In this episode Peter Giannoulis joins us from TheAcademyPro.com. Chris Gerling is back in studio talking about USB Device Tracking. And Matt is building the new HakHouse firewall/router with PFsense. Plus a ton of haksnax to get your grub on.

Download HD Download MP4 Download XviD Download WMV

Watch

Show Notes

USB Device Tracking

If you’ve ever used a USB storage device and wondered how stealthy you can be with them, you’re in for a scare. Windows XP logs pretty much everything you’d want to know about that USB key in the registry each time it’s plugged in and written to.

When you plug in your USB drive, the Plug and Play manager gets notified and queries the device descriptor in the firmware for information about the device. This helps it locate a driver, which is referenced in the %SystemRoot%/inf folder by various .inf files. Once the device is identified and a driver selected, the information is dropped into HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\USBSTOR with a format similar to Disk&Ven_###&Prod_###&Rev_### which will identify the device ID, manufacturer and more. An important number you will find here is the ParentID prefix, which I did not actually say during the segment but this is something that will appear in virtually every registry entry regarding the device.

Microsoft uses serial numbers on the devices to distinguish between devices with the same manufacturer or model. In the case that the serial number is not unique (or even not present), the PnP manager will create a unique instance ID for the device.

All of the numbers you find related to each device should be logged if you’re doing any sort of investigation or trying to track a device across computers.

If you’re trying to determine whether data was perhaps pilfered from your machine/network, you will want to look at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses, where you will find the ParentID prefix and will be able to correlate to the device. You should also see the manufacturer name here. We are looking for the Last Write time which will help in determining whether data was pilfered by giving you a timeframe as to when someone last copied data to the device. In order to do this, you’re going to right click on the entry that has the ParentID prefix and manufacturer name for the device you want, and then click Export. Change the file extension to .txt and name it anything you want, remembering where you save the file. Upon opening this file up, you will find the last write time.

There are many applications for this data, and you’ll probably never be in the registry doing it quite this way, as there are many tools, both commercial and free that will simplify all of this. This data is also used in tools/services which help track your devices, such as iHound (ihoundsoftware.com), which helps you track devices if they’re stolen.

If you have any questions feel free to contact me here and visit my website. Many thanks to Harlan Carvey, author of the 2007 book Windows Forensic Analysis (I think I might’ve errantly said 2005, sorry) for without this book I wouldn’t have known as much as I do about the windows registry.

Chris Gerling Jr.

PFsense

While our smoothwall is and has been working well for us for the past two years, I recently had the need for something a little more robust.

I came across a fork of the monowall project, pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

Here’s a short summary of some of the eye catching features.

  • Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic
  • Able to limit simultaneous connections on a per-rule basis
  • pfSense utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines? pfSense can do so (amongst many other possibilities) by passively detecting the Operating System in use.
  • Option to log or not log traffic matching each rule.
  • Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN, etc.)
  • Aliases allow grouping and naming of IPs, networks and ports. This helps keep your firewall ruleset clean and easy to understand, especially in environments with multiple public IPs and numerous servers.
  • Transparent layer 2 firewalling capable – can bridge interfaces and filter traffic between them, even allowing for an IP-less firewall (though you probably want an IP for management purposes).
  • Packet normalization – Description from the pf scrub documentation – “‘Scrubbing’ is the normalization of packets so there are no ambiguities in interpretation by the ultimate destination of the packet. The scrub directive also reassembles fragmented packets, protecting some operating systems from some forms of attack, and drops TCP packets that have invalid flag combinations.”
  • Enabled in pfSense by default
  • Can disable if necessary. This option causes problems for some NFS implementations, but is safe and should be left enabled on most installations.
  • Disable filter – you can turn off the firewall filter entirely if you wish to turn pfSense into a pure router.
  • pfSense offers three options for VPN connectivity, IPsec, OpenVPN, and PPTP.

