Welcome to Don Parker's Section

Don Parker's Latest Contributions

Analyzing a Hack from A to Z (Part 4)

Date - Apr 02, 2008

Section - Articles / Misc Network Security

How to write some IDS signatures.

Analyzing a Hack from A to Z (Part 3)

Date - Mar 11, 2008

Section - Articles / Misc Network Security

We finished off gathering the required information from the target network in part two. In part three we will now pull off the hack, and transfer some tools over to the compromised webserver.

Analyzing a Hack from A to Z (Part 2)

Date - Jan 10, 2008

Section - Articles / Misc Network Security

We will finish analyzing the scan packet trace to pull out all the profiling information, and begin the network attack.

Analyzing a Hack from A to Z (Part 1)

Date - Dec 19, 2007

Section - Articles / Misc Network Security

Within this article series we will both pull off a hack, and analyze its methodology. By understanding a hacker's methodology one can better defend one’s networks.

Web Application Hacking vs the IDS

Date - Oct 18, 2007

Section - Articles / Web Application Security

The world of web application hacking is an enormous one, and also one that is constantly changing. Just how well does your IDS fare against it?

Binders and Malware (Part 4)

Date - Sep 26, 2007

Section - Articles / Viruses, trojans and other malware

Taking a look under the hood of our newly created malware.

Binders and Malware (Part 3)

Date - Jul 11, 2007

Section - Articles / Viruses, trojans and other malware

Binding malware specimen to Pong.exe with the binder YAB.

Binders and Malware (Part 2)

Date - Jun 20, 2007

Section - Articles / Viruses, trojans and other malware

Malware binder YAB - how to bind various parts together.

Profiling an Operating System (Part 4)

Date - Jun 07, 2007

Section - Articles / Windows OS Security

How to use NBTSTAT to get host information.

Profiling an Operating System (Part 3)

Date - May 29, 2007

Section - Articles / Windows OS Security

Testing Windows 2003 Standard.

Binders and Malware (Part 1)

Date - May 16, 2007

Section - Articles / Viruses, trojans and other malware

How malware authors bind the malware to legitimate files.

Profiling an Operating System (Part 2)

Date - May 02, 2007

Section - Articles / Windows OS Security

What a computer's packet can reveal.

Packet fragmentation versus the Intrusion Detection System (IDS) Part 2

Date - Apr 19, 2007

Section - Articles / Intrusion Detection

More advanced fragrouter options to attempt IDS evasion.

Packet fragmentation versus the Intrusion Detection System (IDS) Part 1

Date - Apr 11, 2007

Section - Articles / Intrusion Detection

Packet fragmentation and how it can affect the IDS.

Reverse Engineering Malware (Part 5)

Date - Apr 03, 2007

Section - Articles / Windows OS Security

The malware sample in its uncompressed format.

Profiling an Operating System (Part 1)

Date - Mar 22, 2007

Section - Articles / Windows OS Security

Architectural and host profiling.

Reverse Engineering Malware (Part 4)

Date - Mar 06, 2007

Section - Articles / Windows OS Security

Unmasking the efforts of spammers, internet bottom feeders, and others with ill intent trying to mask what is in reality malware.

Reverse Engineering Malware (Part 3)

Date - Feb 15, 2007

Section - Articles / Windows OS Security

The actual malware analysis.

Reverse Engineering Malware (Part 2)

Date - Jan 31, 2007

Section - Articles / Windows OS Security

The actual process of rev eng, as many call it.

PSTools suite (Part 3)

Date - Jan 24, 2007

Section - Articles / Windows OS Security

The remaining tools in the PsTools Suite.

Reverse Engineering Malware (Part 1)

Date - Jan 18, 2007

Section - Articles / Windows OS Security

How to apply reverse engineering, the rapidly growing computer security field.

PSTools suite (Part 2)

Date - Jan 10, 2007

Section - Articles / Windows OS Security

A look at more of the tools available in the PsTools suite.

Corporate Wireless Network Defense

Date - Dec 28, 2006

Section - Articles / Wireless Security

How to secure an enterprise wireless network.

The Lack of WiFi security (Part 2)

Date - Dec 06, 2006

Section - Articles / Wireless Security

Tools that collect packets and then break the WEP keys.

