Recent
Writing reports – Oh noes!
Report writing has a bad reputation, every one seems to hate writing them and believe it to be the anticlimax of the assessment process. I haven’t been writing reports for very long, the reports that I have written I have enjoyed, no doubt in time the novelty will wear off and I will grow to hate them too. There are however lessons that I have learnt in my short report writing experience which I believe could have made my report writing that little bit easier and less time consuming. Those lessons I am going to share with you and if your just starting out in your report writing duties hopefully these can help you too. Or if your a report writing guru share your tips with me! The reports I have written are mainly web application assessments so I will concentrate on those.
Ethical Hacking / Security University Degrees UK
One of the most popular posts on my blog is the Guest post: Current Available UK Degrees by 1337speak in April last year. I have decided to update the list as to keep the information up to date.
You who know me will know that I my self am enrolled on one of these University courses. I believe that if your starting out in security and want to make a career out of it this may be the best place to start. For me the course has done wonders, not only in what I have learnt however the people I’ve met and the drive it has given me to succeed in my chosen career.
SecurityPodcasts Boxee App
What is Boxee?
Boxee is the best way to enjoy entertainment from the Internet and computer on your TV
Boxee allows you to develop ‘Apps’ which are basically XML files which grab RSS feeds. These Apps can be installed through remote repositorys. To truncate and combine all the security podcasts I used Yahoo! Pipes.
Dionaea – Low interaction honeypot
After running Glastopf (Glastopf – Web Application Honeypot) for a few days and not getting any hits, I was a bit disappointed. I speculate that maybe you need to give web application honeypots more time to propagate across the Internet and get picked up by search engines to receive any significant hits, or even give the honeypot its own domain name. From my earlier post you will notice that I had tried to get Dionaea to run first.
Markus the lead developer of Dionaea got in contact after he read my post and saw that I was having trouble getting it running. It turned out to be a complete fail on my part, after following the instructions on the Dionaea homepage, Dionaea installed perfectly fine, it was just a case of me not knowing how to run it properly.
What is Dionaea?
Dionaea is meant to be a nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls
Dionaea intention is to trap malware exploiting vulnerabilities exposed by services offerd to a network, the ultimate goal is gaining a copy of the malware.
Glastopf – Web Application Honeypot
I bought an old battered PC over the weekend with the goal of installing a honeypot. I had never installed a honeypot before so wasn’t quite sure what to expect. At first I decided on Dionaea the succsesor to Nepenthes, I had heard great things about Nepenthes from a friend of mine (Infosanity). After going through the installation process, I couldn’t get Dionaea to ‘make’ with the right Python version detected (> 3.0), after about an hour of playing around I decided to give Glastopf a try.
