WHo aM i?

Look at me - I'm old!

2010-06-04T17:22:00.001+08:00

Hey,

Look at me in 20 years from now!

Make yourself older! See your face in 20 years

TrendWatch

2009-12-02T16:43:00.001+08:00

Trend Micro HouseCall

2009-12-02T16:42:00.001+08:00

My tribute to MJ

2009-06-30T01:49:00.004+08:00

May the king of pop RIP. I grew up listening to his songs. I even danced to his songs for dinners and parties. The great one has left us. Words just can't describe how sad i am. For some reason, the below song reminds me of him. It was a song from Jackson 5.

virus outbreak

2008-12-04T00:38:00.003+08:00

Man...Life's bz like hell. No time to even update blog. So many interesting things happened in my life...where to start....maybe i'll update on my next post (not sure when)

As for now there has been a virus outbreak in my working environment...global outbreak...some attacker out there exploited in one of the MS vulnerabilities (out of band release) released last month. To be specific, it's MS08-067 - Vulnerability in Server Service Could Allow Remote Code Execution.

Initially all client machines and servers was patched (my team was responsible to initiate and coordinate the patching activity). However some smart peaople out there failed to adhere to instructions...causing mass exploit of servers and client machines.

Apparently the attacker deployed a worm (remotely) that could drop copies of itself to system root. From there, it accesses certain website which downloads trojans to this machines/servers. The trojan then uses random ports to access port 445 at other location i.e domain controller and Active Directory. It then does a brute force to get username and passwords.

Our IDS team initialally capture the suspicious traffic and allerted us. We then continued our investigation, found the root cause and currently performing the clean up. Our anti virus vendor came up with the bandage pattern file that detected and quarantines these malicious files.

Now we're pushing the patch (to unpatched servers/machines) via SCCM. The bandage pattern is also being deployed. BSOD also occured during the deployment...making our task miserrable. The earliest i go back home nowadays is 9 p.m. Go back then have to wake at 3.00. a.m. to sit for confrence call with the rest of the teams globally.

Lesson - Never ever take a MS patch for granted...deployed it as soon as it's released!

p.s. - *NIX users should be celebrating by now (i'm damn sure the attacker is a *NIX maestro)

The post effect of 'LOpoNg....*@#!$%

2008-04-19T01:04:00.005+08:00

For those who don't know what lopong is, it means being too free without anything to do...and this term has left an effect on me...'BIG TIME'.

You see, during my previous employment, my major tasks was basically very simple. I would be having nothing to do most of the time....whatever extra i learn and did was on my own initiative.

As expected, 'lopong' is neither applicable nor exist is in my new environment. I have to be on my toe 24/7. Any mistake will cost billions....yes BILLIONS!

Due to lopong, my start here was a little dull/slow. Expectation on me was more or less high. Everyone else was moving fast, tasks given are finished in split seconds. They have to as more and more will keep on coming non stop.

I took longer time t0 finish tasks initially. I had to understand the process and procedures. Every single process had to go through the proper channel. Everything was documented. Even if one were to install something, approval from multiple people had to be obtained. All impacts caused by a change is analyzed before deployed.

With God's blessings, i'm now able to compete with the herd. Not at the peak but slowly getting there. This is because i utilized the 'lopong' time previously to get some supplies for future. Guess it worked!

Lucky for me i did not get sucked into the 'lopong world'. As a result, i could cope with the new challenges even though it was tough in the beginning. To my friends, a piece of advice....DON'T ever enjoy the 'lopong' time....trust me, the outside world is way bigger and much tougher then expected...Mr. Lopong will backfire.....

DAMN!....I miss blogging

2008-04-19T01:03:00.000+08:00

Just can't find the time.....sigh

Received my first Microsoft certificate!

2008-03-03T00:14:00.003+08:00

Can you believe it...i just (last Friday) received my first Microsoft certificate. The best part is it was endorsed by Mr. Bill Gates himself! The certificate was awarded to me after i completed a 3 days course titled 'Maintaining and Troubleshooting Windows Vista Computers' at one of Microsoft's training center in KL. The course code is MS5118 (look it up in Microsoft training library). the feeling is just ecstasy. The trainer gave a tremendous walk through on how to troubleshoot Windows Vista errors. He was a certified trainer. I even got a Microsoft book which can't be purchased in the market.

