Archives 2006

Technical Offerings

This is another in a series of presentations I’ve been working on.

This is the 4th version of the draft I’m working on.

The technical offerings included will be how you can utilize the often unknown features made available on TechNet, MS Partner and even Cisco’s Partner E-Learning Connection. I’ll detail this more later as I work out the verbal presented version of this which I’ll convert into a written form.


http://www.microsoft.com/events/vlabs/default.mspx Virtual Labs
http://www.microsoft.com/events/default.mspxMicrosoft Events and Webcasts
http://www.microsoft.com/technet/traincert/virtuallab/TechNet Featured Labs
http://msdn.microsoft.com/virtuallabs/MSDN Featured Labs
https://partner.microsoft.com/US/trainingevents-Partner Training & Events
http://readysetgo.upsellusa.com/Microsoft Partner University
http://www.microsoft.com/events/podcasts/default.mspxMicrosoft Podcasts
http://www.microsoft.com/technet/technetmag/default.aspx-Technet Magazine
http://www.microsoft.com/technet/technetmag/subscribe.aspx-Magazine Sub
http://www.microsoft.com/technet/community/tnradio/default.mspx-TN Radio
http://www.cisco.com/go/loginpec/-Partner E-Learning Connection

Christopher Kusek

Feel free to comment, and look for the future final version of this document in PDF and in PPTX

Technical Offerings – Draft Version 4

Lacking in Posts.

I know I haven’t written any posts lately, and there is good reason for that.

I’ve been working on some consolidated presentation offerings, taking lots of useful information and consolidating it down into a nice and easily accessible Powerpoint or respective PDF after I’m finished. I’ll be sure to publish them on here, in addition to any additional comments I do provide on them from when I present them publicly.

If you have any suggestions of anything in particular which may be known, unknown or otherwise for a handy dandy level of consolidation, speak it up! :)

Christopher Kusek

Links Page


New registry entry for controlling the TCP Acknowledgment (ACK) behavior in Windows XP and in Windows Server 2003

http://support.microsoft.com/kb/328890

AQADMCLI

delmsg flags=SENDER,sender=postmaster@domain.com

http://blog.sapien.com/current/2006/11/28/command-line-one-liners.html

Cisco VPN PCF Decoder

Open the PCF file in notepad, grab the text after enc_GroupPwd= and go to the following website:
http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode
Copy and paste the encrypted code into that and VOILA! Clear text password is generated.

Real Estate valuation websites.

Realestateabc.com
Domania.com
Zillow.com

reviews of 15 security podcasts at
http://www.owasp.org/index.php/Reviews_of_security_podcasts

List of security Podcasts List of security Podcasts
http://realtime-voip.typepad.com/voipcommunity/2006/09/it_security_pod.html
I would say that off the top of my head a list of 10 very popular [keyword *remote], non database related vulns would be:

   1: 1. Cross-site scripting
   2: 2. Remote File Includes
   3: 3. HTML and script code injection
   4: 4. Directory traversals
   5: 5. Authentication bypass
   6: 6. Remote command/code execution
   7: 7. DoS - usually via memory corruption (failed overflows against differing SPs or hotfixes), resource exhaustion, sometimes a cool race condition or something.
   8: 8. Buffer overflows (heap/stack/format string)
   9: 9. Privilege escalation
  10: 10. Information disclosures (arbitrary read and sometimes write vulns [different class]. Often coupled with dir traversal
  11: Besides OWASP Top Ten there is also WASC (Web Application SecurityConsortium) threat classification:http://www.webappsec.org/projects/threat/

I was interviewed here about the Kindle

http://news.medill.northwestern.edu/chicago/news.aspx?id=92537

File System Directory Statistics!? WinDirStat is cool!

Who’d want that?!

Well, apparently I do, and so do many others!

WinDirStat is the “f0 shizzle” as though it were. Or maybe that’s just what the kids are saying!

This thing is absolutely cool! An Excellent way to get a real idea of how your data is allocated and equally allow you to manage that data once it is presented.

Best of all, instead of paying for a product which does something, or even if you’re just trying to profile your FileServers and ask the question of “How many AVI’s do I really have stored across this entire server” Bam, it’s all there for you! Also a good way to go, “Hmm, why is this persons home directory eating up a chunk of my drive!”

windirstat.png

So, if you like the idea of free visual representations and access of your data structure without paying for some random third party product for it! Go get it here!

http://windirstat.sourceforge.net/

A list of uses of this product are as follows

  • See if the content on your file servers is work related (Lots of XLS, DOC, PPT good, lots of MP3, AVI and RAR bad!) – from a business sense. :)
  • Easily see who has the largest home directories and respectively if the data contained within it is valid to business requirements.
  • See if there is a buildup of non-essentials or data which should be moved off elsewhere (TMP, OST, PST, ISO)

Any other good suggestions for its uses would be great!

~Christopher Kusek