Binrev Financier
  • Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About mstanley

  • Rank
    SUP3R 31337 P1MP
  • Birthday 01/01/1962

Contact Methods

  • MSN
  • Website URL

Profile Information

  • Interests
    Hacking, electronic/embedded development, physics, science, Stargate SG1, Stargate Atlantis, reading, HOPE, Lehigh Valley LUG, TLLTS, LUG Radio, wearable computing.
  • Location
    Think Heisenberg uncertainty principle.
  1. You could start off by trying to use 'debug' from the command line in Windows. It's still there in XP: H:\>debug /? Runs Debug, a program testing and editing tool. DEBUG [[drive:][path]filename [testfile-parameters]] [drive:][path]filename Specifies the file you want to test. testfile-parameters Specifies command-line information require the file you want to test. After Debug starts, type ? to display a list of debugging commands.
  2. Actually, your Linux already runs a server called SSH. You seem to know some networking so if you try searching for "ssh proxy" or "socks proxy" for Linux then you should get your answer. But you shouldn't have to do anything to your Linux server to make it work unless you want to change some security settings to allow root to login. The next thing to do is to search for "Putty", a Windows SSH client for setting up the Socks 5 proxy, to tunnel from your laptop to your Linux server. There are many tutorials on doing this very thing.
  3. Reading hex data is really hard if you know what you are doing and damn near impossible if you don't. Here's a link to Reverse Engineering Resources. It seems to be a good start for helping to identify the contents of a file and maybe a way to make it more readable. Other terms to search for: reverse compiler or decompiler
  4. Hm, I had a particular article in mind but when I googled the following: creating a bot it returned so many interesting hits that I couldn't pick just one.
  5. Reverse engineering firmware is not the easiest thing to get into. However, getting your hands on a copy is usually pretty easy. For example, I own a Linksys router that has an upgradeable firmware. Usually, you download the firmware file to your system, log into the router and then tell the router where to find the file. Well, to reverse engineer it you simply take the copy you downloaded and open it up with your handy hex editor. You can convert hex, right? Anyway, to learn more about electronics, firmware (embedded development) and the tools you will need try The Bare Bones Board. It will cost you $15.92 and about 6 months of your life to develop an understanding of what it means to work with hardware programmers and the cable you were asking about.
  6. This seemed the most appropriate old-post to reopen. Net Neutrality - We're screwed Net neutrality, the kind your ISP wants which is anything but, will be the end of the internet. I make that claim based on the idea that once this form of net neutrality becomes reality then your ISP will decide which protocols will get priority treatment. So imagine trying to bittorrent/telnet/ssh a file and suppose that your ISP does not throttle it. Well, you still need to get across the backbone carrier and possibly the ISP of the server at the other end. That's three networks that all have to agree not to throttle bittorrent/telnet/ssh in order for you to get a decent speed or even just a connection. Understand too, that the problem will only get worse when you have to traverse multiple ISP's. The reason they want this is so your ISP can charge for 'priority' traffic but in order for them to guarantee that priority you will have to stay completely within the bounds of their network. Otherwise they will need to have agreements with *every* other ISP in the nation and that would be expensive in the extreme. So welcome to the world of monopoly ISP's. AOL is dead! Long live COMCAST!
  7. Here's a quote and link for an O'Reilly book called SQL Server Forensic Analysis by Kevvie Fowler expected to be published Dec. 2008. Helix distribution, a bootable and run-time live environment, includes WFT, COFEE, FRED, IRCR toolkits as well as other forensics and incident response related tools that allows you to select one or more of these toolkits for use in a given forensic scenario. The original article that I read on Digg explained the acronym, COFEE, and from there I went searching. The first real lead I got was the link above. It seems it might have been a red herring. And I just now loaded up Helix on my Windows machine and I see WFT, FRU, IRCR2 and Nigilant32 but no COFEE. So now I'm wondering why a prospective book would have that reference. Unless a new version of Helix will contain COFEE? Hmm, the results from the Windows Forensic Tool (WFT) seem rather revealing. It shows browsing history and protected storage amongst many other bits of info.
  8. I can't believe you guys! In about 5 minutes of googling I found the Helix website which contains COFEE along with other forensic tools. The only thing MS did was to add an autorun.inf file to a USB drive to make the software auto-run when the device is plugged in. Go to the link above and download your free copy of the Knoppix live CD of the Helix distribution or be a real hacker and grab the bittorrent.
