Download it here!

We head out to DC for Shmoocon, our favorite hacker conference on the east coast, to talk to some of the brightest minds in security. Dave Kenedy on his project FastTrack. Michael Ossmann about sniffing bluetooth. Joshua Abraham on his software GIS-Kismet. Mister X, author of Aircrack-ng and Johnny Long, author and security guru on Hackers for Charity.

Dave Kenedy talks about Fast Track, a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network.

Michael Ossmann and Dominic Spill presented on Building an All-Channel Bluetooth Monitor using the USRP and a lot of awesome code. It turns out listening to 79 channels at once is harder than you think.

Joshua Abraham spoke to us about wireless network mapping with his tool GIS Kismet

Mister X, author of Aircrack-ng shares with us a glimpse of the future of wireless network cracking.

Johnny Long, security expert and author, talks to us about Hackers for Charity

Don’t forget to take the Hak5 Survey. This is the last week it’s running so please if you haven’t already take a moment to fill it out as it really helps us out.

Shmoocon was a blast! We went to the HacDC party on Friday night, club Chloe on Saturday night, and Robin Wood stayed with us through Tuesday to hang out in Williamsburg. I met some of the smartest minds in the security scene, as well as got to promote Hack for Charity (The pineapple went for $400.00!). I helped out the EFF by buying a t-shirt, and took plenty of pictures to please everyone. It’s a real shame I couldnt’ get a swag bag to promote Shmoocon even more with some free advertisement, but gey- it’s their call. :/
Here’s my pictures! http://www.flickr.com/photos/snubs/ (will be updated sometime today 2/13)

Thanks for watchin!

DOWNLOAD!

Show Notes

USB Device Tracking

If you’ve ever used a USB storage device and wondered how stealthy you can be with them, you’re in for a scare. Windows XP logs pretty much everything you’d want to know about that USB key in the registry each time it’s plugged in and written to.

When you plug in your USB drive, the Plug and Play manager gets notified and queries the device descriptor in the firmware for information about the device. This helps it locate a driver, which is referenced in the %SystemRoot%/inf folder by various .inf files. Once the device is identified and a driver selected, the information is dropped into HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\USBSTOR with a format similar to Disk&Ven_###&Prod_###&Rev_### which will identify the device ID, manufacturer and more. An important number you will find here is the ParentID prefix, which I did not actually say during the segment but this is something that will appear in virtually every registry entry regarding the device.

Microsoft uses serial numbers on the devices to distinguish between devices with the same manufacturer or model. In the case that the serial number is not unique (or even not present), the PnP manager will create a unique instance ID for the device.

All of the numbers you find related to each device should be logged if you’re doing any sort of investigation or trying to track a device across computers.

If you’re trying to determine whether data was perhaps pilfered from your machine/network, you will want to look at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses, where you will find the ParentID prefix and will be able to correlate to the device. You should also see the manufacturer name here. We are looking for the Last Write time which will help in determining whether data was pilfered by giving you a timeframe as to when someone last copied data to the device. In order to do this, you’re going to right click on the entry that has the ParentID prefix and manufacturer name for the device you want, and then click Export. Change the file extension to .txt and name it anything you want, remembering where you save the file. Upon opening this file up, you will find the last write time.

There are many applications for this data, and you’ll probably never be in the registry doing it quite this way, as there are many tools, both commercial and free that will simplify all of this. This data is also used in tools/services which help track your devices, such as iHound (ihoundsoftware.com), which helps you track devices if they’re stolen.

If you have any questions feel free to contact me here and visit my website. Many thanks to Harlan Carvey, author of the 2007 book Windows Forensic Analysis (I think I might’ve errantly said 2005, sorry) for without this book I wouldn’t have known as much as I do about the windows registry.

–Chris Gerling Jr.

PFsense

While our smoothwall is and has been working well for us for the past two years, I recently had the need for something a little more robust.

I came across a fork of the monowall project, pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

Here’s a short summary of some of the eye catching features.

* Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic
* Able to limit simultaneous connections on a per-rule basis
* pfSense utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines? pfSense can do so (amongst many other possibilities) by passively detecting the Operating System in use.
* Option to log or not log traffic matching each rule.
* Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN, etc.)
* Aliases allow grouping and naming of IPs, networks and ports. This helps keep your firewall ruleset clean and easy to understand, especially in environments with multiple public IPs and numerous servers.
* Transparent layer 2 firewalling capable – can bridge interfaces and filter traffic between them, even allowing for an IP-less firewall (though you probably want an IP for management purposes).
* Packet normalization – Description from the pf scrub documentation – “‘Scrubbing’ is the normalization of packets so there are no ambiguities in interpretation by the ultimate destination of the packet. The scrub directive also reassembles fragmented packets, protecting some operating systems from some forms of attack, and drops TCP packets that have invalid flag combinations.”
* Enabled in pfSense by default
* Can disable if necessary. This option causes problems for some NFS implementations, but is safe and should be left enabled on most installations.
* Disable filter – you can turn off the firewall filter entirely if you wish to turn pfSense into a pure router.
* pfSense offers three options for VPN connectivity, IPsec, OpenVPN, and PPTP.