There’s a ton of other great features that you can read up on at http://is.gd/iauk

The LiveCD ISO is available from http://www.pfsense.org/mirror.php?section=downloads and for VMware folks, a prebuilt VM is available at http://files.pfsense.org/vmware/pfSense-1.2.2-VM.zip

Matt Lestock

LAN Party

This month, we are playing Left4Dead and Zombie Panic! Join us for our LAN Party on Saturday, February 28th at L4D.hak5.org or ZP.hak5.org for a good ol’ zombie apocalypse.

Trivia

Last week’s trivia was: “In PHP, which is faster and why? echo”Hello World”; or print(“Hello World”);?” Zoltan answered right with: “Echo is faster because it doesn’t set a return value and ‘print’ is a more complex function.” Zoltan wins a copy of Pronobozo’s CD ‘Zero=One=Everything’. You can check out more of Pronobozo’s music at his website.

If you want to win this week’s giveaway, enter the letters you see popping up during the episode into our trivia page and answer the trivia question in the first 24 hours from when this episode releases. We will choose a random winner out of the correct answers!

iTunes

Remember to subscribe to our new HD feed on iTunes at Hak5.org.

Feedback

Have a segment suggestion, constructive feedback, or a snack idea for Kerby? Email your ideas to Feedback@hak5.org. Thank you!

Stickers

Don’t forget! We’ve got brand new sticker packs as thanks for your donations at Hak5.org/stickers. Without your help, we wouldn’t be HD right now.

Shmoocon

We will be at Shmoocon this weekend, February 6-8 in Washington DC. If you are in the area, join us for the annual podcaster’s meetup. Meet our cast and crew as well as lots of other great podcasters from PaulDotCom, Securabit, Sploitcast, Cyber Speak, Security Justice, and more! Get the info at Podcaster’s Meetup.com.

Survey

We’re conducting a survey to get some additional information about our viewer. We would love your feedback. If you have a few minutes to spare, please do us a favor and take the survey at the survey page.

For those of you who complete the survey, you will be treated to a sneak peek at a new show that Revision3 has been working on and get a back stage look at the pre-production of a Hak5 episode.

Trust your Technolust!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

56 Comments

  • There was no place in the survey to discuss the show. I don’t like the new format. I miss Wess and Alli. I don’t particularly care for the grey-hat tilt that has developed over the last season, and there’s too many episodes now.

    I don’t think I’ve watched a whole episode all season. I can’t even be bothered to download them anymore.

  • Hi hak5 just watched new hak5 video great video

  • Gh0st 5 years ago

    I personally liked season one through three the most so far because of the good dynamic and chemistry between Wess, Harrison, and Darren. That’s not to say the new version of the show is bad but its just too much like the screen savers and not quite like the original episodes which had a great underground feel to them.

  • Danny 5 years ago

    I can understand what a lot of people are saying.
    i still believe that,although you can’t please all,the majority of the people
    that watch all of your shows,are people interested in tech related subjects

    for example,the php tamagotchi was a delight,something really techie again!
    Easy,but techie!

    You guys should be able to see in your flash players that a lot of people
    simply skip segments,i personally (no offense) skip all the snubs parts.

    Guys,give us more tech! Teh awesomeness!

  • Danny P 5 years ago

    Well after gettin my weekly hit of technolust im satisfied hahaha.

    But seriously i came across HAK5 on youtube and since then its become quite an addiction i tried to seek help but there is no cure *Now to me thats a bonus ;)*

    But to be honest its not just the quality of the show that makes it good, the HAK Crew are a great bunch and tie that in with the fantastic segments and well written show notes, well what can i say its probably the best IT related show i have ever watched.

    Guys keep up the good work you do an amazin job LOVE IT!!!!!!

    Danny2.0

  • The show evolves, the cast changes and season past will never be the same as season present. However chemistry develops, technology is dissected and laughs are had. The core of Hak5 is technolust and that remains throughout.

    When presented with a situation of disband or press forward I’ll always beat the drum. This show is blessed with an enthused crew and a loyal and honest fan base.

