Episode273

From Paul's Security Weekly
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
BlackSquirrel
Onapsis

SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here



Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 273 for Thursday January 12th, 2012.

  • Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Wether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being relesaed and talk "Stogie Tech".

Episode Media

MP3 pt 1

MP3 pt 2

Guest Technical Segment: Chris "loganWHD" Hadnagy on Framing

Chris Hadnagy, aka loganWHD focuses on the "human" aspect of technology such as social engineering and physical security. Chris is also the lead developer of Social-Engineer.Org as well as author of the best-selling book Social Engineering: The Art of Human Hacking and has co-authored a ground breaking course on Social Engineering to be given in the UK, Seattle, and Vegas. He's on tonight to give us a taste of one of the topics on the course: Framing in Social Engineering.

Hadnagy.jpg

Chris was last on PaulDotCom in Episode 216, October 2010

Training Info

Registration link

Class Syllabus

  1. What is framing?
  2. Give us some examples of how you use Framing in an SE engagement.
  3. How can you 'teach' framing in a course?
  4. How do you adjust your framing once you dentify the target’s dominant communication style?
  5. For your Social Engineering podcast on Framing, you interviewed Sam Yagan of www.okcupid.com. Do you think statistical analysis is accurate and can be used in Social Engineering? Have you used any of their research in your SE engagements?
  6. What have you learned about Framing and Social Engineering from your course partner, Robin Dreeke?
  7. What was your favorite section of the course?
  8. We've heard there are homework assignments, specifically, getting the brasize of a stranger at the mall in a non-sexual way. Will you do a writeup of the student failures? :)
  9. Is it true students who fail assignments have a make-up assignment that consists of dumpster diving? :)
  10. How do you 'certify' one is a Social Engineer?
  11. Does the FBI conduct any SE training for its agents?

Tech Segment: Using pfSense and an Alix.6F2 For A Wireless Access Point

TIP: For the segment on how we built my pfsense firewall, see this document.

I wanted a new access point. I have stacks of WRT54G series routers, and they are good, but often aren't up to the task. They are low in memory and processing power, and share one single 10/100 Ethernet bus. This limits their usage for things like streaming HD. Can you do it? Sure. My other problem was the WRT54G I had was constantly needing to be power cycled. All my old ones either went to friends and family members, bricked, or are in pieces somewhere. I bought a shiny new Dlink Dir-655, but after about a year it crapped out on me, actually the wireless radio itself died, which turns out to be a common problem. So, I wanted to build something myself out of really good hardware, and use real software like pfsense, and have an access point that would just kick ass.

Hardware List

All hardware for this project came from www.netgate.com:

  1. ALIX.6F2 Kit Black Unassembled - $188 - This kit comes with the board, power supply, CF card, and enclosure.
  2. Atheros WLM54G-HP mini PCI Card, U.FL to RP-SMA pigtails (two), 5.5 dbi rubber duck antennas (two) - $88 - This is the wireless card, with all the fixings!
  3. 2.4 GHz 9 dBi Rubber Duck Omni Antenna RP-SMA - Bigger is better, right? I want to cover my entire house with one 802.11g access point.

Total cost: $305.77

Get pfSense and Install on CF Card

For the embedded version, make sure you get the NanoBSD images.

Important, verify that you are installing the operating system on the correct disk image:

# df -h
Filesystem      Size   Used  Avail Capacity  Mounted on
/dev/disk0s2   465Gi  425Gi   40Gi    92%    /
devfs          185Ki  185Ki    0Bi   100%    /dev
map -hosts       0Bi    0Bi    0Bi   100%    /net
map auto_home    0Bi    0Bi    0Bi   100%    /home
/dev/disk1s1   7.5Gi  805Mi  6.7Gi    11%    /Volumes/AVST

On OS X, for example, the OS disk is "disk0", try not to overwrite that one (even though you'd likely get an error that its already in use, however I did not test that!). Then use the following command to dump the image on the CF card:

# gzcat pfSense-2.0.1-RELEASE-2g-i386-nanobsd.img.gz | dd of=/dev/disk3 bs=16k

Now go get a cup of coffee, it takes a while. Notice I used the image labeled "2g", for 2 gig, which is the size of my card.

