iPHONE Apps for Information Security: article 201003

I have had the iPhone 3G for a little over a 1/2 a year now and in that time have accumulated some apps that could come in handy for the InfoSec Engineer / Analyst. In this write up I quickly describe one of my two folders of tools.

Screen shot 1:


RBL Status: A nice look up tool to see if a domain is on any one of 13 Black List services.

Nice Trace: A handy little trace route tool that constantly updates connection times to each hop; results can be emailed.

Scanner: A handy little tool that will automatically scan the network your device is connected and report back any other hosts it finds.

Scany: The closest to NMAP I could find. This is great little enumeration tool for open ports on systems.

Deep Whois: A great WHOIS lookup tool enumerate more info on a FQDN.

Base 2 Converter: Decimal to and from Binary conversion and ASCII to and From Binary conversion. This little tool comes in handy when I perform analysis and need help with data normalization.

ASCII2BIN: More conversion options than Base 2; HEX and Octal conversions too.

iRegex: Regex tool that verifies your expression for you and then you can email it off to cut and paste if needed. Handles POSIX and PCRE.

PING: The name speaks for itself but this tool also pings a subnet, performs traceroute, and telnet.

CP HexCalc: Calculator and converter for HEX, DEC, BIN, and OCT.

Subnet Calc: A nice calculator for carving up subnets.

RDP: A bear to use on the iPhone because of the screen size but does work in a pinch.

Folder 2 tools coming soon.

Penetration Testing Debate: Security Controls On or Off: article 201002

Take away: Topics: To turn off security measures for a penetration test or not.

I have just started the SANS 560 course Network Penetration Testing and Ethical Hacking and the initial reading brought some topics back to mind.
I have discussed and seen debates on such sites as Linkedin.com that covers the topic of whether or not to turn off security controls during a penetration test. My stance is against turning off such controls. If the security controls block such attacks doesn't that equate to a successful test of your security? I have heard and seen arguments against this such as, what if there is ever a misconfiguration and the attacker gets past the first levels of defense. To that my answer is; that is the purpose of change control, audit, and future testing. Organizations should not just test once and then feel pacified indefinitely. The amount and recurrence of change in an organization should dictate how often Pen Tests occur. At the least they should be once a year even if changes have not been made new found vulnerabilities could have developed in the systems used.

.

First virus removal of 2010: article 201001

Sitting at a friends computer trying to install McAfee right now so I figure I will jot down some notes about this virus removal.

When I arrived the virus had changed their desktop wall paper to a nasty lime green and red warning that that there system was infected. Pop ups were also being presented repeatedly that their system was infected a provided a link to install an AV program to have it removed.

I went to run McAfee but it was no where to be found. Instead bit defender showed available yet Bit Defender had never been installed.

I tried to run the system restore exec (rstrui.exe) but was told the executable was infected. I put a clean system restore executable on the computer and tried to run it but a message popped up saying it too had become infected.

I then ran rstrui.exe from a read only thumb drive; again I was told the file was infected. How could that be? I renamed the file to 1rstrui.exe and boom goes the dynamite. I restored the system to 2 weeks back installed multiple AV programs and root kit detectors and all came back clean.

Now I am always suspicious that a machine could be infected since encryption, polymorphism and zero days do exist but all apears fine now.

- Posted using BlogPress from my iPhone