In our first and second dpkt tutorials, we looked at the simple construction and parsing of packets respectively. Our third tutorial combines both parsing and construction of packets in a single utility for performing DNS spoofing (a la dsniff’s dnsspoof).
Here is a simple python script for batch malware submissions to VirusTotal via its email interface. Simply replace the SMTP-related variables at the top of the script and you’re ready to rock!
As we showed in the first dpkt tutorial, dpkt makes it simple to construct packets. dpkt is equally useful for parsing packets and files, so in this second tutorial we will demonstrate parsing a PCAP file and the packets contained within it.
Brace expansion is a nice feature in the Bash interpreter that happened to be exactly what I needed during an audit. A good thing to log away in memory in case you ever find yourself in a pen-test environment with similar constraints.
In this dpkt tutorial, I will demonstrate how to construct and send a simple ICMP echo packet.
During Paul Vixie’s talk at WOOT on some of the operational challenges of deploying source port randomization functonality in BIND, I started thinking of a few simple ways to harden DNS infrastructure against VU#800113 by leveraging the IP TTL value.
I’m back from San Jose finally and while I won’t be breaking down a full review of HotSec and USENIX Security like I did for WOOT, I thought I would point out some of the more interesting presentations I was able to attend.
Day one of my trip out to San Jose to attend the WOOT, HotSec, and USENIX Security trifecta is over. The 2nd Workshop on Offensive Technologies (WOOT) took place today and I’ll be breaking it down with “The Good, The Bad, and The Ugly”.
While receiving phishing emails in my University inbox is a common occurrence, a recent email caught my eye due to its increased sophistication and University-specific information.
The Passive DNS Port Test (PDPT) tool acts as a passive DNS monitor to flag resolvers that may be vulnerable to the cache poisoning issue described in CERT VU #800113. Similar to OARC’s porttest, this monitor will judge the source port behavior of resolvers based on the standard deviation of observed source ports.