Configure an IP address in the Serial Interface

I used OS X for this, and used the following tools:

  1. zTerm - Excellent serial interface software, works well.
  2. Plugable USB to RS-232 DB9 Serial Adapter (Prolific PL2303HX Chipset) - USB serial adapter was $11 on Amazon, handy to have. I had to connect another serial cable to it from some of my old Cisco gear (those connectors should say "Terminal" on them).
  3. Prolific drivers for OS X Lion - I had to get updated drivers to work with the serial adapter that have been updated to work with OS X Lion.

Once you have all that, Follow Mike's instructions located here on setting up the LAN IP address.

Setup the Wifi Interface using the Web UI

Make sure you add the interface on this page by clicking the "+" symbol
Add the LAN and Wifi interface to the same bridge
Set a static IP
Set an SSID and choose your security, I chose "WPA"
More WPA settings
Define your channel settings, choose one not so much in use!
Configure the firewall or the Wifi interface will drop all packets from wireless network to the LAN by default!

Technical Segment: DNSRecon

The current version of DNS Recon is a full re-write of the old tool in python using the Dnspython library. The tool can be found in DNSRecon GitHub and instruction for installing the Python dependencies can be wound in the GitHub Wiki

dnsrecon carlos$ ./dnsrecon.py 
Version: 0.6.0
Usage: dnsrecon.py <options>

Options:
  -h, --help                  Show this help message and exit
  -d, --domain      <domain>  Domain to Target for enumeration.
  -c, --cidr        <range>   CIDR for reverse look-up brute force (range/bitmask).
  -r, --range       <range>   IP Range for reverse look-up brute force (first-last).
  -n, --name_server <name>    Domain server to use, if none is given the SOA of the
                              target will be used
  -D, --dictionary  <file>    Dictionary file of sub-domain and hostnames to use for
                              brute force.
  -t, --type        <types>   Specify the type of enumeration to perform:
                              std      To Enumerate general record types, enumerates.
                                       SOA, NS, A, AAAA, MX and SRV if AXRF on the
                                       NS Servers fail.

                              rvl      To Reverse Look Up a given CIDR IP range.

                              brt      To Brute force Domains and Hosts using a given
                                       dictionary.

                              srv      To Enumerate common SRV Records for a given 

                                       domain.

                              axfr     Test all NS Servers in a domain for misconfigured
                                       zone transfers.

                              goo      Perform Google search for sub-domains and hosts.

                              snoop    To Perform a Cache Snooping against all NS 
                                       servers for a given domain, testing all with
                                       file containing the domains, file given with -D
                                       option.

                              tld      Will remove the TLD of given domain and test against
                                       all TLD's registered in IANA

                              zonewalk Will perform a DNSSEC Zone Walk using NSEC Records.

  -a                          Perform AXFR with the standard enumeration.
  -s                          Perform Reverse Look-up of ipv4 ranges in the SPF Record of the
                              targeted domain with the standard enumeration.
  -g                          Perform Google enumeration with the standard enumeration.
  -w                          Do deep whois record analysis and reverse look-up of IP
                              ranges found thru whois when doing standard query.
  -z                          Perforns a DNSSEC Zone Walk with the standard enumeration.
  --threads          <number> Number of threads to use in Range Reverse Look-up, Forward
                              Look-up Brute force and SRV Record Enumeration
  --lifetime         <number> Time to wait for a server to response to a query.
  --db               <file>   SQLite3 file to save found records.
  --xml              <file>   XML File to save found records.
  --csv              <file>   Comma separated value file.

Doing a standard query for records:

