Author: ixi

Virtualization

Virtualization, in computing, is a term that refers to the various techniques, methods or approaches of creating a virtual (rather than actual) version of something, such as a virtual hardware platform, operating system (OS), storage device, or network resources.

Hardware virtualization or platform virtualization refers to the creation of a virtual machine that acts like a real computer with an operating system. Software executed on these virtual machines is separated from the underlying hardware resources. For example, a computer that is running Microsoft Windows may host a virtual machine that looks like a computer with the Ubuntu Linux operating system; Ubuntu-based software can be run on the virtual machine.[1][2]

In hardware virtualization, the host machine is the actual machine on which the virtualization takes place, and the guest machine is the virtual machine. The words host and guest are used to distinguish the software that runs on the physical machine from the software that runs on the virtual machine. The software or firmware that creates a virtual machine on the host hardware is called a hypervisor or Virtual Machine Manager.

Different types of hardware virtualization include:

  1. Full virtualization: Almost complete simulation of the actual hardware to allow software, which typically consists of a guest operating system, to run unmodified.
  2. Partial virtualization: Some but not all of the target environment is simulated. Some guest programs, therefore, may need modifications to run in this virtual environment.
  3. Paravirtualization: A hardware environment is not simulated; however, the guest programs are executed in their own isolated domains, as if they are running on a separate system. Guest programs need to be specifically modified to run in this environment.

Hardware-assisted virtualization is a way of improving the efficiency of hardware virtualization. It involves employing specially designed CPUs and hardware components that help improve the performance of a guest environment.

Hardware virtualization can be viewed as part of an overall trend in enterprise IT that includes autonomic computing, a scenario in which the IT environment will be able to manage itself based on perceived activity, and utility computing, in which computer processing power is seen as a utility that clients can pay for only as needed. The usual goal of virtualization is to centralize administrative tasks while improving scalability and overall hardware-resource utilization. With virtualization, several operating systems can be run in parallel on a single central processing unit (CPU). This parallelism tends to reduce overhead costs and differs from multitasking, which involves running several programs on the same OS. Using virtualization, an enterprise can better manage updates and rapid changes to the operating system and applications without disrupting the user. “Ultimately, virtualization dramatically improves the efficiency and availability of resources and applications in an organization. Instead of relying on the old model of “one server, one application” that leads to under utilized resource, virtual resources are dynamically applied to meet business needs without any excess fat” (ConsonusTech).

Hardware virtualization is not the same as hardware emulation. In hardware emulation, a piece of hardware imitates another, while in hardware virtualization, a hypervisor (a piece of software) imitates a particular piece of computer hardware or the entire computer. Furthermore, a hypervisor is not the same as an emulator; both are computer programs that imitate hardware, but their domain of use in language differs.

VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use.

For a thorough introduction to virtualization and VirtualBox, please refer to the online version of the VirtualBox User Manual’s first chapter.


Why does HP recommend that I keep Hardware Virtualization off?

There are several attack vectors from bad drivers that can utilize VT extensions to do potentially bad things. that’s why the setting is usually in the “security” section of your BIOS UI.

additionally the smaller your instruction set, the more efficient the CPU runs at a very very low level (hence last decades interest in RISC chips). having it disabled allows the CPU to cache fewer instructions and search the cache faster.

http://en.wikipedia.org/wiki/Blue_Pill_%28software%29

So is there a security risk to enabling AMD-V? – Rocket Hazmat Feb 1 at 16:21
yes. Installing drivers and other very-low-level software is always risky, so its probably no more risky that grabbing a driver off a non-official download site. the big difference is that a blue-pill exploit could allow a guest to affect the host and vice-verse, which should really never be true. – Frank Thomas Feb 1 at 16:37
I disagree saying there is a security risk by enabling AMD-V. Doing a quick search on “AMD-V security” results in NO results on the first page about a security vulnerability that says a great deal. – Ramhound Feb 1 at 16:46
So, it’s off by default, because there are rootkits that pretend to by hypervisors? Guess I just gotta be careful what I download! 🙂 – Rocket Hazmat Feb 1 at 16:49

Blue Pill is the codename for a rootkit based on x86 virtualization. Blue Pill originally required AMD-V (Pacifica) virtualization support, but was later ported to support Intel VT-x (Vanderpool) as well. It was designed by Joanna Rutkowska and originally demonstrated at the Black Hat Briefings on August 3, 2006, with a reference implementation for the Microsoft Windows Vista kernel.

