Sunday 7 July 2013

Network Miner for Kali

Installing Network Miner on Kali

This is the first installation of customising Kali for Network Intrusion Analysis and Malware Analysis.

We will start with pcap analysis, because packets never lie, unless they are specifically crafted to lie, in which case, they tell you.... sort of :)

sudo apt-get install libmono-winforms2.0-cil

wget sourceforge.net/projects/networkminer/files/latest -O /tmp/networkminer.zip

sudo unzip /tmp/networkminer.zip -d /opt/

cd /opt/NetworkMiner_1-2

sudo chmod +x NetworkMiner.exe

sudo chmod -R go+w AssembledFiles/

sudo chmod -R go+w Captures/

mono /opt/NetworkMiner_1-4-1/NetworkMiner.exe

Friday 5 July 2013

Return of the Goth


Morning

I have not disappeared, just been really, really busy.  Decided not to be selfish and keep all my intel to myself or a few the purchase any books or anything I do in the future.

All will be presented here, free and available.

Cheers,

The Security Goth

Thursday 22 November 2012

INetSim Config - Basic

Forgot to post this before.

You only need to change 2 things in the default config to get up and running.

service_bind_address

and
dns_default_ip


change these both to the IP address of the INetSim box/host and you are up and running.


Everything else is a personal tweak.

Wednesday 21 November 2012

INetSim on Ubuntu 12.04.01 LTS 64 bit

The INetSim guide I wrote last week or so also works on Ubuntu 12.04.01 LTS.

All you need to do is wget the inetsim tar.gz file and be comfortable looking at the command line ;)

Still no config, it will come soon (ish)

Saturday 10 November 2012

INetSim Installation of Ubuntu 12.10


INetSim Installation on Ubuntu 12.10
by The Security Goth version 1.0 dated 10th November 2012

Before we begin, I will occasionally put some odd notes in or write things in a very simple/plain fashion.  This is not a slight on my readers, but just in case someone is just starting out and doesn't have a great level of experience yet. Regular font for information Courier New Bold for stuff to type.

Note - in this installation the easiest way to get to the terminal is CTRL-Alt-t  open one now and lock it to the launcher for easy access.

Install OS - ubuntu-12.10-desktop-i386.iso (I used easy mode on VMWare Workstation 7.0.0 build-203739)

There was 76 updates for my installation, install these before continuing. Reboot in accordance with the Software Updater message (if applicable).

Switch user to root (keep your environment variables) - 

sudo su

Install Perl (although mine was installed already, but best to check anyway)  -

apt-get install perl

Install Perl library Net::Server -   

apt-get install libnet-server-perl

Install Perl library Net::DNS (you might already have it, but check anyway)  -  

apt-get install libnet-dns-perl

Install Perl library IPC::Shareable  -

apt-get install libipc-shareable-perl

Install Perl library Digest::SHA -  

apt-get install libdigest-sha-perl

Install Perl library IO::Socket::SSL -

apt-get install libio-socket-ssl-perl

If not root already switch user to root (keep your environment variables) - 

sudo su

Create a new group called inetsim -   

groupadd inetsim

Check you have a user named nobody -  

cat /etc/passwd | grep nobody

Download INetSim (I am using inetsim 1.2.3) from www.inetsim.org (http://www.inetsim.org/downloads.html) -  http://www.inetsim.org/downloads/inetsim-1.2.3.tar.gz

Extract the tarball -  

tar zxvf inetsim-1.2.3.tar.gz

Go into the newly extracted folder - 

cd inetsim-1.2.3

run setup.sh (it sorts out some permissions and stuff) -  

./setup.sh

Then test to see if it will run -

./inetsim

Now the hard bit, configuring it the way you want it, the way you need it.  This is not included in this guide, but samples will be posted soon (hopefully).

Ubuntu 12.10 Desktop and INetSim

One of our current projects is to setup INetSim.  We have chosen Ubuntu 12.10 as it is popular and we haven't used Ubuntu since it fell into our bad books during some performance testing on Snort a few years ago.

There will hopefully be a step-by-step guide soon and then some sample config entries, maybe a full config file.  We will have to wait and see.

Welcome to Security Goth

Good day and welcome to Security Goth.

We number only a few but between us we have many skills and unique experiences in the Computer and Network Security world.

Our aim is to share our knowledge by posting snip bits of intel and guides to various things and on various topics.

We hope you enjoy reading it as much as we do making it.