loki:dnsrecon carlos$ ./dnsrecon.py -t std -d pauldotcom.com
[*] Performing General Enumeration of Domain: pauldotcom.com
[-] DNSSEC is not configured for pauldotcom.com
[*]	SOA ns1.pauldotcom.com 209.20.73.195
[*]	NS ns1.pauldotcom.com. 209.20.73.195
[*]	NS ns1.pauldotcom.com. 2001:470:1f0e:98c::2
[*]	NS ns2.pauldotcom.com. 209.20.93.237
[*]	MX ASPMX5.GOOGLEMAIL.com 74.125.157.27
[*]	MX ASPMX.L.GOOGLE.com 74.125.65.27
[*]	MX ALT2.ASPMX.L.GOOGLE.com 173.194.67.26
[*]	MX ASPMX2.GOOGLEMAIL.com 74.125.43.27
[*]	MX ASPMX3.GOOGLEMAIL.com 74.125.127.27
[*]	MX ASPMX4.GOOGLEMAIL.com 209.85.229.27
[*]	A pauldotcom.com 209.20.73.195
[*]	AAAA pauldotcom.com 2001:470:1f0e:98c::2
[*] Enumerating SRV Records
[*]	SRV _jabber._tcp.pauldotcom.com xmpp-server4.l.google.com. 173.194.70.125 5269 0
[*]	SRV _jabber._tcp.pauldotcom.com xmpp-server.l.google.com. 74.125.47.125 5269 0
[*]	SRV _jabber._tcp.pauldotcom.com xmpp-server1.l.google.com. 74.125.113.125 5269 0
[*]	SRV _jabber._tcp.pauldotcom.com xmpp-server2.l.google.com. 209.85.229.125 5269 0
[*]	SRV _jabber._tcp.pauldotcom.com xmpp-server3.l.google.com. 74.125.79.125 5269 0
[*]	SRV _xmpp-server._tcp.pauldotcom.com xmpp-server4.l.google.com. 173.194.70.125 5269 0
[*]	SRV _xmpp-server._tcp.pauldotcom.com xmpp-server.l.google.com. 74.125.47.125 5269 0
[*]	SRV _xmpp-server._tcp.pauldotcom.com xmpp-server1.l.google.com. 74.125.113.125 5269 0
[*]	SRV _xmpp-server._tcp.pauldotcom.com xmpp-server2.l.google.com. 209.85.229.125 5269 0
[*]	SRV _xmpp-server._tcp.pauldotcom.com xmpp-server3.l.google.com. 74.125.79.125 5269 0
[*] 10 Records Found

Expansion of SPF Records:

loki:dnsrecon carlos$ ./dnsrecon.py -t std -d google.com -s
[*] Performing General Enumeration of Domain: google.com
[-] DNSSEC is not configured for google.com
[*]	SOA ns1.google.com 216.239.32.10
[*]	NS ns1.google.com. 216.239.32.10
[*]	NS ns2.google.com. 216.239.34.10
[*]	NS ns3.google.com. 216.239.36.10
[*]	NS ns4.google.com. 216.239.38.10
[*]	MX alt4.aspmx.l.google.com 173.194.69.26	
[*]	MX aspmx.l.google.com 74.125.65.26
[*]	MX alt1.aspmx.l.google.com 74.125.115.27
[*]	MX alt2.aspmx.l.google.com 173.194.67.26
[*]	MX alt3.aspmx.l.google.com 74.125.79.26
[*]	A google.com 74.125.47.147
[*]	A google.com 74.125.47.99
[*]	A google.com 74.125.47.103
[*]	A google.com 74.125.47.104
[*]	A google.com 74.125.47.105
[*]	A google.com 74.125.47.106
[*]	TXT v=spf1 include:_netblocks.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all
[*] Performing Reverse Look-up of SPF ipv4 Ranges
[*] Performing Reverse Lookup from 216.73.93.70 to 216.73.93.73
[*]	PTR thdtironport01.doubleclick.net. 216.73.93.71
[*]	PTR thdtironport02.doubleclick.net. 216.73.93.72
[*]	PTR thdtironport03.doubleclick.net. 216.73.93.73
[*] 3 Records Found
[*] Enumerating SRV Records
[*]	SRV _xmpp-server._tcp.google.com xmpp-server.l.google.com. 74.125.47.125 5269 0
[*]	SRV _xmpp-server._tcp.google.com alt1.xmpp-server.l.google.com. 74.125.47.125 5269 0
...
[*]	SRV _jabber-client._tcp.google.com alt3.xmpp.l.google.com. 2a00:1450:8005::7d 5222 0
[*]	SRV _jabber-client._tcp.google.com alt4.xmpp.l.google.com. 74.125.47.125 5222 0
[*]	SRV _jabber-client._tcp.google.com alt4.xmpp.l.google.com. 2001:4860:8006::7d 5222 0
[*] 30 Records Found