Disk utilities

EaseUS Disk Copy Home is a free disk/partition clone software for home users only. Regardless of your operating system, file system and partition scheme, through creating a bootable CD it can sector-by-sector copy you disk to assure you a 100% identical copy of the original one. It is a perfect free tool for Data Recovery Wizard to recover files from a backup disk.

EaseUS Disk Copy makes it utterly simple to create a bootable disk for your system on a CD or DVD, USB drive, or ISO image file, and use it to copy or clone disk partitions and recover data and partitions from backups, including sector-by-sector copying for total compatibility. With it, you can perform disk operations that usually require more than one drive (even more than one computer), such as recovering a backup of your main drive.

EaseUS Disk Copy is fully portable, so it runs as soon as you click its program file without having to be installed, even from a USB drive or similar device. The program’s disk wizard is a simple dialog box with three choices for creating a bootable drive, with drop-down lists for multiple destinations: USB, CD/DVD, and Export ISO (you browse to select a destination for an ISO file for further use). We inserted a blank DVD-R into our disk tray, and EaseUS Disk Copy’s built-in burning software recognized it. We selected CD/DVD and pressed Proceed. Immediately the software began analyzing our system and burning our bootable drive. The whole process was finished quickly. We removed the disk and labeled it, since a bootable disk you can’t find or identify doesn’t help much when your system is kaput. We reinserted the disk, rebooted out system, accessed the boot menu, and selected CD-ROM. As it should, our system booted to EaseUS Disk Copy’s menu.

At this point we could choose to continue into Disk Copy, boot from the first hard drive, or select an additional partition to boot from (handy for multi-OS systems). We selected Disk Copy, and the program’s disk copying and cloning wizard opened. This wizard walked us through each step of choosing a disk or partition as well as operations and options. The sector-by-sector option takes more time and uses more space, since it creates a one-for-one clone of your disk.

For a simple, free way to create bootable disks to use with backups and to copy your hard drives and partitions, it’s hard to do better than EaseUS Disk Copy.

Read more: EaseUS Disk Copy Home Edition – CNET Download.com http://download.cnet.com/EaseUS-Disk-Copy-Home-Edition/3000-2242_4-10867157.html#ixzz2UcWTJqM0

G4L is a hard disk and partition imaging and cloning tool. The created images are optionally compressed and transferred to an FTP server or cloned locally. CIFS(Windows), SSHFS and NFS support included, and udpcast and fsarchiver options. .
.
GPT partition support was added in version 0.41.

Backing up Windows partitions requires the use of a bootable G4L CD or running g4l via grub4dos..

G4L Web Site›

Clonezilla is a partition and disk imaging/cloning program similar to Norton Ghost®. It saves and restores only used blocks in hard drive. Two types of Clonezilla are available, Clonezilla live and Clonezilla SE (Server Edition).

Darik’s Boot and Nuke (DBAN) is free erasure software designed for consumer use. DBAN users should be aware of some product limitations, including:
•No guarantee that data is removed
•Limited hardware support (e.g. no RAID dismantling)
•No customer support

DBAN is a self-contained boot disk that automatically deletes the contents of any hard disk that it can detect. This method can help prevent identity theft before recycling a computer. It is also a solution commonly used to remove viruses and spyware from Microsoft Windows installations. DBAN prevents all known techniques of hard disk forensic analysis. It does not provide users with a proof of erasure, such as an audit-ready erasure report.

Professional data erasure tools are recommended for company and organizational users. For secure data erasure with audit-ready reporting, contact Blancco or download a free evaluation license.

Unlocker Portable 1.9.0

File eraser,a freeware to delete stubborn files easily, kill stubborn files.

 

  • Ever had such an annoying message given by Windows?

It has many other flavors:

Cannot delete file: Access is denied
There has been a sharing violation.
The source or destination file may be in use.
The file is in use by another program or user.
Make sure the disk is not full or write-protected and that the file is not currently in use.

 

Digital Forensics

What is odessa?

