Back in the Saddle

After a whirlwind of events, new position, major certifications, taking on a role with SANS as a mentor I am back on the horse again.  My goal being a daily post regarding somethign happening in the security industry or something that I have seen that interests me and might be of value to you.  Ulitmately though getting back on the blog was due to a good friends kick in the butt (we all need those right).  The Security Officer with the State of Alaska Department of Health gently reminded me that he checks this out daily.  So thanks THOR!

My Apologies

I haven’t posted in  and I have gotten some flack. Between several major changes this has been put on the back burner.  I am now back in the saddle though.  I have changed roles at WWT where I have been for over a year.  They have moved me into the Consulting Systems Engineering role.  This has been a huge change, exciting and intense.

On the security front, I went down to LA last weekend and took my CISSP.  It is pretty much what everyone everywhere has said.  Not very deep but incredibly wide.  Also many of the questions are poorly worded.  I believe I passed but won’t find out for another week or two.  I would be happy to answer questions in a broad sense if anyone has any on the CISSP.

Additionally outside of the security realm I will be tackling both the NetApp ASAP and VMWare exams here this month.

Finally in working on my GIAC GOLD paper for the Incident Handler branch I am trying to get a copy of the COFEE program from Microsoft.  If I can get it I will definitely complete a write up on it.

Forensics for Free

Helix is already out on the market in the free world.  This looks interesting though.  I am hoping to take it for a spin this weekend.

Apparently some students at Edith Cowan University’s School of Computing and Information Sciences in Australia have developed a Linux-based tool to help collect cyber evidence without compromising its integrity.  The idea arose after the Western Australian Police asked the University for help two years ago.

Read the rest of this entry »

Thwart Windows Authentication through Firewire

Adam Boileau (Metlstorm) has released a script (winlockpwn) written in Python, which allows a device running Linux to be connected to the FireWire port of a target workstation running Windows XP to get full read/write memory access and bypass Windows authentication. He demonstrated the tool in 2006, but didn’t release it until a few days ago. And this type of attack is also apparently effective against other OSes such Linux and OS X. And if the device doesn’t have a FireWire port, you’re not necessarily out of luck. If it has a slot for a PCMCIA card, a PCMCIA FireWire card will do the trick. And if you don’t have Linux on your laptop, just run your favorite Linux Live CD distro and grab the winlockpwn code and go.

Read the rest of this entry »

FREE: you can’t beat that - SANS Vulnerability Assessment Webinar

Dr. Eric Cole the author of Security 401: SANS Security Essentials, is providing an extracted 30 minute module on Vulnerability Assessment from Security 401. Dr. Cole believes that this will help you to improve the security of your organization. SANS is making this segment available through SANS OnDemand at no cost. Give it a try at
http://www.sans.org/info/25398

As a SANS student and participant in one of Dr. Cole’s classes I am sure that it will be worth while.  Besides you can’t beat free.