Re: [Pauldotcom] Suggestions for Open Source Internet Security Gateway Distro/Product

I run two Untangle machines and recommend it. It's very easy to set up and configure. Ken Pryor On Apr 22, 2013 2:16 PM, "Matt Nels" wrote: > Not Debian/Ubuntu, but you should add pfSense to your list. > > On Mon, Apr 22, 2013 at 1:02 PM, Jason Drury wrote: > >

Re: [Pauldotcom] Domain Registration and Trademark

I second the gandi.net recommendation. I left godaddy a while back and have been happy with them. Ken On Mar 2, 2013 8:58 AM, "Josh More" wrote: > I like gandi.net for domain registration, mostly because they allow > full bind zone file access if you let them host DNS for you. > > I have no opin

Re: [Pauldotcom] ADHD Webcast Today 2PM ET

It was a great webcast. I'm definitely going to take a look at ADHD. KP On Feb 18, 2013 2:36 PM, "Paul Asadoorian" wrote: > Thanks all, if you missed it, the archive will be available on the SANS > web site (as will the slides). > > Cheers, > Paul > > Mike Perez wrote: > > If you're planning on a

Re: [Pauldotcom] Steady stream of probe email messages.

I've received those from time to time, but haven't followed up on them. The ones I've received have been blank, with no html. I thought they might contain a web bug, but never found any evidence of that. It's been a while since I got one. Ken On Sat, Jul 21, 2012 at 12:57 PM, Aaron Melton wrote:

Re: [Pauldotcom] Summer reading list (2012)

I'm sticking with tech books, I think. Here's what I've got on tap: Practical Malware Analysis (already started this one and it's great) Practical Packet Analysis The IDA Pro Book Hope to get through

Re: [Pauldotcom] Basic Setup of Security-Onion: Snort, Snorby, Barnyard, PulledPork, Daemonlogger

Just watched this excellent video tonight. You've inspired me to set up my own box to test it on. Thanks Adrian for doing this and all your videos! Ken On Sun, Jan 15, 2012 at 7:37 PM, Adrian Crenshaw wrote: > > > Thanks to Doug Burks (he might make a good interview) for making building > a Netw

Re: [Pauldotcom] Derbycon 2011, Day 1 Talks Posted

Thanks for doing this, Adrian. These are very much appreciated. Ken On Wed, Oct 5, 2011 at 9:12 AM, Adrian Crenshaw wrote: > More videos. In this wave are the videos from the 2nd day of the conference > that took place in track one. In this wave: > > Dennis Kuntz – Mining Sensitive Information F

Re: [Pauldotcom] Default printer

gt; With the group policy client side extensions you can set printers via a >> policy. There you can also specify a default printer when added via the >> policy. >> >> On Mon, May 9, 2011 at 2:48 PM, Ken Pryor wrote: >> >>> Hi all, >>> >>> Th

[Pauldotcom] Default printer

Hi all, This may be a simple fix, but I'm an even simpler guy and don't know the answer. We have an XP Pro computer at the office that keeps switching its default printer for reasons unknown to me. Every account is supposed to have the same default and I had them set correctly, but now it seems t

Re: [Pauldotcom] DEFCON paper accepted

Congratulations! Sounds like a very interesting talk. Ken On Wed, May 4, 2011 at 6:16 AM, Bruce Barnett wrote: > My talk/paper was accepted to Defcon19! Yoo-hoo! Here's the title: > > *Deceptive Hacking*: > > * * > > *How misdirection can be used steal information without being detected* > > > >

Re: [Pauldotcom] Forensics

I would echo what Andrew said. A timeline may not prove something beyond all doubt, but it can help strongly infer what happened. You can use Autopsy, as Andrew said, or there are ways of creating a timeline from the command line using the Sleuth Kit tools (which Autopsy uses as well). You can brin

Re: [Pauldotcom] Malware reverse engineering

references others as well. > > If anyone has taken SANS' course on fighting malware (I'm pretty certain > there's one or two! ) I'm sure the list would like to hear about those as > well.. > On Jan 30, 2011 7:52 AM, "Ken Pryor" wrote: > > I w

Re: [Pauldotcom] Malware reverse engineering

I would strongly recommend two books for you: The Malware Analysts Cookbook *http://tinyurl.com/4ufb8tf* and Malware Forensics *http://tinyurl.com/4ksbth3* On Fri, Jan 28, 2011 at 2:34 PM, Mosh wrote: > Hi There > > I really want to learn to do a reverse engineering for malware, but i > don't h

Re: [Pauldotcom] OT: "Hacking Horror Stories" Webinar This Week

I'll be there! Sounds like it should be a really cool webinar. Ken On Tue, Oct 5, 2010 at 11:49 AM, Bugbear wrote: > I trust this face don't you? > https://www3.gotomeeting.com/images/ad/csslp/woman_230x301.jpg > > Looking forward to it > > Tim > > On Tue, Oct 5, 2010 at 10:52 AM, James Costell

Re: [Pauldotcom] Favorite File Recovery Tool?