It’s an acronym for “Open Digital Evidence Search and Seizure Architecture”
The intent of this project is to provide a completely open and extensible suite of tools for performing digital evidence analysis as well as a means of generating a usable report detailing the analysis and any findings. The odessa tool suite currently represents more than 7 man years of labor, and consists of 3 highly modular cross-platform tools for the acquisition, analysis, and documentation of digital evidence.

In addition to the odessa tool suite, the project hosts other applications and information related to digital forensics. At this time, the list of additional tools includes a set of whitepapers and utilities authored by Keith J. Jones including Galleta, a tool for analyzing Internet Explorer cookies, Pasco, a tool for analyzing the Microsoft Windows index.dat file, and Rifiuti, a tool for investigating the Microsoft Windows recycle bin info2 file.

CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics
Currently the project manager is Nanni Bassetti.
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
The main design objectives that CAINE aims to guarantee are the following:

  • an interoperable environment that supports the digital investigator during the four phases of the digital investigation
  • a user friendly graphical interface
  • a semi-automated compilation of the final report

We recommend you to read the page on the CAINE policies carefully.
CAINE represents fully the spirit of the Open Source philosophy, because the project is completely open, everyone could take the legacy of the previous developer or project manager. The distro is open source, the Windows side (Wintaylor) is open source and, the last but not the least, the distro is installable, so giving the opportunity to rebuild it in a new brand version, so giving a long life to this project ….

http://linuxzoo.net/page/tut_caine_lab1.html

Information Systems Security


The Open Source Security Testing Methodology
http://www.isecom.org/mirror/OSSTMM.3.pdf

The Information Systems Security Assessment Framework (ISSAF) seeks to integrate the following management tools and internal control checklists:

Evaluate the organizations information security policies & processes to report on their compliance with IT industry standards, and applicable laws and regulatory requirements
Identify and assess the business dependencies on infrastructure services provided by IT
Conduct vulnerability assessments & penetration tests to highlight system vulnerabilities that could result in potential risks to information assets
Specify evaluation models by security domains to :
Find mis-configurations and rectify them
Identifying risks related to technologies and addressing them
Identifying risks within people or business processes and addressing them
Strengthening existing processes and technologies
Provide best practices and procedures to support business continuity initiatives

Business Benefits of ISSAF

The ISSAF is intended to comprehensively report on the implementation of existing controls to support IEC/ISO 27001:2005(BS7799), Sarbanes Oxley SOX404, CoBIT, SAS70 and COSO, thus adding value to the operational aspects of IT related business transformation programmes.
Its primary value will derive from the fact that it provides a tested resource for security practitioners thus freeing them up from commensurate investment in commercial resources or extensive internal research to address their information security needs.
It is designed from the ground up to evolve into a comprehensive body of knowledge for organizations seeking independence and neutrality in their security assessment efforts.

It is the first framework to provide validation for bottom up security strategies such as penetration testing as well as top down approaches such as the standardization of an audit checklist for information policies.

The Open Web Application Security Project (OWASP) is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies. The OWASP Foundation is a 501(c)(3)charitable organization that supports and manages OWASP projects and infrastructure. It is also a registered non profit in Europe since June 2011.

OWASP is not affiliated with any technology company, although it supports the informed use of security technology. OWASP has avoided affiliation as it believes freedom from organizational pressures may make it easier for it to provide unbiased, practical, cost-effective information about application security.[citation needed] OWASP advocates approaching application security by considering the people, process, and technology dimensions.

OWASP’s most successful documents include the book-length OWASP Guide,[1] the OWASP Code Review Guide OWASP Guide [2] and the widely adopted Top 10 awareness document.[3][citation needed] The most widely used OWASP tools include their training environment,[4] their penetration testing proxy WebScarab,[5] and their .NET tools.[6] OWASP includes roughly 190 local chapters [7] around the world and thousands of participants on the project mailing lists. OWASP has organized the AppSec [8] series of conferences to further build the application security community.