Integrating Whois:

loki:dnsrecon carlos$ ./dnsrecon.py -t std -d google.com -w
[*] Performing General Enumeration of Domain: google.com
[-] DNSSEC is not configured for google.com
[*]	SOA ns1.google.com 216.239.32.10
[*]	NS ns1.google.com. 216.239.32.10
[*]	NS ns2.google.com. 216.239.34.10
...
[*] 30 Records Found
[*] Performing Whois lookup against records found.
[*] The following IP Ranges where found:
[*]	0) 216.239.32.0 - 216.239.63.255 Google Inc.
[*]	1) 173.194.0.0 - 173.194.255.255 Google Inc.
[*]	2) 74.125.0.0 - 74.125.255.255 Google Inc.
[*] What Range do you wish to do a Revers Lookup for?
(number, comma separated list, a for all or n for none) 

Identification of DNSEC Types:

loki:dnsrecon carlos$ ./dnsrecon.py -t std -d nist.gov
[*] Performing General Enumeration of Domain: nist.gov
[*] DNSSEC is configured for nist.gov
[*] DNSKEYs:
[*]	NSEC3 KSk RSASHA1NSEC3SHA1 03010001cc87ad5394d53857e8eef0d7 b95f6c9d5191741299ae9071aa1d69d2 705284e42bb622c902a83f15414870f9 d2bb532f0708b1ea0662951f28761c88 3b7297bdd41731778fe75cf43d8fda2e 00b9efd5cb0572c649bb916fc261a201 2bb9960bd7604c39ad6068b105815dba 2637deaf63e76eb91a024f61f00553f8 29eddd1f162db7b57eee65520ab1a8ae 57566138733d6a68e33d563b94406e34 efad4698b3545077893d8bc206bfd870 363376ac2664af472a6145e2412685c5 59adbf95fb494f1da8bf2bd8850aeda9 aee73b4e0c54f3f5cbb31b13fef7dd5b 5b9b21dddcfe9f0bef048680942cf97a d4e767109a0d36316f969db04dff5588 e9e19485
[*]	NSEC3 ZSK RSASHA1NSEC3SHA1 03010001b5bb1c89e7baa71fabca28c8 966b2c158b8e802176e76fbc8dab04c7 fea29942e7fd1678c73cab38dad3730e 0064ab9d1ef062816bb01b8027b2a346 7360fd23c943fdd7499144250601ae61 86d29838b6bfa18db4c2d1163f41d2b1 fee36223a1874bff0963830e35566fb0 3f41ca5adabc6060e81e756eeb5cf852 5834a77d
[*]	SOA ggm.nist.gov 129.6.18.124
[*]	NS dns-w.boulder.nist.gov. 132.163.4.10
[*]	NS gdnsea.nist.gov. 129.6.13.3
[*]	NS gdnsef.nist.gov. 129.6.13.2
[*]	MX ridley.nist.gov 129.6.13.22
[*]	MX spamav1mx.nist.gov 129.6.13.238
[*]	MX spamav2mx.nist.gov 129.6.13.239
[*]	MX boulderspamav1.boulder.nist.gov 132.163.4.127
[*]	A nist.gov 129.6.13.45
[*] Enumerating SRV Records
[-] No SRV Records Found for nist.gov
[*] 0 Records Found

Metasploit plugin:

