Jump to content

antonymous

Active Members
  • Posts

    7
  • Joined

  • Last visited

Recent Profile Visitors

600 profile views

antonymous's Achievements

Newbie

Newbie (1/14)

  1. Not sure exactly what you're looking for, but if you're looking for other ways to analyze your packet capture files, maybe try something like NetworkMiner? At the very least it will give you a different perspective on how to find what you're looking for.
  2. Sorry for the late bump of this story (I obviously don't check these forums much), but I felt compelled to add my two cents last week (when the servers were down), so I saved my response below - would love to hear the thoughts of some of the posters here: I'll try not to troll here, but a few things are apparent from the comments. First, judging by the "duh, it's illegal" comments, very few of you actually RTFA. In addition, the Berkman Center is one of the foremost thought leaders when it comes to the intersection of law and technology. Seriously - check out their site - I guarantee you'll come across a more than a few interesting ideas that are worth your time to explore. So maybe I'm the one being trolled, but someone has to defend what this guy says, especially on a good forum with so many bright people. Anyway, the legal-status question that this professor was answering was more along the lines of "do you have a reasonable expectation of privacy at an unsecured wifi hotspot"? As people on this board who have (hopefully) known about the ease of cookie-swiping from unsecured wifi before a Firefox extension made it easy, I think many of us would say that there is NOT an expectation of privacy at an unsecured wifi hotspot, giving some greater legal standing to someone who may be busted using this tool. So that's the "wifi is not secured" argument. The other argument is that you DO have an expectation of privacy when you log into a service (like facebook) with private credentials. So is it up to your wireless access point to provide security? If so, then is firesheep "illegal" because is it circumventing security measures? Or is the burden on the service provider (like facebook or your email provider) to provide a secure connection (like SSL), rendering tools like Firesheep worthless? Lastly, you all do hopefully realize that if use of a tool like Firesheep is deemed "illegal", then what really separates this tool from any packet-sniffer or traffic analyzer? At what point do certain tools "cross the line" and their use is deemed unlawful? Sorry if I come across as a bit snippy, but questions like these really do have an impact on all of us in the long run. The better we understand how our tools are viewed within the framework of the justice system, the better we can defend our right to use them.
  3. If I'm just filtering packets, I prefer to use Wireshark's filters. But Network Miner is another great tool that I use when I need to quickly carve out files from a PCAP. It's just less clunky than copying the stream and pasting the result into a hex editor. I tried NetWitness as well (heard of both this and Network Miner on an earlier episode of Hak5), and while it wasn't quite what I wanted, it gave me a new way to visualize how different machines were talking to each other, which is always useful.
  4. Yeah, I suppose I could do it in WinHex, but I was hoping that there might be some sort of tool by now to automagically carve out the header and replace it with a different known header to fool the DLP system.
  5. Since more and more DLP solutions are using file header information to perform analysis of data, I was wondering if there are any programs/scripts out there that can easily change file header info. For example, there might be a security rule preventing a user from emailing Excel spreadsheets, but if you were to alter the file header to look like an mp3, then you could transmit. On the other end, the recipient would need to know what the original header is to reconstruct the file, replacing the mp3 header with the old one (which could be embedded/obfuscated in the file, I suppose). Seems like there should be something out there, but my google-fu fails me. Any thoughts?
  6. While I agree with Sparda in terms of general infosec, I'll also point out that if you know exactly which files you want deleted, another good option is to delete your files from the OS, then run WinHex's options to wipe free space, slack space, and excess records from the MFT.
  7. Did you ever have any luck with this? I have some experience with data recovery from encrypted partitions, and it's nice to see followups. From my experience however, once your encrypted MBR has been overwritten, you're pretty much out of luck, assuming GuardianEdge is configured for whole-disk encryption. The tools linked to above are good for file carving, but are useless if you can't decrypt the disk. I've even been on the phone with GuardianEdge when a client's MBR became corrupted, and they weren't able to help me. Wish I had better news for you! Let us know if you're able to recover anything and what steps you took...
×
×
  • Create New...