OWASP is also an emerging standards body, with the publication of its first standard in December 2008, the OWASP Application Security Verification Standard (ASVS).[9] The primary aim of the OWASP ASVS Project is to normalize the range of coverage and level of rigor available in the market when it comes to performing application-level security verification. The goal is to create a set of commercially workable open standards that are tailored to specific web-based technologies. A Web Application Edition has been published. A Web Service Edition is under development.

the OWASP Top Ten Project – if you’re looking for the OWASP Top 10 Mobile Click Here
The Release Candidate for the OWASP Top 10 for 2013 is now available here: OWASP Top 10 – 2013 – Release Candidate

The OWASP Top 10 – 2013 Release Candidate includes the following changes as compared to the 2010 edition:

  • A1 Injection
  • A2 Broken Authentication and Session Management (was formerly A3)
  • A3 Cross-Site Scripting (XSS) (was formerly A2)
  • A4 Insecure Direct Object References
  • A5 Security Misconfiguration (was formerly A6)
  • A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection)
  • A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access)
  • A8 Cross-Site Request Forgery (CSRF) (was formerly A5)
  • A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration)
  • A10 Unvalidated Redirects and Forwards

Please review this release candidate and provide comments to dave.wichers@owasp.org or to the OWASP Top 10 mailing list (which you must be subscribed to). The comment period is open from Feb 16 through March 30, 2013 and a final version will be released in May 2013.

If you are interested, the methodology for how the Top 10 is produced is now documented here: OWASP Top 10 Development Methodology

OWASP Appsec Tutorial Series

Uploaded on Jan 30, 2011
The first episode in the OWASP Appsec Tutorial Series. This episode describes what the series is going to cover, why it is vital to learn about application security, and what to expect in upcoming episodes.

Uploaded on Feb 8, 2011
The second episode in the OWASP Appsec Tutorial Series. This episode describes the #1 attack on the OWASP top 10 – injection attacks. This episode illustrates SQL Injection, discusses other injection attacks, covers basic fixes, and then recommends resources for further learning.

Uploaded on Jul 11, 2011
The third episode in the OWASP Appsec Tutorial Series. This episode describes the #2 attack on the OWASP top 10 – Cross-Site Scripting (XSS). This episode illustrates three version of an XSS attack: high level, detailed with the script tag, and detailed with no script tag, and then recommends resources for further learning.

Published on Sep 24, 2012
The forth episode in the OWASP Appsec Tutorial Series. This episode describes the importance of using HTTPS for all sensitive communication, and how the HTTP Strict Transport Security header can be used to ensure greater security, by transforming all HTTP links to HTTPS automatically in the browser.

DEFT 7 is based on the new Kernel 3 (Linux side) and the DART (Digital Advanced Response Toolkit) with the best freeware Windows Computer Forensic tools. It’s a new concept of Computer Forensic system that use LXDE as desktop environment and WINE for execute Windows tools under Linux and mount manager as tool for device management.

It is a very professional and stable system that includes an excellent hardware detection and the best free and open source applications dedicated to Incident Response, Cyber Intelligence and Computer Forensics.

DEFT is meant to be used by:

Military
Police
Investigators
IT Auditors
Individuals

DEFT is 100% made in Italy

Android SDK

Android software development is the process by which new applications are created for the Android operating system. Applications are usually developed in the Java programming language using the Android Software Development Kit, but other development tools are available. As of October 2012[update], more than 700,000 applications have been developed for Android, with over 25 billion downloads.[2][3] A June 2011 research indicated that over 67% of mobile developers used the platform, at the time of publication.[4] In Q2 2012; around 105 million units of Android smartphones were shipped which acquires a total share of 68% in overall smartphones sale till Q2 2012.[5]

The ADT Bundle provides everything you need to start developing apps, including a version of the Eclipse IDE with built-in ADT (Android Developer Tools) to streamline your Android app development. If you haven’t already, go download the Android ADT Bundle. (If you downloaded the SDK Tools only, for use with an existing IDE, you should instead read Setting Up an Existing IDE.)

Install the SDK and Eclipse IDE

  1. Unpack the ZIP file (named adt-bundle-<os_platform>.zip) and save it to an appropriate location, such as a “Development” directory in your home directory.
  2. Open the adt-bundle-<os_platform>/eclipse/ directory and launch eclipse.

That’s it! The IDE is already loaded with the Android Developer Tools plugin and the SDK is ready to go. To start developing, read Building Your First App.

Caution: Do not move any of the files or directories from the adt-bundle-<os_platform> directory. If you move the eclipse or sdk directory, ADT will not be able to locate the SDK and you’ll need to manually update the ADT preferences.