Now, thats what i'm talking about being appreciated. The motivation to work is always there. The best part is, the organization don't bond you for this kind of trainings and certification. This year, i'm lined up for ITIL (IT infrastructure library...google it up) and MCSE certification. ITIL is the mandatory certification. My new environment requires me to have a very sound technical skills on Win2k and vista. Thus the certifications are made compulsory.

The coolest part is...i'm given a laptop...brand new...out of the box...complete with docking station, 2 mouses, additional keyboard, etc. The laptop is equipped with smart card reader and thumb recognition. Thus, it can be only accessed using my 62bit smart card. cool eh...and its FOC...The specs i shall give in another post. Will try to get a snapshot as well.

The sad part is, since i'm given a laptop, i'll be required to work from home. Not all the time, but once in a while. So that is not a problem. Besides, the rewards are good so i have no complains. Again ,as my friend said earlier...the company gives you shit, shit is what the company gets back...but when it treats you well...it will mines gold out of you.

I feel Good!

2008-02-16T23:19:00.004+08:00

Well...working office hours feels good. But i kind of miss the off days i use to have. I was at home most of the time; sleeping, playing with my son, paying bills etc. Now, those off days has been stripped off. Have to work five days, office hours. Yet, it feels good. Body feels refreshed and energized. There's a gym in my office, equipped with the state of the art equipments. Will be paying a visit soon...after buying a pair of shoes...hehehe

Now, my off days that i use to have in abundance has been replaced with working days...with a reward...a better bank balance at the end of the month. I feel appreciated. When i work on shift, the different hours often causes in frequent change of sleeping pattern. This usually resulted in me falling sick, headache, fever and all types of illness. The body actually fails to adapt to different sleeping hours as age passes by. 10 years ago, i could stay up all night working /studying but now its a little different. As advised by my doctor, the younger generation is more suitable for working shift. Not that i'm old. I consider myself very young. But taking into consideration my family, its time to leave the shift hours which has been my friend for the past 5 years. But the results are good.

I definitely prefer the current working hours. More time to spend with my wife, son and nephews and adorable niece.

Security Analyst vs Security Consultant

2008-02-12T16:23:00.004+08:00

A topic that caught my attenion some time ago. What is a jobscope of these two people? Well, since i was/am still in the industry, i can shed some light on the jobscope of both the positions. A security analyst is someone who has knowledge on a number of areas; OSes, programming langauge, tcp/ip etc. He/she must be able to use the many different tools to perform analysis task i.e. tcpdump, wireshark, squil, mrtg, ntop, acid, ossec etc. These some of the many essential tools that a security analyst must be familiar with. Besides that, he/she must also be able to detect accurately and response promptly to any incident issues. Most importantly, he/she must be able to do root cause analysis to determine the authenticity of a suspected event.

How about a security consultant? A Security Consultant is a person who has advanced skill in the world of security. NSM is at his/her fingetips. He/she is someone who could differentiate the output given by tcpdump and output from wireshark. The name itself carries a significant weight that a consultant can be proud of; the word consultant. Anyone could just walk to a Security consultant and ask advise on how to secure a network. That is the meaning of consultant=consultation. The network topology can vary from bus to mesh yet the Security Consultant could provide you with in depth recommendation on how to secure the network. He/she not only has the fundementals, but are experts in breeding a Security Analyst.

IMHO, this guy, this guy and my good friend Mr. Gigco are worthy Security Consultants. I've seen what these people can do. I strongly believe they can be approached by anyone regarding building a secured network and trust me they will live up to the task.

p.s - a person taking down minutes of a meeting, generating automatic report, ordering food and typing letters is known as a clerk. You don't need to be a rocket scientist to know that.

Back to business

2008-02-01T01:20:00.000+08:00

Hehehe...i can come back to blogging now. Wanted to become an active blogger but certain restrictions had prevented me from doing so. However, i'm now free of those constraints and have now purchased the freedom of speech....muahahahaha.

For a starter, let me tell you about a friend of mine who recently quit his job with his company. I meet him for tea this evening and we had a rather long chat till late evening. Among the discussed topics was the resignation rate in his company. It seems that many of the employees started to resign recently; to be more precise since middle of last year. The latest lost was my friend. I've known this friend for a very long time and he is well known for his dedication towards the tasks given to him. He is hardworking and always eager to learn. Yet why did he resign? So i asked him why was the resignation rate in his company at such an alarming rate. He answered, "When the company gives you shit, shit is what the company will get back". Whoa! Why such an answer? He must be really disappointed. Well....i don't know.

