July 31, 2011: 10:22 am: Forensics, Password Security

I was curious if I could script a dictionary attack against one of the OSX Lion File Vault v2 encrypted external drives. If you haven’t done it. You need to be on Lion. Grab a spare USB storage stick. Make sure to backup any data from the device first. Encrypting the device by the book will erase and destroy the existing contents.

  1. Go into “Disk Utility”
  2. Plug in the desired USB storage stick
  3. Click on the device in the list
  4. Click on the Erase tab
  5. Pull down the Format box and choose one of the Encrypted options like: Mac OS Extended (Journaled, Encrypted)
  6. Click Erase
  7. When prompted provide a desired password.

Now that you have setup an encrypted device you can use that to test this process.

  1. First eject the usb device
  2. Unplug it
  3. Plug it back in
  4. Click cancel and do not enter the passphrase

Now onto the rest of the process.

(more…)

TwitterFacebookLinkedInInstapaperPocketApp.netGoogle+Share
January 6, 2011: 9:36 pm: Forensics, Password Security, Videocasts

We wrap up our tutorial series on AccessData’s Distributed Network Attack (DNA) password recovery software with Amazon EC2 worker agents.

In this part we spin our custom AMI instance up and install the DNA worker agent.  Then we spin up a total of 20 of the dual core instances to see the password attempt throughput.

You will run up costs by running instances. I am not legally nor financially responsible for your use or how you use these tutorials. Please only do things you are legally and financially authorized for.  It is on you.

I have not ironed out the HTML5 player fall back to flash issue yet.  So if you cannot play the video in this post you can download it HERE or watch it over in my YouTube Channel.


TwitterFacebookLinkedInInstapaperPocketApp.netGoogle+Share
January 1, 2011: 10:59 am: Forensics, Password Security, Videocasts

We continue our tutorial series on AccessData’s Distributed Network Attack (DNA) password recovery software with Amazon EC2 worker agents.

In this part we cover how to save a custom AMI instance to our Amazon S3 Storage.  Then we tie a new custom AMI to that image.  We end up with our own saved AMI image we can spin up later on demand. You will need to spin up and complete the customization steps from the Part Three video if you are continuing our tutorial series.  Otherwise this is a good video simply on how to save a custom linux AMI image for later use.

The tools and sites mentioned are:

You will run up storage costs by storing an image like this. I am not legally nor financially responsible for your use or how you use these tutorials. Please only do things you are legally and financially authorized for.  It is on you.

I have not ironed out the HTML5 player fall back to flash issue yet.  So if you cannot play the video in this post you can download it HERE or watch it over in my YouTube Channel.

Read More to get the list of commands used in this video.

(more…)

TwitterFacebookLinkedInInstapaperPocketApp.netGoogle+Share
December 30, 2010: 6:34 pm: Forensics, Password Security, Videocasts

We continue our tutorial series on AccessData’s Distributed Network Attack (DNA) password recovery software with Amazon EC2 worker agents.

We cover finding, accessing and modifying an existing Ubuntu 10.10 AMI.  If you need to watch a video just on the process of starting with an existing Community AMI to access and modify it then you should watch this part.  In the next part four we will show how to take our modified AMI and save it to our Amazon S3 as a new template AMI.

The tools mentioned are:

Keep in mind as we are moving into Amazon Web Services, even if you use the free tier account our tutorial touches on instances and data transfers that might incur costs.  Hopefully they are small per Amazon’s wonderful pricing. BUT  *I* am not legally nor financially responsible for your use or how you use these tutorials. Please only do things you are legally and financially authorized for.  It is on you.

I have not ironed out the HTML5 player fall back to flash issue yet.  So if you cannot play the video in this post you can download it HERE or watch it over in my YouTube Channel.

Read More to get the list of commands used in this video.

(more…)

TwitterFacebookLinkedInInstapaperPocketApp.netGoogle+Share
December 15, 2010: 6:33 pm: Forensics, Password Security, Videocasts

We continue our tutorial series on AccessData’s Distributed Network Attack (DNA) password recovery software with Amazon EC2 worker agents.  We move into Amazon EC2 and what you need to know about the service itself.  In part three we will cover starting up an instance based on an exisiting Amazon Machine Image (AMI), logging into it and adding the packages we need to prepare it as a worker.

Keep in mind as we are moving into Amazon Web Services, even if you use the free tier account our tutorial touches on instances and data transfers that might incur costs.  Hopefully they are small per Amazon’s wonderful pricing. BUT  *I* am not legally nor financially responsible for your use or how you use these tutorials. Please only do things you are legally and financially authorized for.  It is on you.

I have not ironed out the HTML5 player fall back to flash issue yet.  So if you cannot play the video in this post you can download it HERE or watch it over in my YouTube Channel.


TwitterFacebookLinkedInInstapaperPocketApp.netGoogle+Share
December 13, 2010: 6:59 am: Forensics, Password Security, Videocasts

We begin our tutorial series on AccessData’s Distributed Network Attack (DNA) password recovery software with Amazon EC2 worker agents.  We cover what we plan to do, why we are choosing to use Ubuntu Amazon Images (ami) as our worker agents then a walk through of what you need to know about the DNA Manager setup.  Part Two will be our move into Amazon EC2 and everything you need to know about the service.

I have not ironed out the HTML5 player fall back to flash issue yet.  So if you cannot play the video in this post you can download it HERE or watch it over in my YouTube Channel.

TwitterFacebookLinkedInInstapaperPocketApp.netGoogle+Share
December 4, 2010: 10:05 pm: Forensics, Password Security, Videocasts

I just wanted to toss out a quick video of what our end goal looks like in use.  Here is a brief walk through up spinning up a worker and having it show up in our DNA manager console.

*Note* I realize this file is not playing back in some browsers.  I am experimenting with an HTML5 plugin. The failback to flash player doesn’t seem to be working and I am looking into it.  If you want to direct play the file you can get it HERE.


TwitterFacebookLinkedInInstapaperPocketApp.netGoogle+Share
November 29, 2010: 8:42 pm: Forensics, Password Security

I have decided I will put together some screen cast video and supplement it with the blog post notes to show how I setup the AccessData DNA/EC2 rig.

I noticed something tonight as I am new to Amazon EC2.  You can get a maximum of 20 on demand instances.  There is a way to request your cap be raised.  So perhaps if you are law enforcement or an established forensics firm you can get upwards of 100 nodes on demand.

However there is another way.  Spot instances are based on unused Amazon capacity that you bid for.  That limit is 100 instances.  So if you bid higher than the spot pricing at that time to hold your instances you could get 100 running without special permission.  When I wrote this post the spot pricing for the medium CPU Linux was $0.059 / hour compared to $0.17 / hour for on demand guaranteed instances.

Keep in mind my test over the weekend gave us 1,330,000 passwords per second average for that one test.  If we assume that stays consistent then we are looking at the below options in an hour.  We are also talking the DNA worker running on Ubuntu under Wine.  I do not know how much, if at all, the average would increase if you did a Fedora instance with the native linux DNA Worker code.

So if you are limited to 20 2 CPU instances averaging 1,330,000 passwords per second then an hour would cost you on demand $3.40 and get you 95,760,000,000 password attempts.

If you get 100 2 CPU instances from spot pricing it could be $5.90 and 478,800,000,000 password attempts in an hour.

For some interesting reading on EC2 and PGP cracking check out the post over at electrical alchemy.

TwitterFacebookLinkedInInstapaperPocketApp.netGoogle+Share