    We won’t please everyone all the time but as long as we put our passion in the show we’ll be happy with what we create and ultimately that’s what matters to me.

    As always thank you for your continued feedback. Tell all your friends about Hak5 and stick around for ever enriched technolust.

  • gotta agree with most ppl here, i think the eps are too long, and 2nd and 3rd season was 10x better.

    also have to agree with the guy above, i skip the segments with snubs in them, shes not natural, and doesnt seem to know much about the stuff.

    i rahter just see darren and chris, and wes, just doing their stuff, underground, you know?

  • Joey Pesci 5 years ago

    Was glad to see a segment on pfSense as was gonna try it out as currently using Endian but not sure it’s doing what I want it to do. One thing Endian has pfSense doesn’t seem to is Endian using HTTPS for it’s login which pfSense doesn’t seem to. However, the segment was too short. You say you’ll be back with more indepth on it, but I’ve heard that said before that never happens (or I just missed the episodes with the follow ons).

    But please, please, please, for the love of god, replace your table :o) it’s slight rocking is beginning to be a bit annoying. Get one that’s stronger and doesn’t move when you guys lean on it. I wait for the day it actually ends up tipping over :o)

  • Speaking towards the length of the episode, looking back the average episode length of season 2 and season 3 was approx 50 – 55 minutes.

    Season 4 episodes are around 30 – 35 minutes

    Regarding the lack of underground feel, while we understand we can’t be everything to everyone, I would argue that there’s a whole lot more technolust to go around being that we’re weekly, and we can give an overview of something on one episode, and dive deeper in the next. While we haven’t done this yet because of all of our conference coverage, this is something we’re actively looking at.

    And as Darren said, so long as we convey our interest and passion in what we’re doing, I think that goes much further than trying to make what you see feel ‘underground’

  • Dude, what we’re doing *IS* underground. If you wanna see mainstream get off the Internet and turn on a television at 9 o’clock.

    A bunch of friends geeking out about what matters to them in front of a few cheap cameras in their retrofitted living room with a hack-job HD mixer for 100 thousand like minded nerds on the Internet is far, far, FAR from mainstream.

    These are the golden days of Internet television. Soak it up!

    PS: February 18th marks the beginning of Hak5 Season 5. Check it out at http://is.gd/ixmY

  • I was referring to the visual fidelity mmk? ;)

  • The next set will be in Dick Cheney’s underground bunker.

  • Am I the only one who thinks the episodes should be longer? Most complaints seem to be about to long episodes and about non interesting segments.

    If the episodes were longer, you could fit in more segments, and the viewers could easily skip the ones not interesting to them.

    Appreciate the effort put into the show, it only gets better and better.

  • Mnemonic 5 years ago

    Hey …is it possible not to have the embedded episode “autoplay” when it loads on your site??
    Gets kinda annoying after a while.

  • I agree, I think the episodes are a bit short. But it’s ok where it is. Definitely don’t make it much shorter. Maybe the Squarespace propaganda is a bit long in the tooth already. :) If you want short, you can go find those crappy 1:45 exploit vids on YouTube. I look forward to the show improving; I’m optimistic. As far as Shannon’s bits, I think they’re fine. As far as Matt’s segment, I’m ambivalent. I don’t want to pick on Matt, that’s childish. Some people might like this PFsense segment. Personally, it’s kind of “yet another firewall configuration.” I think walk-throughs are great but this is pretty basic and not really much different from configuring any other firewall. But some people might like it. Also, did I hear a censor beep?

  • anonymous coward 5 years ago

    What’s the deal with the ending credit clip? Not that it surprises me; Matt, I hate to pick on a member of hak5, but why does it always seem like you’re trying to run the show? I could have sworn a little while back that you were only on the show because you were assisting in funding behind the scenes; it just seemed like you kept trying to use financial comments to end arguments – almost as if they were threats. And now this little blow-up at Darren wrapping the show?
    Don’t get me wrong: I still enjoy your segments and your adding a slice of “enterprise” to the mix; it allows me to suggest Hak5 to people at work. But what drew me to this show in the first season (and kept me with it) is “one for all”, not “all for one”. I have no idea about the politics that go on behind the scenes and I’m most likely misguided in this drunken rant, but there’s still something that just feels wrong with the dynamic as of late.