Tools of the Trade revisited (Part 3)

Date - Nov 15, 2006

Section - Articles / Intrusion Detection

A look at how Snort views a tool called Cain & Abel.

Computer background processes

Date - Nov 07, 2006

Section - Articles / Misc Network Security

This article shows tools that can be used to view a computer’s background processes.

PsTools Suite (Part 1)

Date - Oct 25, 2006

Section - Articles / Windows OS Security

This article will focus on the PsTools suite from Sysinternals and how they enhance the command line tools available in Windows.

Tools of the Trade revisited (Part 2)

Date - Oct 18, 2006

Section - Articles / Intrusion Detection

The first part of this article series looked at how an IDS could possibly detect certain security tools. Covered was a packet sniffer and network scanner. This article continues with the analysis.

The Lack of WiFi Security (Part 1)

Date - Oct 11, 2006

Section - Articles / Wireless Security

This article discusses how effective various encryption schemes are and some of the tools used to discover WAP's.

Tools of the Trade revisited (Part 1)

Date - Oct 03, 2006

Section - Articles / Intrusion Detection

This article series revisits the article series called “Tools of the Trade”. This time however it will be looked at from the IDS’s perspective.

Wireless Network Defense (Part 2)

Date - Sep 28, 2006

Section - Articles / Wireless Security

The series continues by discussing how to properly set up a wireless router.

Wireless Network Defense (Part 1)

Date - Sep 20, 2006

Section - Articles / Wireless Security

This article discusses the need for security and the relative dangers of a wireless network.

SPIKE and BURP for real world computer security usage (Part 4)

Date - Sep 06, 2006

Section - Articles / Web Server Security

In previous articles we covered the SPIKE HTTP proxy, and how to use it. Well there are many different HTTP proxies out there, and the BURP HTTP proxy is one of the better ones. Choosing an HTTP proxy to use is often a matter of preference.

Network design and defense

Date - Aug 16, 2006

Section - Articles / Misc Network Security

I have mentioned before that every network has its own quirks and design needs. Due to that, one can only offer generic advice on a network’s security posture. Let’s take a look at a typical network and comment on it.

Scripting and Security (Part 2)

Date - Aug 02, 2006

Section - Articles / Windows OS Security

We saw in the first article of this two part series that scripting definitely has a place in the life of the computer security professional. In this second part I shall show how you would modify the earlier script, and cover some command line power tools.

SPIKE and BURP for real world computer security usage (Part 3)

Date - Jul 25, 2006

Section - Articles / Web Server Security

This article is the last in a series based on SPIKE the HTTP proxy.

Scripting and Security (Part 1)

Date - Jul 12, 2006

Section - Articles / Windows OS Security

In this article, the first in a two part series, I will give a brief introduction to PERL scripting.

Writing Egress Filters for your IDS

Date - Jun 28, 2006

Section - Articles / Intrusion Detection

In this article we will look at ways of discovering system compromises based on outgoing IDS signatures.

Local Attacks

Date - Jun 20, 2006

Section - Articles / Misc Network Security

In this article I will list some of the physical attacks that a computer could fall prey to.

SPIKE and BURP for real world computer security usage (Part 2)

Date - Jun 07, 2006

Section - Articles / Web Server Security

In this part two of the article series we will actually use an HTTP proxy and find out more on how you can use this very useful tool.

Event Log/Monitoring Consolidation

Date - May 24, 2006

Section - Articles / Misc Network Security

In most corporate organizations today there is a large array of computer network security devices deployed. All of these security tools produce voluminous amounts of output. What good is that output unless you can make use of it?

Auditing your Network

Date - May 16, 2006

Section - Articles / Misc Network Security

In this article we will cover just what it means to have a computer security network audited.

Compliance and You

Date - May 10, 2006

Section - Articles / Misc Network Security

This article is squarely aimed at those of you who are at best confused about the whole compliance quagmire.

SPIKE and BURP for real world computer security usage (Part 1)

Date - Apr 26, 2006

Section - Articles / Web Server Security

This article series will demonstrate how to use an HTTP proxy.

