Month: August 2014

To broadcast a SSID or not to broadcast a SSID, that is the question

For some, wireless security and securing ones home network can mean a number of things. Some people feel that disabling the broadcast of their SSID gives them that extra layer of security. Depending on the context of the conversation at that time, I can somewhat see their perspective. From my standpoint, I will most of the time disagree with disabling SSID broadcasting. Mainly due to the commercial tools available that will decloak an SSID revealing it. My professional opinion is that everyone who does this is just trying to protect their network but it does intrigue me as to what is so important that they are trying to secure. With that said, the aforementioned could draw people to your network just to figure that out.

Everything we did in life has risks. So the risks here are 1) one can broadcast their SSID, blend in, and hope to not be attacked or 2) not broadcast and take the chance of someone not using any tools to identify cloaked networks.

Jump Bag Stuff

Wifi-Pineapple – https://hakshop.myshopify.com/products/wifi-pineapple?variant=81044992

PWN Plug – https://www.pwnieexpress.com/product/pwn-plug-elite/

Read-Only Flash Drive – http://www.kanguru.com/storage-accessories/flash-blu2.shtml

SmartSniff – http://www.nirsoft.net/utils/smsniff.html

Parse and Extract PST and OST Mailboxes

Libpff is a powerful mail examination tool. The tool will allow you to examine and extract data without having to attach the PST to Outlook and has the ability to view emails that are encrypted. In my example below, I will be using the tool via the SANS SIFT workstation as it is already installed. If you want to the program on a different distribution, the source code can be found at https://github.com/libyal/libpff. While I have an example below of parsing the information, I encourage you to check out the man pages as it is pretty short and straightforward.

Note: the PST I am using is called target_pst.pst

1) Export the PST.

2) Verify that a target.pst.export, target.pst.orphans, and target.pst.recovered directory are now present.
(more…)

Bitnami