Good News

2007-12-12T17:35:00.000+08:00

Well...Just received a good news. The news is not final pending several process that needs my urgent attention. However it was a news i was waiting for a very long time. I'm the happiest person in the whole wide world at the moment and i thank dear God for this wonderful gift and blessing. If everything goes well, i'll be able to provide a comfortable life for my beloved. I wish that everyone else shares the same happiness as me at this moment. Thank you Jesus for the wonderful Christmas gift.

Lesson on Linux

2007-11-27T18:58:00.000+08:00

To become a successful security personnel one needs to have a couple of very important skills. One of it is to have excellent command on several operating systems. Among them has to be from Windows and *nix. There are many variants of Unix and among the famous is Red Hat Linux. I've figured out away to learn Linux. Every time i learn a new command, i'll post it in this section of my blog. Here goes:

1. tar -zxvf file_tar.gz - for folder with .tar.gz

2. tar -xvf file_tar.gz - for folder with .tar only (remove the z option)

3. rpm -ivh file-1.0-2.i386.rpm - install a RPM package

4. rpm -e file - uninstall RPM package (use the package name only...without -1.0-2.i386.rpm)

5. rpm -Uvh file-1.0-2.i386.rpm - upgrade a rpm package (usually use this one for normal install as it replaces any previously installed package)

Offline NT Password & Registry Editor

2007-11-26T18:00:00.000+08:00

Forgot your computer's admin password?

Disclaimer - Accessing/reseting a computers password without the owner's permission is completely wrong/illegal. Use this software at your own risk and for educational purpose only!! I can't be held responsible for any damage caused!

My sister recently (last week) forgot her computer's password! OH NO! There was only 2 users in the machine both with admin capabilities. She can't remember the username and password for the machine. This is due to the fact that she has not used the computer for some time. She didn't know what to do and as usual turned to me for help. I told her:

Not to worry...computerman is here!

Haha. Just kidding. I actually came across this tool; Offline NT Password & Registry Editor and wanted to put it to test. This tool comes handy in a situation like the one my sister is in. This tool does not reveal existing password but allow among other to clear the login password that is stored in the registry of the computer. The tool uses Linux bootsystem as the basis. The concept is a computer with windows stores it's login password inside NT/System32/sam. 'Sam' is the file that contains the password info.

All you need to do is burn the iso image (floopy boot disk is available but advisable to use cd), set your computer to boot from cd, and just press enter most of the time. I was able to clear the password within 10 minutes in my sister's pc (win2k). This software works with win NT, 2k, XP and even Vista. wowvy! Towards the end of the boot process, the tool reveals the username/s in the computer and gives you option to either clear, change or promote a user from regular group to admin group. Ain't that great. I eventually cleared the password for one of the user and when i reboot the system (normal boot), i entered the username and abracadabra....the os requested the password to be changed due to expiry. I entered a new password and was able to login as usual. Basicly, this is what you need to do:

Get the machine to boot from CD (or floppy)
Floppy version need to swap floppy to load drivers.
Load drivers (usually automatic, but possible to run manual select)
Disk select, tell which disk contains the Windows system. Optionally you will have to load drivers.
PATH select, where on the disk is the system?
File select, which parts of registry to load, based on what you want to do.
Password reset or other registry edit.
Write back to disk (you will be asked)

Thank you to Mr Petter Nordahl-Hagen for this wonderful tool. I will be testing it on win xp soon. For those interested, click here

Tcpdump/Windump

2007-10-25T19:31:00.000+08:00

Tcpdump is a very useful tool for those who are in the network security. tcpdump or its windows version 'windump' basicly puts the network card in promiscuous mode (all traffic are directed to cpu) and captures all traffic. There are many things that can be obtained from a tcpdump output which is exactly what i'm trying to learn at the moment. There are some basic options that need to be studied in order to get a better understanding of the output. The below explains:

The first of these is -n, which requests that names are not resolved--resulting in the IPs themselves always being displayed.
The second is -X, which displays both hex and ascii content within the packet.
The final one is -S, which changes the display of sequence numbers to absolute rather than relative.

