Tuesday, December 27, 2005

2 remarkable LiveCDs

I've had recent occasion to utilize two very different, yet equally excellent LiveCDs.
The first is the ZoneCD from Public IP: http://www.publicip.net/zonecd/download.php
"The ZoneCD is a bootable CD with a collection of GNU/Linux software pre-configured to create a WiFi gateway with automatic hardware detection, and support for many graphics cards, sound cards and other peripherals. The gateway includes support for WiFi end-user authentication and web content filtering."
I recently deployed it as a temporary controller of sorts for use as a public hotspot where a splash page and "click to consent" is required. Truly excellent functionality.
The second LiveCD that impressed me to no end recently is e-fense's Helix 1.7, offering incident response, electronic discovery, and computer forensics.
"Helix has been modified very carefully to NOT touch the host computer in any way and it is forensically sound. Helix will not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics."
If you have a need for these features but no budget for commercial products like EnCase, consider downloading this iso immediately.

Monday, December 19, 2005

Why run IIS on Windows XP?

http://ingehenriksen.blogspot.com discovered a Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit on Friday the 16th.
This lends to the debate whether or not a webserver on a desktop PC is a good idea. Obviously, developers have a strong opinion here, so consider the following: run IIS as localhost only, use Windows Firewall to block all web ports, and disable SMTP and Front Page extensions. Disabling Front Page extensions will prevent the above exploit even if the Windows Firewall is off.

Toolsmith #126: Adversary hunting with SOF-ELK

As we celebrate Independence Day, I'm reminded that we honor what was, of course, an armed conflict. Today's realities, when we th...