Scalable Fabrics
I should first mention here that I’m very bad at writing shownotes.
http://research.microsoft.com/Research/Downloads/
Download Microsoft Scalable Fabrics here
Scalable Fabric is a task management system for the Windows desktop. A central focus area, defined by you, contains windows that behave in the traditional way. When you drag a window into the periphery, it becomes smaller and continues to get smaller the closer you get to the edge of the screen. This makes it possible to keep windows open all the time, and change “minimize” to mean “return to the periphery”. Groups of windows can easily be created to represent different user tasks. Switching between groups is done simply by clicking on the task marker flag.
If you are a heavy multitasker or need lots of organization, you can do so with this program. The main area of the program and your desktop is where you maximize your different windows. You can outline this area with a blue line, or remove this outline.
The second part is your peripheral area, which is the area out of your main view. You use this area for anything you have open in different piles, but are not using currently. This area for smaller windows is perfect if you need to group certain windows together and be able to see what is in each window.
Each small group of peripheral windows can be renamed and moved around as you like.

Lunar Magic
ROM
FuSoYa’s Lunar Magic EMULATOR
Post your customized levels!
Lunar Magic is an Emulator made so you can create your own Super Mario World levels. In each level, you can edit everything from the background and the ground you walk on, to the baddies and coins, as well as putting things wherever you want. You save your game to a ROM, and you can play your level. If you save your level as a file, you can share it with friends who also use Lunar Magic. Your friends can then edit the same level and share it back with you!
One thing to remember, if you have too many sprites in your level (coins, bad guys, etc…), your level will freeze in the ROM and you won’t be able to finish it. O noes!
It is suggested you stick to 83 or so sprites per level (not 400 like I had in mine!). Download the ROM, read the help file, and play with all the different choices you have. Enjoy!

Cell Phone Emulators
Perfect for the holidays are cell phone emulators. Try your choice of mobile OS before you actually buy them in store so you dont get stuck with your new smartphone and a two year contract with your wireless company. Using these emulators can introduce you to many, many different smart phone OS. You can compare and choose your favorite and your least favorite easily.
The ones I tried were Windows 5, Palm Centro, and Blackberry Storm emulators. All three run on different programs made by completely different people, and take a little bit of practice to learn each emulator
Forum

Download the Episode here!

First Responder Forensics with Helix/Live View. Editing Super Mario World levels with Lunar Magic. Following logs with Bare Tail. Unicorns, and a lot more.

Matt forgoes the vicodin for this shoot (Wisdom teeth coming out this week) and blames Darren for the HakHouse — the Internet in our living room.

D props Ghost and EDP

Post_Break has been helping D with airbase-ng and wifizoo in BackTrack3

Matt’s birthday landed on our shoot day. We took advantage of the opportunity and surprised him with, well, you’ll just have to see.

First Responder Forensics with Helix/Live View
If you’re ever in a position where you have to perform forensic imaging duties on a machine, this segment may be useful to you! The overall goal is to be able to load a forensic .dd image into an environment where you can interact at the user level with it, and perform some initial analysis that may help to paint the overall picture of what happened later on.

Requirements:

* A Helix live CD (any of their versions should work, but I recommend 2.0)
* Any machine that has an OS which is compatible with VMware
* Either a removable drive, or enough free space on a network share in order to push the .dd image out to it.
* Live View
Having VMware Workstation is a plus, but if not, Live View will automatically download and install VMware Server and the DiskMount utility for you, if you so choose.

Helix is a forensic Live CD with loads of tools. We’re focused on just the image acquisition part today. For the most part, the default options are fine, just specify where you are outputting the .dd image to and you’re on your way!

Install Live View and make sure you either let it install the necessary components, or already have VMware installed ahead of time. It tends to not like the absolute newest version of VMware Server, so ideally use the older one that it suggests. Open the .dd image with Live View, and either Start it directly or Generate the config files. Should you encounter problems with Starting it directly, use the generate config files option and then manually open the .vmx/.vmdk file from within VMware itself. Don’t forget to check the settings on the new VM and make sure the operating system is set correctly, the program does not always autodetect it.

In layman’s terms, this takes the forensic image and converts it to a virtual machine format, so you can interact with it as if you were the user. It does not write anything to the .dd image at all, but obviously I suggest using this with a COPY of the original .dd image you make of the suspect machine.

Trivia
Last week’s trivia was answered correctly by Mike S. who wrote “Dornier Do-X”. We’ve sent him the first volume of Ed Piskor’s WIZZYWIG hacker graphic novel series.

A note on trivia. Please answer trivia questions on the Hak5 forums from now on. We would love to continue doing dual winners but with growing prize costs we cannot. Also, if you’re interested in volunteering to help with trivia code challenges lend a hand in the Dev5 board.

Editing Super Mario World levels with Lunar Magic
It should be noted here that Matt sucks at Mario. Shannon walks us through some of the basics of editing Super Mario World levels with Lunar Magic. The concept it quite simple. Fire up Lunar Magic, open your SMW rom, and play. Save your changed level back to the rom or alternatively save the level out to a MWL file ready (and legal) for distribution. If you’d like to share your Super Mario World levels with us or check out some of the other Hak5′ers levels check out our forum thread on the subject.

Rightfully red Matt shares with us another tip that’ll save you sysadmins some time and sanity. This week Matt features Bare Tail. Not just a Windows equivalent to the Unix command but a full featured log file following, highlighting and prettifying GUI perfect for everything from transaction logs to happy birthday IM conversations with yer mum.

