Malware Analysis:

http://malwr.com/

http://virustotal.com

Podcasts:

http://pauldotcom.com

Tools:

Beef Browser Exploitation Framework
http://beefproject.com

I turned up a 6over4 tunnel to Hurricane Electric with the IPv6 traffic from the tunnel passing through a Cisco ASA firewall.   The stability and performance of the HE tunnel have been fantastic.   Here is how it is setup:

While the Cisco ASA doesn’t support direct termination of IPv6 tunnels, it does have very rich support for IPv6 firewalling.   The approach would be to take another external router which would sit outside of the ASA firewall and use that for tunnel termination.    From there, bring the IPv6 inside interface of the router terminating the tunnel and connect that to an ASA interface which only has an IPv6 address.

You will need at least one additional static IP address on your outside network in order for this to work.    Many Cable ISPs will offer this if you sign up for business level services usually for a nominal additional fee.  It may still work with a dynamic address if it doesn't change all that much.

When you signup with HE they will provide two /64 networks and a /48.   The first /64 IPv6 network is for the actual tunnel going from your external tunnel router to the HE tunnel server.   The second /64 is for the connection between the inside interface of your tunnel router and the ASA.  The final /48 is for internal subnets behind the ASA firewall.

As far as software goes, the ASA should be running software 8.2 or higher while the external IOS router could be running a recent image of 12.4T or Release 15.   In my case I am using an 1800 series router running release 15.1.3T Advanced Enterprise.

 

Cisco ASA to IPv6 Internet Using Hurricane Electric

 

The setup on the ASA is relatively simple.   Configure the appropriate IPv6 address on a separate external interface which would come out of the second /64 which HE assigned to your account.   Make sure that this interface only has an IPv6 address.     In order to route IPv6 traffic passing through the ASA to the tunnel router, you have to setup an IPv6 default route which points at the inside interface of your external ipv6 tunnel router.   You would also have an IPv4 default route which points at your ISP's Ipv4 default gateway.    So at this point you have a default route on the ASA going in one direction for IPv6 and another default route for IPv4 going in a different direction.

The final part of the puzzle is a static route on your external IPv6 tunnel router for your internal IPv6 networks behind the ASA   The static should point at the outside IPv6 interface of the ASA firewall.

You will also notice that I setup an access list on the IPv6 tunnel router.   This is for the general security of that router since it is siting exposed on the unfiltered Internet.    Aside from SSH and any other services which you might want to allow you will have to allow IP protocol 41 which is used to encapsulate IPv6 traffic in Ipv4.

 

Cisco ASA Firewall Configuration:

interface Vlan6 description ipv6 to HE Tunnel
nameif ipv6-tunnel 
security-level 25 
no ip address 
ipv6 address 2001:DB8:2222::1/64

interface Vlan1 description Internal Protected 
nameif inside 
security-level 100 
ip address 192.168.100.1 255.255.255.0 
ipv6 address 2001:DB8:F1F1::1/64 
ipv6 enable 
ipv6 nd prefix 2001:DB8:F1F1::/64 43200 43200

!!! The above /64 is taken from the /48 network assigned to you by HE

interface Vlan2 description IPv4 
Internet nameif outside 
security-level 0 
ip address 50.50.50.60 255.255.255.248

route outside 0.0.0.0 0.0.0.0 50.50.50.57 
ipv6 route ipv6-tunnel ::/0 2001:DB8:2222::2

Outside Tunnel Router IOS Configuration:

ipv6 unicast-routing

ipv6 cef

interface Tunnel0 
description Hurricane Electric IPv6 Tunnel Broker 
no ip address 
ip flow ingress 
ipv6 address 2001:DB8:1111::2/64 
ipv6 enable 
tunnel source 50.50.50.59 
tunnel mode ipv6ip 
tunnel destination 209.51.161.14

interface FastEthernet0 
ip address 50.50.50.59 255.255.255.248 
ip access-group inbound in 
no ip redirects 
ip flow ingress 
duplex auto 
speed auto 
no ip address 
ipv6 address 2001:DB8:1111:1/64 
ipv6 enable 

ipv6 route 2001:DB8:F1F1::/48 2001:DB8:2222::1 
ipv6 route ::/0 Tunnel0

ip access-list extended inbound 
permit 41 host 209.51.161.14 host 50.50.50.59 
permit tcp any host 50.50.50.59 eq 22 
permit udp any eq domain host 50.50.50.59 
permit icmp any host 50.50.50.59

