We like to think of VNC passwords as encrypted; but when you consider that they’re encrypted using DES (a weak encryption algorithm) with a key that is hardcoded… Well… That pretty much makes VNC passwords \ encoded and not \ encrypted. There are a few VNC password revealers out there, such as \ vncpwd <https://github.com/jeroennijhof/vncpwd>__ or VNCPassView <http://www.nirsoft.net/utils/vnc_password.html>__, the former can be used in Linux and the latter in Windows. A prerequisite to using these is that you have access to the VNC passwd file and/or registry....

I wrote this short VBS script today to help out a client; basically, you can run this on an Active Directory domain as a login script to see if your users’ offline shares are correctly configured. In this case, each user is supposed to have a ‘U:’ drive that syncs with a file server whenever they’re on campus, and is available whenever they’re on the road. Sometimes, though, the configuration isn’t set for one reason or another… Hence the script....

I was at Brucon 2010 last week, and it was a blast! The ambiance at the con was very much reminiscent of Defcon’s: people talking passionately about security in a relaxed, geek-and-caffeine-rich environment. In the past, when attending infosec cons I tend to go to all the talks – this time, I decided to go to as many workshops as possible. I must say, I was not disappointed at all – while talks are often absolutely fascinating and wildly entertaining, workshops provide a chance to understand something at a much deeper level and allow you to test your knowledge of the topic; it also allows the speaker to tune her content to the audience in a much more interactive manner, providing more, or less, background information according to the crowd’s grasp of the subject....

| Operating System and tools | Pick an operating system with which you’re comfortable. A lot of *nix junkies out there will heckle you about which distro is best, especially when it comes to running security tools; and whilst I agree with the principle that a good solid distro will improve your machine’s robustness and prevent a malicious attacker from turning your security tools against you, let’s be realistic: there isn’t a single distro, operating system or device out there that can’t be exploited....