loki:dnsrecon carlos$ ./dnsrecon.py -t std -d pauldotcom.com --xml pauldotcom.xml
[*] Performing General Enumeration of Domain: pauldotcom.com
[-] DNSSEC is not configured for pauldotcom.com
[*]	SOA ns1.pauldotcom.com 209.20.73.195
[*]	NS ns1.pauldotcom.com. 209.20.73.195
[*]	NS ns1.pauldotcom.com. 2001:470:1f0e:98c::2
[*]	NS ns2.pauldotcom.com. 209.20.93.237
[*]	MX ASPMX4.GOOGLEMAIL.com 209.85.229.27
[*]	MX ASPMX5.GOOGLEMAIL.com 74.125.157.27
[*]	MX ASPMX.L.GOOGLE.com 74.125.45.26
[*]	MX ALT2.ASPMX.L.GOOGLE.com 173.194.67.27
[*]	MX ASPMX2.GOOGLEMAIL.com 74.125.43.27
[*]	MX ASPMX3.GOOGLEMAIL.com 74.125.127.27
[*]	A pauldotcom.com 209.20.73.195
[*]	AAAA pauldotcom.com 2001:470:1f0e:98c::2
[*] Enumerating SRV Records
[*]	SRV _jabber._tcp.pauldotcom.com xmpp-server3.l.google.com. 74.125.79.125 5269 0
[*]	SRV _jabber._tcp.pauldotcom.com xmpp-server4.l.google.com. 173.194.70.125 5269 0
[*]	SRV _jabber._tcp.pauldotcom.com xmpp-server.l.google.com. 74.125.159.125 5269 0
[*]	SRV _jabber._tcp.pauldotcom.com xmpp-server1.l.google.com. 74.125.113.125 5269 0
[*]	SRV _jabber._tcp.pauldotcom.com xmpp-server2.l.google.com. 209.85.229.125 5269 0
[*]	SRV _xmpp-server._tcp.pauldotcom.com xmpp-server3.l.google.com. 74.125.79.125 5269 0
[*]	SRV _xmpp-server._tcp.pauldotcom.com xmpp-server4.l.google.com. 173.194.70.125 5269 0
[*]	SRV _xmpp-server._tcp.pauldotcom.com xmpp-server.l.google.com. 74.125.159.125 5269 0
[*]	SRV _xmpp-server._tcp.pauldotcom.com xmpp-server1.l.google.com. 74.125.113.125 5269 0
[*]	SRV _xmpp-server._tcp.pauldotcom.com xmpp-server2.l.google.com. 209.85.229.125 5269 0
[*] 10 Records Found
[*] Saving records to XML file: pauldotcom.xml

loki:dnsrecon carlos$ msfconsole 

...

msf > load dnsr_import
[*] dnsr_import plugin loaded.
[*] Successfully loaded plugin: dnsr_import
msf > import_dnsrecon_xml -h
OPTIONS:

    -f <opt>  XML file to import.
    -h        Command Help


msf > import_dnsrecon_xml -f /Users/carlos/Development/dnsrecon/pauldotcom.xml
[+] Importing host 209.20.73.195
[+] Importing service dns for host 209.20.73.195
[+] Importing host 209.20.73.195
[+] Importing service dns for host 209.20.73.195
[+] Importing host 2001:470:1f0e:98c::2
[+] Importing service dns for host 2001:470:1f0e:98c::2
[+] Importing host 209.20.93.237
[+] Importing service dns for host 209.20.93.237
[+] Importing host 209.85.229.27
[+] Importing service smtp for host 209.85.229.27
[+] Importing host 74.125.157.27
[+] Importing service smtp for host 74.125.157.27
...
[+] Importing host 74.125.159.125
[+] Importing service xmpp-server for host 74.125.159.125
[+] Importing host 74.125.113.125
[+] Importing service xmpp-server for host 74.125.113.125
[+] Importing host 209.85.229.125
[+] Importing service xmpp-server for host 209.85.229.125
msf > hosts 
Hosts
=====

address               mac  name  os_name  os_flavor  os_sp  purpose  info  comments
-------               ---  ----  -------  ---------  -----  -------  ----  --------
74.125.43.27                                                               
74.125.45.26                                                               
74.125.79.125                                                              
74.125.113.125                                                             
74.125.127.27                                                              
74.125.157.27                                                              
74.125.159.125                                                             
173.194.67.27                                                              
173.194.70.125                                                             
209.20.73.195                                                              
209.20.93.237                                                              
209.85.229.27                                                              
209.85.229.125                                                             
2001:470:1f0e:98c::2                                                       
	
msf > services 	

Services
========

host                  port  proto  name         state  info
----                  ----  -----  ----         -----  ----
74.125.43.27          25    tcp    smtp         open   
74.125.45.26          25    tcp    smtp         open   
74.125.79.125         5269  tcp    xmpp-server  open   
74.125.113.125        5269  tcp    xmpp-server  open   
74.125.127.27         25    tcp    smtp         open   
74.125.157.27         25    tcp    smtp         open   
74.125.159.125        5269  tcp    xmpp-server  open   
173.194.67.27         25    tcp    smtp         open   
173.194.70.125        5269  tcp    xmpp-server  open   
209.20.73.195         53    udp    dns          open   
209.20.93.237         53    udp    dns          open   
209.85.229.27         25    tcp    smtp         open   
209.85.229.125        5269  tcp    xmpp-server  open   
2001:470:1f0e:98c::2  53    udp    dns          open

