Ayoi’s

OKay, let me share with you the UiTM i-Hack 2008 Defense Challenge question. The download link will be at the bottom of this post and before you start downloading the questions, please read the condition first.

The Condition

You should be able to download the compressed file that contains:

a). Question.rar

b). password.pcap

This file should be able to be uncompressed into your system without any problem. However the Question.rar file is protected with a pass phrase. Meaning the the required “password” will have more than one word (so that’s why I use pass phrase term) and also includes the white spaces as well. The pass phrase can be found in the password.pcap file.

It is not that difficult and I think most of you perhaps can answer all the questions within few hours top. Perhaps you guys have any new ideas on how to create this type of challenge in the future.

Thanks and good luck

You can retrieve the question from this link : http://hazrulnz.net/files/

What a weekend. I never ever expect to get involve in this event organized by UiTM so intensively as initially the actual thing that I need to do is to conduct an interview session during that event and even that will only take half of my Saturday and not the whole 3 days (including the Friday as well). Am I complaining? No, in fact I want to convey my gratitude to those who inviting me to participate in this event either as one of the panels in one of the forums organized during the event or as one of the judges during the competition as well.

(more…)

I am easily distracted from my work. My Big Boss request for an evaluation of this one application that I can call as one of the Unified Threat Management Systems available in the market. Plus this network gateway security application has won the 2008 Best Gateway Security for Open Source by Infoworld BOSSIES award. The name of this apps is Untangle. Like other UTMS, Untangle offers 3 types of services where Spam Blocker, Web Filter and Protocol Control for Productivity while under Security service it has Virus Blocking, IPS and others. Other functions like Remote Access, Reporting and Networking also offered by Untangle. And yes, Untangle was built based on Debian via Knoppix (Discovered when the message appeared during shutting down procedure of Untangle

(more…)

This is not my laptop, this one belongs to http://www.ataliba.eti.br/

Ok, to be honest, I dun have THAT much time to playing around with something new for me these days. So in between of preparing training slides, writing articles and reading my current book “The New School Of Information Security” and writing reports, I decided to punish my laptop by installing OpenSolaris on my virtual Machine.

(more…)

Currently I am using Mozilla Thunderbird 2.0.0.16 as my email client. I have this habit of prefering my emails to be stored in my laptop as easier for me to refer to any particular emails while offline. Oh yes, Thunderbird also has the calender where I can monitor my appointments, my immediate tasks and future tasks and also I can check whether these tasks completed or not (this sentence dedicated to wifey and her outlook ;P) Usually I never or seldom look at those emails filtered as Junk or Spam by Thunderbird, but out of the blue, I just decided to look into one that managed to bypass the filters.

(more…)

Sometimes we do have wishes. Sometimes we do hope that most of our wishes will come true. Sometimes we do wish that one of the wishes will come true. Sometimes we do want one of the wishes to be true.

And now I do wish that I have more machines for my usage. There are many things I want, I need, I have to do and my ‘ol laptop can’t cope more virtual machines running on it.

I wish…

First of all, the picture that I’ve published on previous post.. It was taken back in 1994. When I was still young and a lil bit naive. Just 18 years old ma.. Hehehe..

Anyway past few months, I was invited to give a talk during the UiTM’s i-Hack 2008 event this coming August. I have few topics in my mind and as the majority of the audience will be students, I decided to pick on either Cyber Attack Phases: Why you need to know and Fundamental Security Requirement: The Policies. I’ve worked on the presentation slides on both of the topics and then something came up.

(more…)

Spent most of my after lunch time doing my SANS GCIH Practice exam. It has 150 objective type of questions and must be completed within 4 hours. Initially I want to go through the practice exam in October or November, but then what the heck, I just want to get used with the type of questions, exam format etc so I can make appropriate notes on the subject.

(more…)

not this Brute Force

This is the big question when we try to categorized this type of attacks. Whether this SSH Brute Force attack falls under reconnaissance/scanning/information gathering or already at the exploitation phase which can be categorized as Attempted Unauthorized Access. Some said it should be categorized under Reconnaissance, while others preferred it to be categorized as Attempted Unauthorized Attempt.

(more…)

I think this is one of the most overlooked items when putting machines/systems/application on the wire. Perhaps when we build up as example a machine that will host web applications that will be offered to the public via internet, or for our business partner via extranet and perhaps for internal purpose only via Intranet, we might concentrate on the auditing the source code to eliminate any possible flaws, opened ports, necessary services required to run on the machine, platform harderning and many others.

(more…)