  9. I've been thinking the same thing. Basically sending several ghost signals in order to help hide me. But then I started thinking about what it means to hide in a crowd and it really only works if you do it once and then move somewhere else. That is because anyone reviewing videos of a crowd could logically isolate you within two visits to the same place. So, if you have to move every time you want to post your hackzine then you don't need any additional technology to help you hide.
  10. Mitigating DoS attacks is.
  11. And the eggshell security of a single plant isn't the biggest worry. When the northeast blackouts occurred it was because the power grid expected all power plants to play nice. One power generating station screwed up and took down a third of the States. It's a house of cards protected by an eggshell. Imagine escalating an attack by infiltrating as many systems as you can without getting caught. You might only need to get control of as few as five to ten stations. Now you have the ability to control water, power, phones and transportation across major portions of a country. Ours included. The Air Force Cyber command was created to deal with just that problem. You should read some of the news about the Cyber command. They are geared up to attack enemies as well as defend our own infrastructure. The days of nmapping .mil, .gov or other infrastructure sites are over because now your shit will get pwned.
  12. Not directly for the Navy. All the Navy's control systems were made by companies like GE and Litton. They were definitely proprietary. The only DNP3 system I got to mess with was on a Merchant vessel. We were turning over a cargo ship to them and they were integrating all plant operations with their control systems. Once they were online they could remotely monitor and operate everything with only three people. I had 27 people doing the same job. Their systems were setup to "phone home" over satellite and, when docked, land-lines. My guess is that if you could get through the encryption of the two Red boxes and one Black box used for satellite communications then you could pWn that beast. Nice call! Actually, I spent several years as an EN before cross-rating to GSE.
  13. First off SCADA = Supervisory Control And Data Acquisition which really just means controlling hardware with a computer. I used it for 15 years on board Navy ships. Basically you have a computer that collects data from all the sensors in the plant and uses that information to control the engine that drives a generator. The sensors generally cover everything from rpm's, temperatures, pressures, liquid flow rates, water and fuel tank levels and various other required inputs. The plant is the entire SCADA system as a whole which means the sensors, the prime mover (this will be the engine), the power generator and the computers and electronics that control the whole thing. Think about how your car works and you'll begin to get the idea. Your car has a computer that keeps tabs on how well your engine is operating. So as your spark plugs wear out and they can't do their job as well, they need to be changed every few thousand miles. Except now your car's computer can account for that wear and changes what happens in your engine. If you remember the old days your car actually had a cable going to the carburetor to tell it how much gas you wanted. Now your gas pedal makes a "request" to the computer and the computer tells the electronic injectors how much gas to send based on how worn out your spark plugs are. Now just suppose your engine red-lines at 7500 rpm. That means if you go any faster then you could damage your engine. So when the computer sees 7500 rpm it starts to reduce and will even cut off your gas. Now imagine getting access to the computer and overriding the red-line and telling it that 10,000 rpm is OK. If you did that to a power plant the amount of damage that could be done is endless. There's a bit more to overriding all the safeties but once you've got control it's only a matter of time.
  14. The type of material you are attempting to penetrate absolutely makes a difference but you can tailor your HERF device by using different frequencies to penetrate different materials. A simple example is 2.4 GHz WIFI. It works considerably better out in the open because walls and trees can block the signal. If you were to cut that frequency in half you could deliver more energy to the target. However, microwaves can sometimes behave in seemingly strange ways. We constantly fight with signal leakage at work where the microwaves will actually travel along the inside surface of our metal housings to get into adjacent spaces and cavities. So, if it ain't water tight it ain't microwave tight. You can see that when you use the new 5 GHz WIFI systems. For various reasons the signal is able to reach farther than 2.4 GHz even though you could block the signal with a piece of paper.
  15. It may be windows updated your hal but your motherboard can't support the update. Go to your motherboard's web site and see if you can update the bios. I've fixed more than a few problems that way. And for those talking about playing games in Wine this little program got me going with windows games on slackware!