Technology Insights

Static Source Code Audit On Terminal Using Bash Functions

For anyone that has done a long source code audit is not about really finding the easy/low hanging fruit stuff that can be slow and sometimes a bit “frustrating”. I recently had a nice 660,000 lines of code source code audit to be done in less than 2 weeks, the language was Java, so the first thing that was to be done (they had already hit fortify and other tools with it) and were looking for a bit of more interesting stuff apparently. This raised some specific problems while working and finding the vulnerabilities and exploitability of them.

Information Security

readpst – Backtrack 5 – Forensics – Forensics Analysis Tools – readpst

We have had a couple requests to write a post about readpst which is included in the default path of Backtrack 5 and also located in the Backtrack menu underneath Forensics/Forensics Analysis Tools. The readpst application will read PST files which are also known as Microsoft Outlook Personal Folders and convert them to mbox, MH, or KMail formats. There are various other switches that can be used to output each email into a separate file, include attachments, modify contact formats, be recursive, etc. I will explain basic functionality below along with a couple of the formats and various switches.

Technology Insights

List Of Ubuntu snort debconf Variables

I find myself on a regular basis looking for various debconf variables to set before installing packages on Ubuntu. This is typically to not have to type in the answers on the various configuration screens or because I want to script an install of some package. If the package has never been installed before on that specific server then the debconf variables will not display. You can always login to another server where the package is installed to see the variables but I am going to start posting information for common packages here so others can easily find them when searching.

Technology Insights

List All IP Addresses Making Port 80 Connections To Linux Server

Earlier while analyzing a Linux server it was pointed out to me that the Apache logs were filling up with constant connections requesting domains that were not configured on the server. To me it looked as if a load balancer somewhere was misconfigured and sending traffic to our IP address by mistake but I needed to open a ticket with the colocation provider to have them look into the issue further since the network in this case is not something I have any control over. Below is a quick Linux command that will output a list of IP addresses making port 80 connections to your server.