There’s a ton of other great features that you can read up on at http://is.gd/iauk

The LiveCD ISO is available from http://www.pfsense.org/mirror.php?section=downloads and for VMware folks, a prebuilt VM is available at http://files.pfsense.org/vmware/pfSense-1.2.2-VM.zip

–Matt Lestock

LAN Party

This month, we are playing Left4Dead and Zombie Panic! Join us for our LAN Party on Saturday, February 28th at L4D.hak5.org or ZP.hak5.org for a good ol’ zombie apocalypse.

Trivia

Last week’s trivia was: “In PHP, which is faster and why? echo”Hello World”; or print(”Hello World”);?” Zoltan answered right with: “Echo is faster because it doesn’t set a return value and ‘print’ is a more complex function.” Zoltan wins a copy of Pronobozo’s CD ‘Zero=One=Everything’. You can check out more of Pronobozo’s music at his website.

If you want to win this week’s giveaway, enter the letters you see popping up during the episode into our trivia page and answer the trivia question in the first 24 hours from when this episode releases. We will choose a random winner out of the correct answers!

iTunes

Remember to subscribe to our new HD feed on iTunes at Hak5.org.

Feedback

Have a segment suggestion, constructive feedback, or a snack idea for Kerby? Email your ideas to Feedback@hak5.org. Thank you!

Stickers

Don’t forget! We’ve got brand new sticker packs as thanks for your donations at Hak5.org/stickers. Without your help, we wouldn’t be HD right now.

Shmoocon

We will be at Shmoocon this weekend, February 6-8 in Washington DC. If you are in the area, join us for the annual podcaster’s meetup. Meet our cast and crew as well as lots of other great podcasters from PaulDotCom, Securabit, Sploitcast, Cyber Speak, Security Justice, and more! Get the info at Podcaster’s Meetup.com.

Survey

We’re conducting a survey to get some additional information about our viewer. We would love your feedback. If you have a few minutes to spare, please do us a favor and take the survey at the survey page.

For those of you who complete the survey, you will be treated to a sneak peek at a new show that Revision3 has been working on and get a back stage look at the pre-production of a Hak5 episode.

Trust your Technolust!

SAN FRANCISCO, CA – August 14, 2008 – Revision3, the TV network for the Internet generation, today announced that it is bringing Hak5, a home-grown hit series fusing underground culture and mainstream IT, to its weekly lineup of pop culture shows. Covering everything from network security, open source software and forensics, to Do It Yourself projects and the homebrew scene, new episodes of Hak5 will launch today on Revision3 at www.revision3.com/hak5.

“Back when we launched Tekzilla, a few fans accused us of ripping off Hak5’s brick-encrusted set. The correlation was spurious, but rather than alienate the industry’s top hackers, we decided it would be better to team up with Hak5 instead,” said Jim Louderback, CEO of Revision3. “Seriously, it’s great to have such a hardcore hacking show round out our coverage for tech fanatics everywhere. And given the street cred of the Hak5 team, I’d rather have them with us than against us.”

Hak5, known as a hybrid of technology and geek humor, has been put together by a band of IT ninjas, security professionals and gaming enthusiasts since 2005. Within its first few months on-air the show had become a hit among tech enthusiasts as well as mainstream media, and currently attracts fans from around the world.

“With this partnership we intend to focus solely on delivering the kind of unique and high quality content our loyal viewers have come to expect”, said Darren Kitchen, Producer, Hak5. “We’re excited to become a part of Revision3’s great lineup of shows – and to extend our devoted audience in the near future.”

The first Hak5 show will launch on Monday, September 8th. Episodes will be hosted by Darren Kitchen, Matt Lestock and Shannon Morse (<–Thats me!) and will appear regularly every Wednesday at 12 p.m. EST.

About Revision3
Revision3 is the first media company that gets it. Born from the Internet, Revision3 is a TV network for the web, creating and producing shows for a new audience: passionate fans who want to watch shows about technology, modern culture and music that entertain, educate and help to expand their life experiences.

The company was founded in 2005 by technology visionaries Kevin Rose, Jay Adelson and David Prager, because they couldn’t find anything they wanted to watch on traditional television. The company is now led by Internet TV pioneer Jim Louderback. With more than 35 million downloads to date (and 4.2 million per month), Revision3’s programs can be found everywhere from Revision3 to a wide range of platforms, including Apple iTunes, Hulu, DivX, YouTube and PyroTV. Shows can be watched on any device, from a cell phone to an Apple Nano, on a computer or a TV.

For more information or to schedule an interview, contact: Sarah Hawes, 212 255 8455 or sarah@rosengrouppr.com.

http://revision3.com/blog/2008/08/14/revision3-adds-hak5-program-to-hit-lineup/