Aug 042012
 

See the Security Bsides Atlanta talk (when it gets posted) at http://www.securitybsides.com/w/page/58266249/BSidesATL-2012.  Powerpoint slides can be found here.

The people over at PwnieExpress are coming out with a neat device called the Power Pwn.  This device follows up on the Pwn Plug and the PwnPhone (Nokia N900). With my experience as a penetration tester and junior hardware hacker I’ve been working on my own “pwn” hardware. I have a Nokia N810 as well as an Alix 6f2 (PCEngines.ch). I purchased an APC BE650R Battery Backup Power Strip off of Ebay and gutted the inside to fit the Alix board. I integrated the Alix connectors for the serial, ethernet, and external antenna connectors with the existing APC coax, rj45, and rj50 ports. The setup has an internal Xpal portable netbook charger that can run the Alix board for over 4 hours.  However, the main power to the board is integrated with the APC power strip.  Plugging in the APC will run power to the Xpal battery which in turn powers the Alix.  Four of the eight plugs on the APC are also functional.  I created a simple DB9 to RJ45 adapter for the serial connection so I can properly configure the device before use.  Since the Xpal battery powers it for 4 hours I have plenty of time to get it configured and to its final pwnage destination.  I didn’t take any photos of the gutting of the APC but it involved a lot of dremel, plastic nipper, and xacto knife work.  I do have photos of everything fitting together.  The only missing item is the internal RP-SMA to female F pigtails.  But as you can see in the photos you can fit some rubber duck antennas inside the APC with no problems.  Also, the best part about the Alix 6f2 is that you can add a mini-pci express GSM card for out of band cellular access to the device.  You don’t see the card installed on the Alix in the pictures.  I currently have the card in a Mini PCI-E WWAN to USB Adapter for testing.

The software I run on the PCEngines Alix is Debian-for-Alix where I contributed to the wiki with instructions on how to install all the tools.
Continue reading »

Feb 292012
 

Compile Nmap for Android

This tutorial will show you how to compile the latest version of Nmap for your Android device starting with a standard Ubuntu install. I will offer instructions on how to obtain two versions of compiler that I’ve had success compiling software for Android. I will show the Android NDK and the free Lite ARM compiler from Mentor (formally Code Sorcery). Hopefully you can take this instruction to try and compile other tools for Android.

The build environment and instructions come from an auditor with strong technical skills but somebody who is not a programmer or developer so hopefully my view point can help other individuals who are also not developers. I’ve built cross-compile environments for Openwrt, Nokia Maemo, Familiar Linux (iPaq) in the past but always from piecing together instructions from multiple Google queries and forum searches. I’m creating this document so it will be helpful for somebody’s future Google search.
Continue reading »

Sep 192011
 

I’m now providing an updated Linux Penetration Testing Laptop Setup document to help install popular and useful vulnerability assessment tools for the Linux operating system. You can go and obtain Backtrack but I feel that you will have more understanding of the tools and Linux in general if you install the tools yourself. You will also have the most current version available. See Configuration Tutorials for the latest document.

Mar 302011
 

I’m now providing an updated Linux Penetration Testing Laptop Setup document to help install popular and useful vulnerability assessment tools for the Linux operating system. You can go and obtain Backtrack but I feel that you will have more understanding of the tools and Linux in general if you install the tools yourself. You will also have the most current version available. See Configuration Tutorials for the latest document.

Update:  The latest version is now v4 on Ubuntu 11.4 Natty Narhwal.

Mar 102010
 

I’ve created an updated configuration tutorial for setting up your Linux laptop to conduct system and network audits.  This version details how to get everything up and running on the latest Ubuntu currently at version 10.04 LTS (Lucid Lynx).  See the Configuration Tutorials to download the latest pdf document (currently at version 3).

Dec 022008
 

Core Technologies hosted a series of three webcasts called Penetration Testing Ninjitsu by Ed Skoudis (http://www.coresecurity.com/content/webcast-series-with-sans).  I highly recommend listening to these web casts and downloading the slides for your reference.  I’m including the commands extracted from the slides that can be very useful for a penetration test.
Continue reading »