Traditionally installing and uploading images on Cisco router has been done with TFTP.    As the IOS images have grown larger and larger some TFTP servers have problems with supporting these large file sizes.    Secure Copy - scp can be used in place of TFTP to interact with the IOS file system.    This eliminates many of the problems related to TFTP with the added benefit of security.   Below is an IOS config snippet for making this work:
 

! AAA authentication and authorization must be configured properly for SCP to work.
aaa new-model
aaa authentication login default local
aaa authorization exec default local
! Set your login credentials as appropriate
username user privilege 15 password 0 securepass
! SSH must be configured and functioning properly.
ip ssh time-out 120
ip ssh authentication-retries 3
ip scp server enable


At this point you can use any scp client to interact with the IOS filesystem.    So for example on a Unix-like filesystem:


scp -2 ./c2800nm-adventerprisek9-mz.151-2.T1.bin \
username@10.1.1.1:/c2800nm-adventerprisek9-mz.151-2.T1.bin


The above will copy the image to the flash filesystem on router 10.1.1.1.    The -2 option forces SCP to use version #2

nmap --spoof-mac Apple --traceroute --data-length 9 \ 
-f -D 192.168.200.200,RND:5,ME -v \
-n -O -sS -sV -oA /home/pentest/192.168.1.1 \
--log-errors -append-output \
-p T:1-1024,1433,2222,2249,7778,8080,9999 \  
--randomize-hosts 192.168.1.1 192.168.1.2 <target>

Output traceroute

--trace-route 

Append random data to sent packets for IDS evasion

--data-length <num> 

fragment packets into 8 byte segments for IDS evasion

-f

Stealth SYN Scan

-sS

Decoy IP Address.  Uses these addresses to scan the target

-D

Chooses 5 other random ip addresses and also generates scans from these

RND:5

Place my scan at the 6 position after the 5 random which increases
the probability that I won't be logged

,ME

No DNS resolution

-n

OS Detection

-O

Change MAC address for scans

--spoof-mac 

TCP scan only

-p ports :T 

randomize the targets if there are more than 1

--randomize-hosts    

The above will output 3 files.   One of the files will be an XML file.

It is possible to get quite a speed boost out of Mail.app by stripping all the bloat out of its Envelope index.  Since mail.app uses sqlite we can use the vacuum command.   The below command works in OS X Lion:

sqlite3 ~/Library/Mail/V2/MailData/Envelope\ Index vacuum;

To monitor file writes and reads to and from the disk.   The activity will be recorded in the output.txt file.  Use control-C to quit.

sudo fs_usage -e -w > ~/output.txt

To Create a DMG from a folder:

hdiutil create name.dmg -srcfolder ~/Desktop/FolderName

To restart the OS X dock:

Restart Dock or killall Dock

You may notice if you use network shares that OS X leaves .DSShare files on the network shares. While these aren’t visable to OS X users, if you have other users accessing the same share they will see these files in every directory. Since these files simply save the appearance of the folder in OS X, disabling it shouldn’t have any adverse effect:

defaults write com.apple.desktopservices DSDontWriteNetworkStores true

In order to eject a stuck CD/DVD you can use the below command. Sometimes the CD remains in the tray but a desktop icon is no longer visable. This command line eject command will eject the CD.

   drutil tray eject

  drutil tray open

To reset a login password, start OS X with command+S which will start the system in single user mode. Then type:

fsck -fy mount -uw / launchctl load \
/System/Library/LaunchDaemons/com.apple.DirectoryServices.plist \
dscl . -passwd /Users/UserName newpassword

To convert a DMG file to an ISO File:

hdiutil convert /path/to/filename.dmg -format UDTO -o /path/to/savefile.iso

List open TCP/UDP ports:

netstat -lnp TCP
netstat -lnp UDP
lsof -i -P

List contents of DMG/PKG files:

lsbom .pkg/Contents/Archive.com> |more