Midnight Research Labs

Backtrack3 Final is out!

sth — Fri, 20 Jun 2008 18:16:01 +0000

Time to get your download on! Backtrack3 is out, and ready for downloads. In addition to all of the normal goodies, it also comes with a trial version of SAINT (wow I haven’t seen that in a while), and the community edition of Maltego. Of course, you can also find wicrawl on there as well, .

New Open Source Forensics GUI

sth — Sun, 08 Jun 2008 06:02:12 +0000

The guys over at Professional Security Testers recently posted about a new open source forensics tool named PTK. It’s an updated front end for sleuth kit, which could possibly replace the current interface, Autopsy, which has been getting pretty stale. Autopsy is pretty good, but I’ve found if you know what you’re looking for that the sleuth kit CLI and a couple scripts to automate case creation is often faster. PTK claims many improvements over autopsy:

* Indexing Engine
- String Extracion
    o Allocated, Unallocated, Slack Space
    o Live Search
- File Categorization
    o File signature analysis
        oFile extension mismatch
    - Auto Data Carving
        o Customizable file signature
    - Hash Set Manager

* Advanced Timeline
* Gallery View
* Advance Keyword Search
* Bookmarking Section
* Multi Investigator System
* Incident Response Mode

Looks pretty interesting. It doesn’t mention OSX support, but since TSK is supported on OSX, I’m hoping it will run there as well since it’s just a web interface. We used Autopsy and TSK a bit this weekend during CTF pre-quals, and an update is greatly appreciated.

PS — Recon, an entire convention focused on reverse engineering, is next weekend. If you can get to Montreal, you should check it out. It looks like there are a few interesting talks going on.

Defcon 2008 CTF Pre-quals

sth — Wed, 14 May 2008 04:44:40 +0000

It’s finally here. The pre-qualification round for the Defcon CTF challenge happens just a couple short weeks away over the weekend of May 30th. Everyone sharpen your tools and prepare for a marathon — It’s almost go time.

Wicrawl - Getip Plugin

cybernmd — Tue, 22 Apr 2008 02:06:48 +0000

There is a new plugin now available for Wicrawl. Getip Plugin obtains AP’s public IP address by injecting traffic destined to a public IP address on the Internet. This plugin will work for unencrypted and WEP encrypted (easside-ng) networks. A special tool was developed just for this plugin called norside which takes care of traffic injection on unencrypted networks. Norside is fully compatible with buddy-ng server provided by folks at aircrack.

You can obtain this plugin by downloading the latest cvs release of wicrawl here. Looking forward to your comments and bug reports.

openpacket.org

sth — Tue, 08 Apr 2008 03:24:08 +0000

I found openpacket.org while doing a bit of RSS trolling this morning. I think it’s a pretty interesting idea, and I hope it catches on. The basic idea is to create an open online repository of packet captures for researchers to check out. You can even vote for your favorite packet captures (kind of a “hot or not” for packets, ). It looks like it was masterminded by Richard Bejtlich, who does other sorts of packety IDS goodness as well.

Toorcon Seattle

sth — Mon, 03 Mar 2008 06:10:37 +0000

The official announcement, and CFP for the Toorcon Seattle conference went out recently. By all reports, the Toorcon Seattle beta conference went really well last year, and every San Diego Toorcon that I’ve been to has been phenomenal. I’m sure this new version of the conference will be just as hacktacular. The tickets are currently discounted, so go check it out.

Shmoocon 1000!

sth — Wed, 13 Feb 2008 22:41:34 +0000

Shmoocon is this weekend! For anyone lucky or persistent enough to get tickets, we’ll see you there! It looks like there are some good presenters there. I’m looking forward to seeing Josh Wright’s new talk on PEAP: Pwned Extensible Authentication Protocol.

Defcon 15 Videos Online

cybernmd — Sun, 10 Feb 2008 08:46:26 +0000

Video and Audio material from Defcon 15 is now officially available on Defcon Media Archives page. A video of Wicrawl presentation by our very own Aaron can be obtained here.

metasploit 3.1

sth — Mon, 28 Jan 2008 06:18:31 +0000

Greetings from Tahoe. It looks like there is a new release of Metasploit out now. It includes among other things a GUI, full windows support, some new wifi fuzzing modules, a bunch of new exploits, and Scruby, which is a ruby port of an awesome tool, Scapy.

“Metasploit 3.1 consolidates a year of research and development, integrating ideas and code from some of the sharpest and most innovative folks in the security research community” — HD Moore

Get some.

SEAT included in Best IT Security and Auditing Softwares 2007

cybernmd — Mon, 31 Dec 2007 18:11:48 +0000

Great news come from Security-Database.com, a popular security web portal. SEAT (Search Engine Assessment Tool) is listed as a recommended Information Gathering tool in annual listing of Best IT Security and Auditing Softwares 2007. To celebrate this event, we are releasing an updated version of SEAT to include updated signature database and a few bug fixes. Now go download SEAT 0.2 and start scanning.