GetDataBack and PhotoRec have been good choices for me. FTK Imager can work quite nicely for individual files too. KP On Tue, Jun 22, 2010 at 10:12 AM, Craig Freyman wrote: > What do you all like to use for data recovery on hard drives? For example, > a deleted partition on a external USB drive?

Re: [Pauldotcom] Any other security practitioners in Central Illinois?

As you know, I'm pretty far from Bloomington, but I could probably be convinced to head up that way for a meet-up sometime. KP On Thu, Jun 3, 2010 at 4:59 PM, David Kovar wrote: > Greetings, > > Is anyone on this list located near Bloomington-Normal and interested > in getting together occasiona

Re: [Pauldotcom] Intro music PDC

I vote in favor of the current theme. KP On Fri, Mar 19, 2010 at 11:43 AM, Robert Portvliet < robert.portvl...@gmail.com> wrote: > I would vote to keep the theme also, definitely need to add some new > sweepers though. > > > > On Thu, Mar 18, 2010 at 3:47 PM, Adrian Crenshaw wrote: > >> If Darren

Re: [Pauldotcom] Sysinternals

I frequently use Autoruns and also use Process Monitor and Process Explorer quite a bit. I'd like to try Disk2Vhd too, but haven't had time to so far. Every tool of theirs I've used has worked quite well. Ken On Thu, Feb 11, 2010 at 10:15 AM, Josh Ciceraro wrote: > Hello, > > I was wondering if

Re: [Pauldotcom] Book recommendation - maybe not!

An amazing deal! How could they possibly drop the price from $67 to a low low price of only $18.98? Do you get any Ginsu knives with it? I love this quote from a satisfied customer: "If I wasn't a good person, with the information given to me in this handbook, I could be considered a threat!" I'm

Re: [Pauldotcom] People who criticize on the Internet

Just more proof that the world has an over abundance of classless, clueless jerks. The sad thing about the net is it allows for Internet bravery, where some jackass is willing to type something he'd never get away with saying to someone face to face. FWIW I get a lot from your site and your videos

Re: [Pauldotcom] What if child porn is encountered during research?

Speaking as a law enforcement officer, I can tell you that where I live you would most likely be referred to me as I'm the "go to" guy for computer crimes and forensics for my department. I think these days, as someone else wrote, most departments have internal or external people they consult rega

Re: [Pauldotcom] Forensically interesting spots in the Windows 7, Vista and XP file system and registry (prep work for my anti-forensics class)

I do forensics and I use RegRipper on pretty much every case I work. It's an amazing tool. KP On Fri, Aug 14, 2009 at 5:17 PM, Adrian Crenshaw wrote: > I knew about the book, but thanks for pointing me to regripper, I'll have > to look at it. > > Adrian > > On Thu, Aug 13, 2009 at 10:00 PM, iamn

Re: [Pauldotcom] How much do timestamps matter?

Also, this was on Harlan Carvey's excellent blog today http://windowsir.blogspot.com/2009/08/timeline-creation-tools-posted.html On Thu, Aug 13, 2009 at 3:48 PM, Joel Folkerts wrote: > SANS recently posted an article discussing timeline creation and analysis - > > https://blogs.sans.org/computer-

Re: [Pauldotcom] Louisville InfoSec:Free passes, discounts and the CTF

John (Navarro), What part of Illinois are you in? I'm in southeastern, so Louisville is only about a 3-4 hour drive for me. Ken On Mon, Aug 10, 2009 at 5:27 PM, John Navarro wrote: > Actually it's not that bad of a drive from here in IL...I might head out > that way. Maybe I can get some fundin

Re: [Pauldotcom] Deftlinux, possible replacement for Helix 3

Looks nice, but I couldn't find any information as to whether or not it auto mounts drives or not. That is a good thing about the Helix3 cd, it doesn't mount anything till you tell it to. KP On Fri, Aug 7, 2009 at 1:25 PM, Adrian Crenshaw wrote: > I just found out about this from Jeff Rozek's ta

Re: [Pauldotcom] IRC Client and Perl/Python text editor

I use Notepad++ and mirc. KP On Wed, Jul 29, 2009 at 11:03 AM, Gameman733 wrote: > Coming in late to the topic, and im sure its been suggested, but mirc or > xchat for windows irc clients. > > As far as a text editor, I recommend notepad++ > > -Original Message- > From: Dmitry Nedospasov

Re: [Pauldotcom] Nmap 5...

Excellent tutorial, Adrian. I learned a lot from it and now I plan to give it a go myself. Thanks! Ken On Tue, Jul 21, 2009 at 10:40 PM, Adrian Crenshaw wrote: > Ok, I have the Ncat tutorial up, but it's pretty big at about 42MB: > > http://www.irongeek.com/i.php?page=videos/ncat-nmap-netcat >