Skip to content

Posts tagged ‘tutorial’

17
Oct

A Quick Introduction to Lockpicking and Useful Resources for Beginners

I’ve been into lockpicking for a few years now, and I’m surprised I’ve never posted more about it (maybe I will). Suffice it to say that lockpicking is great fun, you learn a lot, and one day it may come in handy (legally of course). One thing I’ve noticed whenever I talk about lockpicking, is that most people -including techies – have very little clue about how locks themselves actually work. It’s no surprise then that lockpicking feels like a bit of mystery to many. In reality the majority of locks are very simple devices, and many can be picked or bypassed using fairly simple tools.

I had the pleasure of taking part in the Defcon 19 Gringo Warrior contest where participants must bypass a series of locks to ‘escape’. It’s scored based on time and difficult of locks picked. I scored about above average. In this post I’m going to give my own shotgun intro to lockpicking, and provide some videos and links to other useful references where you can go find more detail.

Read moreRead more

8
Sep

Reverse SSH over Tor on the Pwnie Express

The Pwnie Express (PwnPlug) is a great little tool for hackers, pentesters and social engineers alike. While I don’t advocate the use of a Pwnie for illicit purposes, I was intrigued about using it as an untraceable tap into a network. Out of the box the Pwnie allows you to configure reverse SSH connections, exfiltrated over a number of different protocols including HTTP, SSL, ICMP and DNS.

While these are great for getting out of controlled networks, they all require the Pwnie to be configured with the IP address of your SSH server, which could potentially be traced back to you. It also requires your SSH server to be able to directly receive connections at the IP/hostname configured on the Pwnie. While one could run an SSH server on a proxy box somewhere, I felt that was too primitive, so I installed Tor on my Pwnie and configured a Tor Hidden Service on my SSH server.

Note: For the purposes of this tutorial, the SSH server will be running on BackTrack 5. I’m assuming you’ve already performed the initial Pwnie Express setup steps on the server! Check out my PwnieScripts to help speed up and automate the Pwnie setup.

These instructions do not yet work on Pwn Plug software >= 1.1 as they’ve changed the layout of things! Will update this post when I get the time.

Read moreRead more

30
Nov

Using GPGMail to Encrypt Email

This post forms part of the series on Securing Leopard, and covers GPGMail, Mail.app plugin that allows you to digitally sign, encrypt and decrypt emails using PGP/GPG.

When Snow Leopard came around, it completely broke support for GPGMail, and there were no other solutions that enabled similar functionality. This caused a significant issue for Snow Leopard users needing GPG functionality. The original developer of GPGMail unfortunately did not have the time to update the plugin and restore support for Snow Leopard.

Since then the GPGMail project has been handed over to a new team of developers who have been working on restoring the full functionality of the plugin under 10.6. This tutorial shows you how to easily install GPGMail and start sending and receiving encrypted emails!

[Updated 21/01/2011] The team at GPGTools have now created a unified installer which consolidates MacGPG2, GPG Keychain Access, GPGMail and GPG Service. Their all-in-one installer simplifies the install process, and installs everything you need for encrypting/signing files and emails.

If you’ve used the GPGTools package, please post your experiences in the comments!

Read moreRead more

18
Nov

Securing Leopard – 10.6 Edition

I’ve finally re-written my article on Securing Leopard, with some updates to reflect the changes made in 10.6. This is still an early edition, and I’d be happy to hear feedback/suggestions (contact form) on how I could improve it.

The article is aimed at new and developing Mac OS X users, and covers a variety of suggestions on how to quickly and easily improve the security of your (Snow) Leopard install. It also provides tips on how to manage your privacy and protect your personal information.

It includes a quick checklist which can help when trying to secure an install of Mac OS X. Enjoy!

Securing Leopard

Securing Leopard: 10.6 Edition

22
Aug

Disable Facebook Places – or – Location-Stalking for Fun and Profit

In a direct strategic offensive on Foursquare’s service and a long-term plan for world domination, Facebook recently introduced their own service dubbed Places. These two services allow users to ‘check-in’ to virtually any venue/event, thus sharing their location with friends (or the world). This introduced an awesome new sport known as Foursquare stalking where one could follow the check-ins of known or random people (eg. by searching for 4sq.com on Twitter Search), call up the venue they are currently at, and ask to speak to the person… and then doing this for every location they check-in to. Tremendous fun. The guys at PLA Radio had fun prank-calling people using this, with amusing results.

Apparently the bald fat guy below just got home. Since he is kind enough to post the actual location of his domicile, all a thief has to do is wait until he checks-in somewhere far away, and then proceed to leisurely rob him of all his stuff. Sorry baldfatguy… didn’t mean to pick on you but you were at the top of the list.

Foursquare Tweet

Surely Facebook’s entry into this domain will allow for more stalking goodness. Another interesting perspective is using Places to create an alibi by spoofing one’s GeoLocation. Anyway, onto the essentials. At least most of us can just avoid using services like Foursquare… but if you have a Facebook account, it’s yet another privacy setting you will have to set yourself.

To Disable Places: Log in to Facebook and go to the Privacy Settings. Click on Customize Settings at the bottom, and then modify the Things I Share settings (you will need to select Custom from the dropdown menu in order to choose Only Me). These settings are only important if you do actually use Places.

Facebook Places Settings

Next go down to Things Others Share, and uncheck Friends can check me in to Places.

This one is particularly important as it prevents trigger-happy privacy-ignorant friends (you know, the ones who take photos of everything at a party only to upload them the next day and tagging everyone) from checking you into every location you ever go to in their presence.
Friends can check me in to Places
Facebook have provided a video which explains how to control your Places settings.
css.php