A proxy by any other name

Date - Apr 13, 2006

Section - Articles / Misc Network Security

In almost every corporate computer network today there are proxies to be found. This is pretty much a standard computer security practice. The confusion starts when people start talking about all the various proxy types. Within the confines of this article all of the various proxy types will be discussed.

Tools of the Trade (Part 3)

Date - Apr 05, 2006

Section - Articles / Misc Network Security

Over the course of part two in this article series we covered both netcat and ettercap. What we shall now cover in the final part of this series is a packet crafter and an HTTP proxy. Read on to find out more about these very powerful tools of the trade.

Tools of the Trade (Part 2)

Date - Mar 22, 2006

Section - Articles / Misc Network Security

In part one of the article series on “Tools of the Trade” we covered a packet sniffer and network scanner. Both installation and sample usage were shown. In part two we will go on to cover other key tools that are of importance to learn. Read on to find out more!

Tools of the Trade (Part 1)

Date - Mar 09, 2006

Section - Articles / Misc Network Security

Being in the computer security field means that you are always striving to stay current. You are always trying to learn new tools, and understand new exploits. That said there are also some tools that simply aren’t going to go away any time soon and are really necessary to learn. Over the course of this three part series we will look at some of the best known hacking tools. After all, it pays dividends to know just how your enemy works and more specifically with what.

Setting up your Lab

Date - Mar 01, 2006

Section - Articles / Misc Network Security

Having an interest in computer security means one thing for certain: That you will have to keep your skills up to par and continually explore new ones. How should you go about fulfilling this ambitious plan? Read on to find out how.

Securing the Network from Within (Part 2)

Date - Feb 15, 2006

Section - Articles / Misc Network Security

In Part 1 of this article series we went over some of the physical threats confronting networks. We will continue, in Part 2, to cover various other ways to help secure the workstation, and thereby further help harden the internal network from attack.

TCP and IP Options

Date - Jan 26, 2006

Section - Articles / Windows Networking

Going back over the basics is always a good idea. One of the most fundamental pieces of knowledge in regards to computer communications are the four core protocols; IP, TCP, UDP, and ICMP. What we shall do over the course of this article is cover the options for both TCP and IP to see what, if any, security implications they may have.

Securing the Network from Within (Part 1)

Date - Jan 19, 2006

Section - Articles / Misc Network Security

All too often we hear of how a hacker bypassed a router and the firewall to penetrate a company’s internal network. Reality is that there will always be a way into an internal network. Is it time to start thinking of protecting the network in a different way? Read on to find out.

Switching Technologies

Date - Jan 12, 2006

Section - Articles / Windows Networking

With the advent of faster computer networks and a far more stable infrastructure has come the need for a quicker way to “switch” this information around. Two of the best known methods for doing so are ATM and Frame Relay. Within the confines of this article we will discuss just what they are and where they fit in.

HTTP Tunnels

Date - Jan 05, 2006

Section - Articles / Windows Networking

The computer security world has come a long way over the past decade or so. There are all kinds of programs to mitigate external threats and the ever present spectre of viruses. What about those programs that are initiated from the trusted internal network though? Read on to learn more about the threat of HTTP tunnels.

The Different Shades of Hackers

Date - Dec 29, 2005

Section - Articles / Misc Network Security

The computer security world is populated by various types of people. Notably in that world are your various hacker types. Be they white, grey, or black, it now seems that almost every hacker is assigned a color. What does it all mean though? Read on to find out.

Remote Authentication: Different Types and Uses

Date - Dec 22, 2005

Section - Articles / Authentication, Access Control & Encryption

Computer networks have arguably helped worker efficiency and helped a company’s bottom line. Well with that has come the need for workers to, at times, remotely log into the corporate network. This is ideally done via secure means. Within the confines of this article we will look at several of these methods.

Access Controls: What is it and how can it be undermined?

Date - Dec 15, 2005

Section - Articles / Authentication, Access Control & Encryption

We have stoplights on city streets, and locks on the doors of our homes. What these things have in common is that they are access controls. The world of computer security is very much the same in that it employs various ways to limit access. In this article we will cover several ones and discuss their usage.

Biometrics and You

Date - Dec 08, 2005

Section - Articles / Authentication, Access Control & Encryption

The world of computer security has spawned yet another way to help secure one’s computer assets. That would be the still maturing area that is biometrics. Just what are biometrics anyway, and are they really being adopted by the mainstream? Read on to find out.

