developed by Daniel Brandt. It was a Google scraper that allowed people to search Google anonymously. It essentially acted as a proxy for Google searches, so your IP address, any search terms used and other search information that is usually recorded by Google about your searches was anonymized through the system.
 
Scroogle also deleted all of their logs and cookies on their servers within 48 hours in order to provide better privacy for it's users.

What's wrong with Google?
Nothing per se, if you know what you are getting into. Google places a cookie to track a person's search history, on each registered user's computer. While this is not something new, this cookie is good for 18 months and is renewed whenever a Google service, such as Gmail is used.

Google also aggregates search data by IP address, storing its data for 9 months. This stored search data is a collective cornucopia of information which could be used to assist in targeting advertising as well as other marking purposes. While on the surface, this type of activity does not seem to be malicious, the potential power of this type of aggregate data to profile individuals is concerning to privacy advocates, who fear that it may be used by law enforcement, government agencies, or other entities for nefarious purposes.
 
Other reasons that people elected not to use Google included marketing, tourism and legal professionals who needed to have unbiased search results appear when performing research for their services.

What are alternatives?

Since Scroogle is permanently offline, there exist other search alternatives to keep your privacy intact. A few of these are below:

PageWash
Duck, Duck, Go
Google Encrypted Search