Practical audit advice you can use today.

Finding Stale Users
Published: 2011-08-08 (Length: 8:54)

Screencast_icon
Identifying stale user accounts is an age old problem that all administrators deal with. Accessing Active Directory through DSQuery provides some strong and easy to use mechanisms to quickly identify inactive User accounts and to find Computer accounts for systems that should have been removed from the domain. In this episode we'll demonstrate how to access this information and explain some of the caveats with the DSQuery and DSGet options.

The show notes for this episode have been posted here http://it-audit.sans.org/blog/2011/08/08/episode-10-shownotes-more-dsquery-magic

Using DSQuery and DSGet
Published: 2011-08-02 (Length: 13:43)

Screencast_icon
Active Directory under Windows 2003 and Windows 2008 can be a very powerful resource for both auditors and security researchers. In this episode we examine some uses of the DSQuery and DSGet tools.

How can you find out who the users are in your domain? Is there a way to easily extract all of the logon ids for all of the users? Is there an easy way to find out who the members of certain groups are? How about finding accounts that are set with a non-expiring password?

All of these things and more can be found with DSQuery and are demonstrated in this episode. For more information, the show notes are available at http://it-audit.sans.org/blog/2011/08/02/episode-9-easy-but-useful-windows-domain-queries/ as usual.

Please feel free to send in any questions or post comments over on the show notes!

Narrowing Fuzzing Results to What Matters!
Published: 2011-07-25 (Length: 13:22)

Screencast_icon
Using a fuzzer isn't hard, but how can you narrow the thousands or millions of results down to what really matters? This episode explores the use of the WebScarab Search feature in conjunction with the fuzzer (discussed in Episode 7) to demonstrate exactly how to do this!

http://it-audit.sans.org/blog/2011/07/25/scaling-input-fuzzing-with-webscarab has the related show notes for this episode. As always, feel free to contact me with comments or questions. Either post them on the blog or contact me by email: dhoelzer at enclave forensics dot com.

Using WebScarab to Automate Input Validation
Published: 2011-07-18 (Length: 14:50)

Screencast_icon
WebScarab is a powerful tool for testing out many different aspects of a web application. One of the more tedious aspects of web application security validation is trying out all of the different possibilities for input on every form. What can we do to make our lives simpler? WebScarab to the rescue!

WebScarab ( http://owasp.org ) can be taught to automatically send pre-populated input to a form in a programmatic way. This means that once we create a file containing the tests that we'd like to run we can just point and click and away it goes!

In the episode you'll see that we're able to configure WebScarab to run millions of test cases against a form. Looking at the results summary page we can quickly see if any of those requests caused the application to crash (500 Internal Server Error). We'll look at some details of how to mine these thousands of results for useful data in a future episode.

Making NMap Results Manageable!
Published: 2011-07-11 (Length: 15:10)

Screencast_icon
NMap is a powerful and useful tool. How do you make the results of your scans manageable? Can you produce a useful NMap report that shows you how your network is changing over time? These are the questions that we answer in Episode 6.

The Show Notes for Episode 6 have been posted at http://it-audit.sans.org/blog/2011/07/11/making-nmap-results-useful-and-manageable and include the text of the script created during this episode. You can also find links to the various tools discussed during the episode.

If you're interested in the older version of NDiff that produces HTML output, please feel free to send me an email at dhoelzer at enclaveforensics dot com!