Tuesday, April 29, 2008

Who needs System Volume encryption when you can't use your BIOS?

In preperation for a talk I'm giving at UUASC - LA Chapter on File System Forensics (May 1), I was getting a little too creative with Bit Locker on my Windows Vista Ultimate laptop. I ususally demo installing and configuring bitlocker, suspending the laptop mid-encryption, then show how if somebody wanted to acquire a forensic image of the bitlocker protected drive-you could tell what was encrypted so far. Somehow, either by past demos or some other glitch--I rendered the laptop useless. Not just encrypted--but I could no longer access by BIOS configuration even when after the POST it would register a keypress to enter the BIOS config. After diving deep into the hardware, I was able to find the capacitor I suspected was used as a battery for the CMOS/BIOS config and was able to ground it to discharge--now I had my BIOS back because this disabled the TPM chip.

Fortunately, the encryption stage of the configuration never got deep enough to my important data (you know, the stuff I neglected to back up this month) so I was able to pull it off with a backtrack bootable USB I keep with me.

So I'm still glad I use encryption when traveling--I had my drive encrypted because of the extra "attention" the course materials would attract while crossing borders (I was in Kelowna, BC, Canada teach SANS Security Essentials last week). So I'll have to work out this glitch. funny thing is while I was restoring (might as well take advantage of a fresh machine) I realized Lenovo gave me Vista Business disks--so while I wait for them to ship the new ones I'll play with truecrypt to protect my data.

So fortunately, I wasn't planning on demoing bit locker at Thursday's UUASC meeting, but rebuilding a laptop was a huge pain since I'm trying to finish a penetration test and prepare for a super busy May.

Tuesday, April 15, 2008

Debugging Linux Applications

Yesterday I gave a presentation titled "Debuggin Linux Applications" for the UNIX Users Association of Southern California Orange County Chapter. The presentation was designed to give a few examples of how to debug a sample Linux application using typical tools. Ralf has already mentioned the presentationin his blog. I'll have a pdf version of the slides including notes uploaded to http://bluenotch.com/resources/DebuggingLinuxApplications.pdf later today.

Next week I'll be teaching SANS Security Essentials in Kelowna, BC.

My next presentation will be at the UUASC Los Angeles Chapter meeting on May 1st in El Segundo titled "File System Forensics." We will be covering basic file system evidence collection and demonstrate preliminary media analysis.

The rest of May will be packed with security training and presentations. I'll spend eight days in San Diego, a day in Chicago, then six more days in Dallas in a row.