Studying Network Activity Using the Chaosreader Tool

Date - Dec 01, 2005

Section - Articles / Windows Networking

I have written quite a bit about investigating network activity at the packet level. This practice can yield some key information about your network. Another tool that can help you discern network activity is a program called Chaosreader. Read on to find out more about this outstanding tool, and its ability to help you.

The importance of having a CSO/CIO

Date - Nov 24, 2005

Section - Articles / Misc Network Security

In most midsize to large organizations there exists a computer security group. This group is made up of various sub-groupings. Typically you will have your technical people, as well as the management. Ideally the two groups will co-exist peacefully, and in reality it is a must for the technical folks to have strong representation by the CSO or CIO.

Shells for Sale! (Part 3)

Date - Nov 10, 2005

Section - Articles / Viruses, trojans and other malware

We have seen over the past two articles, both the planning and the first steps taken in a practice hack, for the purpose of accumulating exploited computers. In this final part we will see the conclusion of what a semi-skilled hack would look like. Lastly, we will also see how our hacker John, is also quickly caught trying to sell his wares.

Shells for Sale! (Part 2)

Date - Nov 01, 2005

Section - Articles / Viruses, trojans and other malware

With the groundwork having been laid out in part one of this article series, we now move on to the actual execution of the hack. This though is a hack with a slightly higher degree of skill involved. Read on to find out more.

Shells for Sale! (Part 1)

Date - Oct 25, 2005

Section - Articles / Viruses, trojans and other malware

What would happen if a semi-skilled hacker decided to harvest some computers, and then in turn sell access to them? It is an intriguing concept that we will explore over the next few articles. As always, there will be a premium placed on technical detail, which will allow you to recreate what I have done.

Standardization and the security appliance

Date - Oct 06, 2005

Section - Articles / Misc Network Security

There is a dizzying array of appliances out there today, which will address almost every security concern. Problem is that the vendors are all touting that they can accomplish this performance benchmark or task for you. There would be little point in a vendor making outright falsifications about their wares, but it would surely be nice to have them ascertained to a certain degree by an independent source.

Packet analysis tools and methodology (Part 4)

Date - Sep 27, 2005

Section - Articles / Intrusion Detection

In the last part of this article series we will take a look at the alarms generated by myself. This binary log will include several attacks, and some general surfing. We now need to take a look, and separate the chaff from the wheat.

Packet analysis tools and methodology (Part 3)

Date - Sep 20, 2005

Section - Articles / Intrusion Detection

It has arguably gotten easier to exploit computers now due to the abundance of attack tools out there today. One of the most powerful ones is the Metasploit Framework. We will take a look at it in this article.

Packet analysis tools and methodology (Part 2)

Date - Sep 13, 2005

Section - Articles / Intrusion Detection

In part two of this article series we will learn how to build a powerful analysis suite. Tools covered will be Snort, Snortsnarf, widump, and winpcap. You will also need to install a PERL interpreter, which shall be shown.

Packet analysis tools and methodology (Part 1)

Date - Aug 30, 2005

Section - Articles / Intrusion Detection

There are untold billions of packets flying around the web today. A great many of them are of malicious intent. A prelude to malicious activity is often the port scan. We will learn about some of the more popular types of port scans in existence today, and the tools used for them.

Sys Admin: Friend or Foe?

Date - Jul 21, 2005

Section - Articles / Misc Network Security

The network system administrator is the first line, and sometimes last line of defence that a network has. What happens though if that very same defender becomes more of a liability?

The Student, the Teacher, and Optix Pro (Part 3)

Date - Jul 14, 2005

Section - Articles / Viruses, trojans and other malware

In this last part of the article series we will show John finding, and retrieving the upcoming math exam, as well as his getting caught. Rounding it out will be a quick incident handling roundup.

The Student, the Teacher, and Optix Pro (Part 2)

Date - Jul 07, 2005

Section - Articles / Viruses, trojans and other malware

In this part of the article series we see John begin to configure his trojan server on the professor’s computer, and will ultimately see him connect to it from his class room.