ManUtd Back in Business

2007-10-25T13:00:00.000+08:00

Being an ardent fan of ManUtd, I came across a recent article in the papers after their CL win. Heaven help their rivals...thats nice to hear eh.....Heaven help Arsenal!

Dynamo Kyiv 2 Manchester United 4

If this is what Manchester United can achieve with a makeshift side following a glut of injuries, heaven help their Champions League rivals when Sir Alex Ferguson's men are at full strength. Without midfield trio Paul Scholes, Michael Carrick and Owen Hargreaves, defensive duo Patrice Evra and Gary Neville, plus striker Louis Saha, United dismantled Kiev with ruthless efficiency in the Ukraine to advance to the brink of the last 16. Victory made it three out of three in Europe this season following earlier wins against Sporting Lisbon and Roma. But more importantly, it showed the strength in depth of United's squad. Admittedly, Kiev provided little resistance, but the Reds' attacking play throughout was superb.

Depressed

2007-10-22T23:36:00.000+08:00

What the tuttut is going on out there. Just came to know about someone i know acquired a job for an astonishing 5k salary! I mean what happened to those people who write and speak fluent English. How come those who have 1/10 command in English could possibly get hold of a job so easily? Is technical knowledge all that matters? I presumed that everything has to be coupled i.e good English, skill and paper qualification. Sometimes I'm ashamed of the fact that i hold a masters degree from the number 1 university. It's aok. i know everything happens for a reason....

Step by Step Backtrack2 Installation

2007-10-10T17:32:00.000+08:00

Backtrack2 is a Linux distribution live cd designed for pen testers. It's based on Slackware and packed with many security tools for those interested with computer security. I installed it today and will be playing with it soon. Hope to learn something from it. For those who want to try it, i append step by step guide to run it in VMWARE workstation and installed in hdd :

For complete tutorial click here

1. Download the Backtrack 2 iso

http://www.remote-exploit.org/backtrack_download.html

2. Open VMware Workstation and create a new virtual machine

File > New > Virtual Machine

Click Next

Select Typical, then click Next.

Select Linux, then select Other 2.6.x Kernel from the pull down menu. Click Next.

Name your virtual machine Backtrack 2, or whatever you wish, then click next.

Choose Use bridged networking if you are on a network where you can acquire an IP address separate from your host operating system. If you’re on a home cable or DSL connection, you may only have one IP address, in which case you should choose Use network address translation (NAT).

Leave the default 5.0GB unless you think you may need more. You can select Allocate all disk space now if you’d like, but keep in mind it could take several minutes.

Click Finish

3. Edit virtual machine settings

Adjust the RAM depending on how much you want to allocate to the virtual machine. My Backtrack 2 installation seems to do fine with 384MB, and I have 1GB on the host machine.

Select CD-ROM

Select Use ISO Image, then browse to the Backtrack 2 ISO that you downloaded before. You don’t need to burn this ISO to a CD, one of the great features of VMware is that it can map an ISO file as if it were a physical CD-ROM drive. This works with DVD isos too!

Click OK

4. Start the virtual machine

5. Login with username root, password toor

Don’t worry, you can change this once you install Backtrack to the hard drive.

6. Partition and mount the hard drive

The virtual SCSI hard drive in VMware is usually /dev/sda. We need to partition this drive and create a filesystem on which Backtrack 2 can be installed.

We will use fdisk to create 2 partitions - one for the filesystem and one for swap space.

fdisk /dev/sda

Enter each line below into fdisk’s prompt:

+4168M

This will create a 4GB partition for the filesystem and a 1GB swap space. If you want more space on the filesystem (or if you made your virtual disk larger than 8GB), you can change +4168M to another number (in megabytes).

Create an ext3 filesystem on the first partition:

mkfs.ext3 /dev/sda1

Create swap space on the other:

mkswap /dev/sda2

Mount the drive:

mkdir /mnt/backtrack

mount /dev/sda1 /mnt/backtrack

7. Run startx to boot up KDE

8. Use the Backtrack installer

Start > System > Backtrack Installer

Leave the source blank

Install backtrack to: /mnt/backtrack

Write MBR to: /dev/sda

Select Real (2700 MB required) for the installation method

Click install. It could take awhile or hang at certain parts (seems to hang for awhile at 81% on my machine).

9. Have fun

Restart the virtual machine, and you’re ready to start using Backtrack 2 in VMWare!