Tuesday, May 24, 2011

New tools to be aware of for pcap stuff

streams: http://www.honeynet.org/node/633?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HoneynetProjectAggregated+%28Blog+postings+from+honeynet.org%29
splitting and other parsing: http://www.netresec.com/?page=SplitCap
rawcapture (winpcap not required): http://www.netresec.com/?page=RawCap

I'm sure there are a ton more buried in my email that I've missed recently, but these all looked promosing.

Directory Scanner

Not a tool I've played with, but on my list for one of these days if I ever have some time.

Supposedly can tell if it is AD, eDir, OpenLDAP, etc.

Thursday, May 5, 2011

Forensics Contest #8

Well after a VERY long break they've released the latest puzzle. This one has to do more with parsing and pulling info about wireless. While I probably have the skills to do it, I'm not sure I'll participate in this one. School is finishing up and my free time is very short in this next month.

If nothing else I may just figure out the answers without writing any specific program to be released for it.

It has been out a good week so far and I have yet to grab the pcap file and look it over. Satori will probably spit out an error as I have it set to reject wireless packets as I haven't wanted to parse out the extra header info in the past.

May run into through a converter so Satori can at least read it in, though I'll lose most of what they want you to find with SSID stuff and beacon packets.