    As for Shannon: I think you’re doing a great job, and getting better with every segment as you get more confident and comfortable. I think a few commenting viewers forget that some of the other cast members have had 3 additional seasons to get acquainted with the camera. Keep it up =)

  • For those of you that didn’t know, the end credit scene was completely staged and fake. We had no idea that people weren’t going to get the joke, we’ll have to think a little bit more about how we approach some of our skits and such.

    As far as the show being about me, I’m not really sure where you got that idea from, but this has and will always be a team effort. While it’s true we’re a little burned out, it’s not because there’s infighting, between the conferences, some changes in production, real-life, and a host of other things, we like everyone else gets a little run down. But after shmoocon, we’re pretty much finished with conferences until August, so that coupled with the new production equipment will make it so that we’ll have the time to develop great new content. Previously it used to take us 2 hours to setup, another 3 to shoot the show and another hour and a half to take down. With some recent refinements in our equipment usage, and preplanning, we’re down to about 30 minutes for setup, and 1.5 hours to shoot the show with about 20 minutes to take down. The simple fact that we no longer have to worry about sound, video, etc is a huge load off our shoulders.

    Some have commented that they wish the show looked and felt more underground, while we can understand the human nature of resisting change, this is something that needed to happen. Without the advances in things like the set, the technology behind the show, and production processes improvements, it’s unlikely the show would still be going today.

    The fact of the matter is, we love putting the work in to developing new content, and showcasing some of the things that we enjoy on a daily basis. While yes, pfSense is another firewall, how many people saw that segment and looked at their blue linksys router, and then at their old 400mhz Pentium II and got to work on installing pfSense on it and replacing it with the pfSense box? It’s this spark of curiosity and creativity that we hope to provide to people.

    While a particular segment may not apply to you, can we really create a customized show for each of you? Of course not. Would we like to if we could? Sure, but we realize that not everyone is going to love what we do all the time, and we understand that. But sending feedback, and suggesting segments is a much better avenue than “this sucks and so do you” kind of comments.

    As I sit here and write this in the podcasters lounge of Shmoocon, I’m truly humbled by the number of people who have come up to us and said that they enjoy the show, and are glad to have gotten the chance to meet us in person.

    We’re not celebrities. We all have day jobs, we all work 40+ hours a week, and on top of that create a weekly IPTV show that people enjoy. We’re not superhuman, we’re just like you, and I personally wouldn’t have it any other way.

    If you’ve stuck with this post for this long you deserve a medal of honor ;)
    Matt

  • anonymous coward 5 years ago

    Really sorry for jumping the gun, Matt.
    On the plus side, you’re a good actor with the whole rage bit.
    A heh…

  • dennis waters 5 years ago

    I think the show is great. The ‘staged ending’ I assumed was real at the time and that it was put in because the cast saw the funny side afterwards!

    Episodes I wish were longer, I could watch this kind of stuff all day :) but ofc I appreciate you have lives to live too.

    Would love some more tech-y stuff in the show, ha(c)ks, forensics, etc. My one contribution off the top of my head as I am writing this for a segment idea (or multiple segments probably) is a “roll-your-own-linux-from-source” tutorial (not just some ubuntu (ARGHH!!) remaster). That would really interest me.

    Shannon is awesome :) again, if she participated more than just “hak5 is brought to you by godaddy.com blah blah blah” and “this weeks lan party is quake3 etc etc”, im sure people would respect her as a part of hak5 more than I sometimes read in comments and the forum. rainbow tables segment, although seemed trivial to me, showed she can do it! bring her in more, even teamed up with darren/matt/etc would be good (are darren+shannon togther btw? offtopic I know, but I just get that feeling when they are together on the show)

    Darren’s PHP makes me smile :)

    Get a new table (like that other guy said)! that wobbling scares me too

    Thats about all thats on my mind about the show at the moment, I filled in the survey, wish Id been warned that free preview was some random music show before I spent 2 hours downloading it :( yeah my internet speed sucks.