The Student, the Teacher, and Optix Pro (Part 1)

Date - Jun 28, 2005

Section - Articles / Viruses, trojans and other malware

In this article series we will learn about a Trojan called Optix Pro. This is an especially lethal Trojan. With the first Part we will cover a little of Trojan history, see our fictional college’s network, and round out with our fictional student physically infecting his professor’s computer.

Obfuscated Shellcode, the Wolf in Sheep's Clothing (Part 3)

Date - Jun 16, 2005

Section - Articles / Viruses, trojans and other malware

In this last part of the three part series based on shellcode obfuscation, we will actually substitute the well known NOP sled for one of a differing function. We will also see what, if any, changes are noticed by Snort.

Obfuscated Shellcode, the Wolf in Sheep's Clothing (Part 2)

Date - Jun 07, 2005

Section - Articles / Viruses, trojans and other malware

In this second part we will actually see what a NOP sled is, and looks like. Furthermore, we will use an exploit with an existing NOP sled to see how it shows up on an IDS such as Snort with a default ruleset in place.

Obfuscated Shellcode, the Wolf in Sheep's Clothing (Part 1)

Date - May 24, 2005

Section - Articles / Viruses, trojans and other malware

This article will describe just what shellcode is, and how it relates to exploit code. Also explained will be some advances in exploit code development in an effort to further stealth the presence of certain shellcode characteristics.

How to Audit your Network via Packet Analysis

Date - Apr 28, 2005

Section - Articles / Misc Network Security

Auditing your network at the packet level is a practice that is not done very often, if at all. The truth of it is that there are untold riches in all those packets flying about on your LAN. All one has to do is log them, and dig into them. One never knows what they will find.

Web Server Defacements (Part 3)

Date - Apr 07, 2005

Section - Articles / Web Server Security

We shall now actually deface the web server’s web page, and pull off the hack as it were. Furthermore we will peek under the hood, and look at the packets to see just what transpired so that you might recognize it in the future.

Web Server Defacements (Part 2)

Date - Mar 15, 2005

Section - Articles / Web Server Security

In part two of this article series we shall take a more detailed look at how to actually pull off a web page defacement. The tool in use will be the outstanding open source security program Metasploit Framework. Detailed usage will be shown so you can recreate the scenario.

Web Server Defacements (Part 1)

Date - Feb 10, 2005

Section - Articles / Web Server Security

The urban art of grafitti has traversed to the online world in the form of web server defacements. Just how do these online vandals do it though? Read on to learn how it is done, and therefore gain a deeper understanding which will help you defend against it.

The Convergence of Hacking and Security Tools

Date - Jan 18, 2005

Section - Articles / Misc Network Security

There is beginning to be a blurring of the lines when it comes to security tools, and hacking tools. Is there really a difference anymore between the two of them at all? This article will detail one specific example of this paradigm "Metasploit Framework". Following this article will be a clear demonstration of this tool in action as well over the course of a three part series.

Social Engineering meets the Bot (Part 3) - All is Revealed

Date - Dec 02, 2004

Section - Articles / Viruses, trojans and other malware

In the final installment of this article series we get to see the trojan operate at the packet level itself. No matter how clever the exploit, or trojan it must still dial home as it were. It will do so at the packet level, which we will examine.

Social Engineering meets the Bot (Part 2)

Date - Nov 23, 2004

Section - Articles / Viruses, trojans and other malware

In part two if this article is where we begin to get some answers. Much like the fabled trojan horse contained soldiers who opened the gates of Troy our supposed ASM is not what it appears to be.

Social Engineering meets the Bot (Part 1)

Date - Nov 18, 2004

Section - Articles / Viruses, trojans and other malware

All exploits or malware leverage a specific weak link in a program. This is done through various means. Social engineering on the other hand exploits the human link. What though if both an exploit and social engineering were combined? Read on to find out how both worlds collide.

Darwinism Meets the Virus and Worm

Date - Nov 16, 2004

Section - Articles / Viruses, trojans and other malware

Viruses are largely a threat that is contained if one has an anti-virus solution. This begs the question of what then is the next big threat in terms of malware code? The answer to that would be the new, and more lethal worms such as Slammer for one. What would happen though if someone with coding talent were to harness the chaotic world of the worm?