Wednesday, November 5, 2014

Spy Hunter Holiday Challenge 2014

This holiday season I have created a network forensics challenge for the community to try and solve. This scenario, called “Spy Hunter – Operation Hermes” is the first in a new series I am going to create and publish here at My War With Entropy.

All solutions should be submitted to me at Jordan 2175 with no space at Google’s mail service no later than December 20th, 2014. Winners will be announced in January. Entries will be rated based on completeness and overall explanation of what happened and how.

Please NOTE I will NOT accept any documents in PDF or Word format.  Only plain text email and documents, something readable by pine, vim or emacs, will be accepted. By submitting a solution you grant me the right to list your name on this blog.

Good Luck.

PDF: https://drive.google.com/file/d/0By0KeB0IEqeTX0ZYWTJqRWpXdlU/view?usp=sharing&resourcekey=0-A60aXqHU_Bml20VruR2iIg
MD5 (SpyHunter-Operation_Hermes-ver1.pdf) = 6d2bb7d0ab0d83ba2da8a1142deca758

PCAP: https://drive.google.com/file/d/0By0KeB0IEqeTVl9DRUpSU1lYclk/view?usp=sharing&resourcekey=0-YR30-ma8qjCx_2gS91rJeA
MD5 (SpyHunter-Operation_Hermes-ver1.pcap.zip) = de20687a9287dcf66ddf40d699915994

Official solution information will be available to full-time faculty members teaching courses in digital forensics or cyber security at accredited academic institutions.



Saturday, November 1, 2014

How to reset the ADMIN password on a Supermicro IPMI device under VMware ESX 5.5


Resetting a forgotten ADMIN password on your Supermicro IPMI device when you are running VMware ESX 5.x is super easy, just follow these simple steps:

1) Download the IPMI tools from Supermicro’s site at: ftp://ftp.supermicro.com/utility/IPMICFG/

2) Extract zip archive and scp the Linux 64bit files over to your ESX server, either in /tmp or make the directory /opt/supermicro and store them there. 

3) Change execute permissions on ipmicfg-linux.x86_64.static to RX
> chmod 750 ipmicfg-linux.x86_64.static

4) Run the following command:
> ./ipmicfg-linux.x86_64.static -user setpwd 2 somenewpassword


Monday, October 27, 2014

A Better Hex Editor for Mac OSX

It does not take many hours of editing binary files with a basic hex editor for you to ask yourself the question, is there a better tool?  So with that question in mind, I went looking and after a few hours found a great tool for Mac OSX, it is called "Synalyze It Pro" from http://synalysis.net/

Now there are a lot of really neat features, which you can view on the App Store or at the author's web site.  But the one I will call out is the ability to write custom grammars for the binary files you work with and color code them based on what they are.

Now I work with a lot of PCAP files, and this tool has proven to be very help.  I am going to share the grammar file I wrote called libpcap.grammar with a GPLv3 license.

Here is a screen shot of my grammar file working on a PCAP file.