Additional information

As you continue developing apps, you may need to install additional versions of Android for the emulator and other packages such as the library for Google Play In-app Billing. To install more packages, use the SDK Manager.

Everything you need to develop Android apps is on this web site, including design guidelines, developer training, API reference, and information about how you can distribute your app. For additional resources about developing and distributing your app, see the Developer Support Resources.

There is a community of open-source enthusiasts that build and share Android-based firmware with a number of customizations and additional features, such as FLAC lossless audio support and the ability to store downloaded applications on the microSD card.[42] This usually involves rooting the device. Rooting allows users root access to the operating system, enabling full control of the phone. In order to use custom firmwares the device’s bootloader must be unlocked. Rooting alone does not allow the flashing of custom firmware. Modified firmwares allow users of older phones to use applications available only on newer releases.[43]

Those firmware packages are updated frequently, incorporate elements of Android functionality that haven’t yet been officially released within a carrier-sanctioned firmware, and tend to have fewer limitations. CyanogenMod and OMFGB are examples of such firmware.

On 24 September 2009, Google issued a cease and desist letter[44] to the modder Cyanogen, citing issues with the re-distribution of Google’s closed-source applications[45] within the custom firmware. Even though most of Android OS is open source, phones come packaged with closed-source Google applications for functionality such as the Android Market and GPS navigation. Google has asserted that these applications can only be provided through approved distribution channels by licensed distributors. Cyanogen has complied with Google’s wishes and is continuing to distribute this mod without the proprietary software. He has provided a method to back up licensed Google applications during the mod’s install process and restore them when it is complete.[46]

The NDK is a toolset that allows you to implement parts of your app using native-code languages such as C and C++. For certain types of apps, this can be helpful so you can reuse existing code libraries written in these languages, but most apps do not need the Android NDK.

Before downloading the NDK, you should understand that the NDK will not benefit most apps. As a developer, you need to balance its benefits against its drawbacks. Notably, using native code on Android generally does not result in a noticable performance improvement, but it always increases your app complexity. In general, you should only use the NDK if it is essential to your app—never because you simply prefer to program in C/C++.

Typical good candidates for the NDK are self-contained, CPU-intensive operations that don’t allocate much memory, such as signal processing, physics simulation, and so on. When examining whether or not you should develop in native code, think about your requirements and see if the Android framework APIs provide the functionality that you need.

MobileGo is a life saver for those who love music and video, text a lot and juggle apps on their Android phones and tablets.

Android Fans:Backup everything to PC with 1 click & retain 100% quality.
Music Lovers:Instantly add fun stuff and enjoy media anytime, anywhere.
App Addicts:Download, install, uninstall and export apps quickly and easily.
Socialites:Transfer contacts from/to Outlook and send & reply SMS seamlessly from your PC.
The Android 3.1 platform (also backported to Android 2.3.4) introduces Android Open Accessory support, which allows external USB hardware (an Android USB accessory) to interact with an Android-powered device in a special “accessory” mode. When an Android-powered device is in accessory mode, the connected accessory acts as the USB host (powers the bus and enumerates devices) and the Android-powered device acts as the USB device. Android USB accessories are specifically designed to attach to Android-powered devices and adhere to a simple protocol (Android accessory protocol) that allows them to detect Android-powered devices that support accessory mode.[22]

Hardware Detection Tool

HDT (stands for Hardware Detection Tool) is a Syslinux com32 module that displays low-level information for any x86 compatible system. It provides both a command line interface and a semi-graphical menu mode for browsing.

anonimized run

The Amnesic Incognito Live System or Tails is a Debian based Linux distribution aimed at preserving privacy and anonymity.[1] Actually, it is the next iteration of development on the previous Gentoo based Incognito Linux distribution.[2] All its outgoing connections are forced to go through Tor,[3] and direct (non-anonymous) connections are blocked. The system is designed to be booted as a live CD or USB, and leaves no trace on the machine unless explicitly told to do so. The Tor Project has provided most of the financial support for development.[4]

Tails is a live system that aims at preserving your privacy and anonymity. It helps you to use the Internet anonymously almost anywhere you go and on any computer but leave no trace using unless you ask it explicitly.

It is a complete operating-system designed to be used from a DVD or a USB stick independently of the computer’s original operating system. It is Free Software and based on Debian GNU/Linux.

Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc.

Continue reading “anonimized run”