Paul's Stories

  1. Flying the Fraudster Skies - So for all of you "cyber criminals" out there, or maybe even just regular criminals (are they like non-cyber crimanls or analog criminals?). Anyway, you can get a plane ticket by proxy and travel as someone else, if you're into that sorta thing.
  2. How Come My Blog/Podcast Wasnt Nominated? - I had this whole thing about this for the show, but Alan summed it up. If you have a security related blog or podcast, you can vote, so get out and vote! If your favorite blog or podcast is not listed, you can write in on certain nominations, or just email Alan directly.
  3. Best Book Bejtlich Read in 2011 - I always make it a point to go out and get this book and read it, as every year its usually really good.
  4. An example of likejacking (Facebook clickjacking) - If you enclose your clickjacking in a circle, is it "circleclickjacking"? I hate the Facebook like feature, its for lazy people who don't want to think of something to type. In any case, attackers are using it, to, well, jack your likes.
  5. Google Renews Push Into China - Remember how this started APT? Okay, after you drink, think about all those people that are like "oh well Google should pull out of China". Yea right, this is business, and Google is back in business in China, because business decisions based on the fact that China is one of the strongest world economies usually win, even if you did get pwned.
  6. [Honeypot Alert Extensive ‘setup.php Scanning Detected] - Some people are scanning for setup.php. Its a good scanning strategy as most CMS will have a setup page. And likely you will be able to log into it with a stupid username and password or SQLi vulnerability. This means you can change content on the web site, which means you can plant malware, and, so on.
  7. Show me your SSID’s - Neat little script that looks for SSIDs and counts the packets, script included!
  8. How a Baptist pastor in Florida became the go-to IT guy - Gotta be one of the hardest jobs on the planet, IT security for a small shop. You'll need more than awing and praryer, how about some MS small business software and a cloud? What's wrong with this picture? I believe that folks in this situation have some short-term wins, but in the long run the attackers are victorious.
  9. Robot Makers Not Thrilled To Be Stuck Next To Justin Bieber ≈ Packet Storm - The worst part is, he's stuck next to Justin Beiber. The best part is, he tried to navigate his robot over the the Beib, and it was removed by security, I hope he got it back :)
  10. Apple To RIM Indian Backdoor? - I'm really confused about this story.

Larry's Stories

  1. You know what really grinds my gears? - [Larry] - Not truly security related, but I think that the response from Stratfor was , well, strained. They claim that Anonymous is creating censorship, some of that based on the fact that there is no accountability on the internet. Hrm, no accountability. I seem to recall hearing several raids and arrests. I'd also argue that the lack of accountability goes both ways. I mean who was holding Stratfor accountable for having poor security and cleartext CC numbers? Discuss.
  2. Social Engineering on the rise - [Larry] - yeah, no kidding. Why, oft times we find that the internal network is still of the very chewy variety. Best way to get there? Have some code you want there? The human is the last frontier, weakest link and I'd argue, the hardest to secure.
  3. Hacking SCADA going mainstream? - [Larry] - In a politically motivated event, Anonymous publishes IP addresses and login details for Israeli SCADA systems after being branded as terrorists. My argument is that is Anonymous can do it, it has hit the big time.
  4. Shark? We jumped that shit. - [Larry] - Oh, that module that you use to prevent XSS, due to a flaw ALLOWS XSS. Ugh.
  5. Koobface OSINT - [Larry] - Dancho Danchev puts together the pieces to identify the alleged Koobface author. How? The author got sloppy and registered a domain with a phone number used elsewhere in ads for kittens and a BMW for sale. It just goes to show, if you don't want to get caught you need to be meticulous. It also proves that there is no such thing as a perfect crime.

Jack's Stories

  1. p0f Lives! Michal Zalewski (aka lcamtuf) has resurrected p0f, the passive fingerprinting tool.
  2. Merchant fights back against PCI Restaurant owners fed up with US bank, and are fighting back. Good luck!