  • TheHermit 5 years ago

    As always guys a great show. been a little late watching this episode got stuck in a field with no bandwidth for two weeks. in the car now streaming the vid as i drive home.
    one thing i would like to see is a few more mods like the arcade cabinet and the guitar mod.

    thats enough from me lookin forward to my next dose of technolust

  • I’ve been using PFSense for years…what made you finally talk about it now? I’m not trying to be a dick or anything, but it’s not new by any means.

  • I have been watching Hak since the very first episode and I personally think that each season has and is getting better and better, same goes too for the cast, (Yay for the hot-tech chicks!!) Although I do miss Harrison and Wess.

    I agree about the ‘underground’ feel that seasons 1-3 had but I like the direction it’s going in, and anyway what does that matter as long as content is good, which for the most part gets my vote!

    I’m dying to watch the last 2 eps, now if only I can figure out what I’ve done to my Fedora sound garrrr….oh well it’s 3AM my technolust can wait till the morning.

    Cheers to all you hak5 guys!
    -JD

  • Ken Reynolds 5 years ago

    I just discovered Hak.5 back in November, 2008, during Season 4 episodes. Don’t want to sound dramatic, or anything, but it was a turning point for me in my ambitions as an IT geek. I’ve been doing the whole NOC engineer, datacenter tech, PC tech thing as a job now for quite a while and have been getting a little bored with it of late. I have always been interesting in security engineering and hacking, and how the two interplay.

    In comes Hak.5. You guys have presented information that has re-kindled my interest and passion for network and security engineering. The Jasager + FON stuff really sparked my interest and it’s just been a fun ride since then with lots of cool technolust.

    I don’t really care to comment about who is on the show, or about the visual asthetics of the show, or how it feels, etc. I think it looks great, sounds great, and everybody that comes on camera does a fantastic job; some people are not as comfortable in front of a camera as others and that is cool.

    Thanks for taking the time out of busy work and life schedules to provide a FREE IPTV show for those of us who are truly passionate about learning this stuff and geeking out with it on a daily basis.

  • good guest. I hate those marketing bastards..

  • Discover the best penis enlargement products, that reviews by best penis enlargement consumer review result to get the best penis enlargement products that really works. get the real penis enlargement truth at http://www.penis4enlargement.com

  • (All-Natural Herbal Sexual Enhancement Products) Discover penis enlargement products and methods: There are penis exercises, penis devices, penis patches and top rated best penis enlargement pills – Permanent penis enlargement through penis erection pills, buy vigrx plus male enhancement pills increase penis size with bigger your penis. More info penis health at http://www.male-sexual-styles.com

  • Penis enlargement products reviews for penis size enlargement by world’s best natural herbal penis enlargement products like ( penis enlargement pills, penis patches, penis devices, and penis exercises ) for increase penis size in girth and length in weeks with more harder and solid erections at http://www.bestpenisproducts.com

  • Penis Enlargement Through Penis Pills and Natural Penis Enlargement Pills Product
    Do penis pills work?Penis Enlargement Pills reviews 3 best penis pills in the industry Read :
    VigRX Plus : http://www.vigrxplus.com/?a=bestpenisenlargement
    Vimax Pills : http://track.oainternetservices.com/doIn?id=503845&trackId=General&storeId=500014
    Prosolution Pills : http://www.prosolutionpills.com/?a=150711

    more information:
    http://www.penisenlargement4male.com
    http://www.4-penisenlargement.com

  • Hey I just stumbled across a site and thought u guys might want to check it out. There giving out free passes to awesome adult sites like bangbros, brazzers, and realitykings. Check it out
    http://www.adult-passes.blogspot.com

  • Cheap Penis enlargement, Male enhancement, premature ejaculation and erectile dysfunction products and treatments at http://www.gordoniihoodia.net

  • Nice site! Thank you!…

  • Excellent post and wonderful blog, I really like this type of interesting articles keep it up.