Until next week we welcome your feedback and remind you to Trust your Technolust

Download it here!

Show Notes

Is WPA Broken? Interesting stuff coming out of PacSec this year. Ars has a great writeup about it our check out Martin Beck and Erik Tews’ paper Practical attacks against WEP and WPA (PDF). There is a proof of concept tool available from the Aircrack-NG folks. Take a look at Tkiptun-ng. At time of writing the tool is not fully functional. Something to keep an eye on.

Steve P. writes to us about the Helmer beowulf cluster. This 6xCore2Quad is sure to make any geek smile. Kitty approved too! While stuffing a personal cluster into an Ikea cabinet is novel in and of itself the mad scientist behind it has thought some insane cluster designs including the 50 tflop Helmer 2 and the 4 pflop Helmer 3. All I can say is I want one. Thanks for the links Steve.

Darren enjoys a Bondages’ No Problem while Matt and Shannon stick with the margaritas.

More importantly Darren talks about Session Hijacking and demos a tool from Errata Security called Hamster and Ferret that, in conjunction with the latest 2.0 build of Jasager, an ICS’d EVDO connection and Tftpd32 we’re able to “sidejack” with our little man-in-the-middle setup. Lesson learned? Be suspicious of any wifi. Check for signatures of trusted networks and tunnel your traffic. We’ll come back to this topic with a more indepth segment on Jasager detection and traffic encryption soon.

A note on trivia. Please answer trivia questions on the Hak5 forums from now on. We would love to continue doing dual winners but with growing prize costs we cannot. Also, if you’re interested in volunteering to help with trivia code challenges lend a hand in the Dev5 board.

Matt shows us how to convert a physical server into a virtual server locally using the free VMware converter tool and talks about some of the concerns you must consider when preparing to virtualize. If you have virtualization questions hit up Matt and we’ll cover ‘em on future segments. Matt at Hak5 d0t org.

Alex W. writes with a question about screen recording. We highly recommend the open source Camstudio as well as FRAPS and Techsmith’s Camtasia Studio (warning: sticker shock may occur at techsmith.com). Paul (our “camera guy”) suggests checking out the new screen capturing functionality of the latest verison of VLC, especially if you’re on the Linux or Mac side.

As always we’d love to hear your feedback. Your questions, comments or concerns can be directed to HakHouse.com. It’s a crazy interactive project we’re working on. Just wait ’till we get the web-enabled robots up in there.

Trust your Technolust

Download it here!

Darren demos optical character recognition and bar code lookups with GOCR. Shannon talks about a new way to organize your desktop with Microsoft Scalable Fabrics. Matt protects a public workstation with Windows Steady State. Plus USB Protocol Analyzers and Paul’s pink flamingo.

Darren demos an Optical Character Recognition with GOCR and lookups at UPC Database proof of concept.

Matt talks about Windows Steady State - an invaluable tool for anyone managing public computers.

Shannon explains Microsoft Scalable Fabrics - an interesting concept in desktop organization.

Darren answers SinisterBlack’s questions about USB sniffing and points out two USB Protocol Analyzers - SniffUSB and USBTrace.

Download it here! http://revision3.com/hak5/Phreaknic

The gang heads to Phreaknic in Nashville Tennessee and in Hak5 tradition brings you a sampling including interviews with Russell Butturini about his U3 Incident Response Tool, Adrian Crenchaw, aka Irongeek, about Keyloggers and other embedded hacking, Daniel Hooper about Software Defined Radio and GNU Radio, Eighty of Dual Core, Droops from Hacker Media, and more. Yeehaw!

Russell Butturini shows us the U3 Incident Response Payload for the USB switchblade. Code and tutorial on the forums.

Adrian Crenchaw, aka Irongeek talks about Hardware Keyloggers and other geeky bits.

Daniel Hooper explains Software Defined Radio, GNU Radio, and the universal software radio peripheral.

Plus talks with Nerdcore star Eighty of Dual Core and Droops from Hacker Media and Hacker Public Radio.

Episode 409 - HappyHakoween: Password Cracking Clusters, Remote Control Services, Wireshark Packet Filtering

Matt shows us how to turn anything into a service and provide a web frontend to manage them windows server, great for game server administration. Chris Gerling wraps up his three part series on Packet Sniffing with Wireshark techniques for packet filtering. Darren harnesses the CPU power of the HakHouse for good or evil to demonstrate cluster computing. Plus details on our Hak5 Halloween LAN Party!

Matt Lestock turns any windows application into a service using instsrv and srvany and demonstrates how we use this technique, coupled with Panel Daemon to delegate game server administration at the Hak5 playground.

Chris Gerling shows us some packet filtering techniques using the network analyzer Wireshark. He covers capture filters, display filters, colors and statistics. Read more on packet sniffing on his blog at ChrisGerling.com

Darren Kitchen talks about parallel computing. He touches on grid computing and massively parallel processors though he mainly focuses on clustering. Darren demonstrates simple windows password cracking techniques using an openMosix based image and discusses the theory behind setup. Darren has a lot of further reading for you to check out on his blog and would like to hear your feedback about building the Hak5 beowulf cluster!

And on a production note: We’ve switched over from a standard-def composite based video mixing solution to a high-def HDMI based system. Unfortunately until we get a Mac Pro and switch to Final Cut Pro for editing we’re unable to release a 720p version of Hak5. But we’re well on our way to bringing you guys truly high def technolust thanks to everyone who has continued to support this cause. Thanks!

Thanks for watching Episode 409! <3