Posted by & filed under Forensics, Security.

Dumping out a image of the current memory set for further analysis seems to be a much better approach to finding hidden processes, open ports, etc. is a good article on it.

In a nutshell provides a suite of tools. Once he image gets dumped, you can analyze it with analyze.bat which will generate a XML file that you can import into excel for analysis.

Posted by & filed under Linux, Server Admin.

Finally I figured out a procedure for resizing the LVM partition. A server’s /usr partition has been dangerously full for some time now so this has become a priority.


  • Resize VHD with VhdResizer
  • fdisk /dev/hda
    Add a new primary partition (hda4 for this list)
  • Reboot
  • Tell LVM about the new physical volume
    pvcreate /dev/hda4
  • Extend the volume group
    vgextend VolGroup00 /dev/hda2
  • Extend the logical volume to use the newly expanded space
    lvextend -L 19G /dev/VolGroup00/LogVol00
  • Resize the filesystem to use the new space
    ext2online /dev/VolGroup00/LogVol00
  • Optional – check the disk for errors
    e3fsck -f /dev/VolGroup00/LogVol00

Posted by & filed under Projects, WiFi.

I got my powered USB hub in the mail today. Hopefully I can make it power the NSLU2.

Posted by & filed under Pen Testing, Projects, Security, WiFi.

After working pretty late last night I finally got all the pieces working for my wardriving setup. I posted about my original idea here, and this is the results of my labor. The premise of this is to avoid having to use a laptop to scan for AP’s.

Now on to the hardware setup…

  • Linksys NSLU2 – Reflashed to Openwrt/jffs. This unit has two USB ports; one is used for storage to a memory stick and the other is used for my BU-353 GPS reciever.
  •  Linksys WRT54GS – Reflashed to OpenWrt/jffs.

The WRT54GS  runs the kismet drone and a little script to enable the AP to continuously hop channels searching for AP traffic. All the data is passed to the kismet server on the NSLU2 for processing and/or display.

The NSLU2 is the central piece of the system. It runs the kismet server which receives data from the WRT drone, generates GPS positioning data for the APs, and logs it all to the memory stick.This allows me to easily retrieve the memory stick, read the logs in on a PC, analyze the TCP dumps, and feed the data into GPSDrive for AP waypoint mapping.

Now I just need to find my power invertor and my rig will be complete!

Posted by & filed under Pen Testing, Projects, WiFi.

I just got a Globalsat BU-353 GPS Reciever in the mail. Pretty sweet so far, and the plan is to use kismet to create waypoints for gpsdrive to read in later to map out APs My brainstorm:

  • WRT54GS Running OpenWRT
    This will handle the scanning, sending its results via ethernet
  • Linksys USB NAS (has a ethernet port and 2 USB ports). Running OpenWRT
    This will handle writing the kismet data to a external HD as well as providing GPS data

I believe I should be able to attach a ext3 USB drive to the nas so it can write directly to the disk from the nas. Then, the wrt router running as a kismet drone sends the scan data back to the NAS and written to the external drive. The NAS would also be running GPSd with my Globalsat GPS attached. Both devices connect directly together via ethernet. The kismet drone will be configured to read the GPS data coming from the NAS on the GPSd port. As long as I can natively write to the attached USB drive on the NAS then I don’t see any thing that should be an issue pulling this off.

I was researching installing a USB port or a SD slot and came up with these interesting link that I will include just for the heck of it.

Whew I almost forgot how much cool stuff is in Sparkfun’s website.

Posted by & filed under Virtualization.

I’ve been playing with VirtualBox 2.06 on Ubuntu 8.05 for some sandbox testing. XP Installed in about is minutes on my 2.4ghz 1gb memory system. It runs pretty good even with a lot of other apps running in the background. I need to look into the CLI tools… I don’t think it can match anywhere near the robustness of vmware.

Posted by & filed under Pen Testing, Security.

“Hackers and malicious insiders are an undeniable threat to your organization’s network. They have sophisticated tools and backdoor programs at their disposal with which to steal information, perform unlawful or unauthorized activities, and cover their tracks. Security professionals charged with protecting their organizations can become overwhelmed in developing specialty applications to combat these threats.

To help bridge this gap, Foundstone offers several unique utilities that you can add to your network security arsenal.”

Foundstone SASS tools like Hacme Casion and Hacme Bank are great learning tools.…

John Strand ( also has some great videos on the topic.