    Great job thanks!

  • Penis enlargement by Naturalherbalz will improve every aspect of your life immensely. As long as you make use of all the resources available to your through this site, your visit here will not be in vain. We offer you the best penis enlargement methods you can attain on the market today at http://www.Naturalherbalz.com

  • Penis enlargement by Naturalherbalz will improve every aspect of your life immensely. As long as you make use of all the resources available to your through this site, your visit here will not be in vain. We offer you the best penis enlargement methods you can attain on the market today at http://www.Naturalherbalz.comPenis enlargement by Naturalherbalz will improve every aspect of your life immensely. As long as you make use of all the resources available to your through this site, your visit here will not be in vain. We offer you the best penis enlargement methods you can attain on the market today at http://www.Naturalherbalz.com

  • Great site with great content.

  • Want to get bigger penis size in few weeks without any side effects? Get best penis enlargement products that enlarge penis size naturally at http://www.penis4enlargement.com

  • This is one of the best blog i have just seen, i am really feeling honor and pleasure that i am able to post my views here in this blog, a really appreciatable work done by webmaster of this blog. Going great man! keep it up. http://www.viagra-viagra.com

  • hi every one I m new in this kind of blog. I read this blog and I get lots of important information over this thanks to this blog owener. http://www.prosolutionforpenisenlargement.com

  • This is one of the best blog i have just seen, i am really feeling honor and pleasure that i am able to post my views here in this blog, a really appreciatable work done by webmaster of this blog. Going great man! keep it up penis enlargement products, most effective penis enlargement, most effective penis enlargement pills

  • place an order once you have logged in and secured your personal information; and take note of your order confirmation after the checkout process is complete permanent penis enlargement pills, most effective penis enlargement, number one penis enlargement pills

  • Hi there guys good content here vimax, vigrx plus, prosolution pills
    thank you.

  • Treatment for Premature Ejaculation may involve sexual psychotherapy, counseling, medication, or a mixture of these methods. Getting sufficient exercise and sleep, and eating a healthy diet are also essential.

    Try this MrDelay http://www.mrdelay.com

  • You may Try another product by visiting the website http://www.theragingbull.net

  • Nice blog, its great article informative post, thanks for sharing it. Thanks for the information!

  • Really a very interesting and helpful blog and the posts. Find penis enlargement reviews that discover top penis size enlargement. http://www.bestpenisenlargement10.com

  • Whenever i see the post like your’s i feel that there are still helpful people who share information for the help of others, it must be helpful for other’s. thanx and good job.

    Masters Dissertation Writing

  • interesting and helpful blog

  • Natural Herbalz Offers wide range FDA and WHO approved products for male enhancement, penis enhancement, male enlargement, penis enlargement, premature ejaculation, erection and impotence treatment at http://www.naturalherbalz.com

  • interesting and helpful blog

  • Discover the real facts about penis enlargement pills, devices, patches and exercises. Find out how to enlarge your penis fast & effectively.®
    http://penis-enlargement-online.org
    http://maleenhancement-pills.com
    http://www.pills4enlargement.com

  • Victor 4 years ago

    Matt, what happened to the future segments on PFsense? You guys go an amazing job, just sometimes you guys make empty promises…. and that makes me sad and disappointed.

  • Your post is excellent. I feel like reading it again and again. I have been searching for it for many days. I will come again to see new updates.

  • It is an excellent post. You have written it very well. It has helped me a lot in my research. Keep on posting such articles. I will tell my friends about your website. Thank you.

  • This is an amazing post. I have never read anything like this before. I have become your fan. I will bookmark your website. Keep on posting such informative articles. Thanks.

  • Well thats powerfull if such little usb device can do this all

  • Witty! I’m bookmarking you site for future use.