Sunday, May 31, 2009

CEIC materials

I would have had this up sooner, but I was out of town last week and the week before was the conference... Anyway, I promised I would post the slides and supporting files for my CEIC classes. I don't have the slides for the foreign language talk, but I didn't promise to give those out ;-)

How to Address ESI Involving Encryption from Disk Level to Individual Files with David Lyman [ppt | pdf]

Spoofing/hacking/memory analysis talk [pdf]

Here is the ARP spoofing perl script we used and some of you requested: [arpspoof.pl]. You must install Nemesis for the script to work, or you can modify it to use another packet crafting program. Also, depending on the distro you might have to modify the path for the arp command (for Fedora it is /sbin/arp). Anyway, you should be able to modify it on your own.

Also, we used Wireshark and Backtrack 4.

For those of you who would like more VM machines to hack into you can go to de-ice.net.

The agenda had changed somewhat for the second talk, since I had taken the class over from someone else at the last second. I would like to thank Prof Bilal Khan for all of his help and his donation of the vulnerable VM :-) Parts of this lab are representative of some of the courses in the Forensic Computing graduate program at John Jay College.

I would also like to thank AAron and Moyix from the Volatility community for their insight as well.

CEIC was a lot of fun, I met a lot of interesting people and had a blast ;-)

2 comments:

johnmccash said...

OK...

From your presentation, "Modules exist for Vista and Linux, you just have to know who to
ask and where to look ;-)"

I'm asking! Where do I look?

Jamie Levy said...

There are two people I know of that have been working on Vista modules and possibly others of which I am still unaware. Jun Koi has mentioned working on getting Vista working as well as Umang Desai. As far as I know they have not released their code to the public.

Perhaps you can contact them or AAron, since he should know of others should they exist.