On July 23rd, I took the CISSP paper exam in San Diego. It is a six hour test with 250 questions. I am usually very good at taking tests, but this one was a little more difficult for me. I took three passes through the questions. First, I answered the ones I knew for sure. There were a little over 100 in this category. Then, I answered the next set that I was pretty sure about. That added another 50 or so. I needed 70% to pass, so about 175 questions correct (there are new questions for evaluation that don't count, and I've heard that the questions are weighted). I answered almost all of the remaining questions in the third pass. That took a little under four hours.
After I had answers for all of the questions, I started marking the answer sheet. As I went through, I did a final sanity check. This part was boring. Even though you should stick with your original answer, I did change a few of my answers.
Four weeks and one day later, I got an email from (ISC)2 saying that I passed! I just need to submit my endorsement form and resume. I should hear back from them a few weeks after that.
Tuesday, August 21, 2012
Friday, August 10, 2012
Rainbow Tables
A friend asked me about rainbow tables, so I thought I'd document what I remembered from my Offensive Security class two years ago.
Rainbow tables are used for cracking passwords. They are a collection of precomputed hashes, so the software can look up a password hash in the table rather than try to brute force or dictionary attack it. The downside is that the tables can get quite large depending on the character set and size of passwords used to generate it.
One tool that can use rainbow tables is ophcrack. There are some tables available for free, such as xp free and vista free. These are just based on a dictionary. So instead of computing the hash for each entry in the dictionary and comparing it to the password hash (dictionary attack), the table allows for near instant lookup of passwords.
There are also online rainbow tables where you can submit a hash. If the hash is in one of their tables, the password is cracked. Onlinehashcrack.com is an online tool. Another is freerainbowtables.com. The nice thing about freerainbowtables is that they are constantly generating tables, and you can help by downloading the client. Then the tables are available for download. They also sell them if you don't want to download 5.7TB (as of 8/10/12).
There are two types of rainbow tables there - the older format and the newer hybrid tables. The tool on the site (rcracki_mt) works with both types. Other tools, like Cain, only work with the older format. There is another tool to convert the hybrid tables back to the older format for use in other crackers.
Rainbow tables are used for cracking passwords. They are a collection of precomputed hashes, so the software can look up a password hash in the table rather than try to brute force or dictionary attack it. The downside is that the tables can get quite large depending on the character set and size of passwords used to generate it.
One tool that can use rainbow tables is ophcrack. There are some tables available for free, such as xp free and vista free. These are just based on a dictionary. So instead of computing the hash for each entry in the dictionary and comparing it to the password hash (dictionary attack), the table allows for near instant lookup of passwords.
There are also online rainbow tables where you can submit a hash. If the hash is in one of their tables, the password is cracked. Onlinehashcrack.com is an online tool. Another is freerainbowtables.com. The nice thing about freerainbowtables is that they are constantly generating tables, and you can help by downloading the client. Then the tables are available for download. They also sell them if you don't want to download 5.7TB (as of 8/10/12).
There are two types of rainbow tables there - the older format and the newer hybrid tables. The tool on the site (rcracki_mt) works with both types. Other tools, like Cain, only work with the older format. There is another tool to convert the hybrid tables back to the older format for use in other crackers.
Sunday, August 5, 2012
Intro
I've been meaning to start a blog for quite a while. Like most people, I'll stick to what interests me, so I'll have a typical technology/computer security/gaming/car/flying/cooking blog. Actually, other than the cooking, I guess that would be pretty standard for a teenager.
The primary reason for starting it today is that I just started my flight training today. I want to document it while it was still fresh in my mind. Hopefully this will help someone else, like other people's writings have helped me in the past. However, I don't really expect anyone to read this.
Let me explain the topics. First, technology and computer security. I've always liked technology and have an engineering degree. I enjoy building my own computers, playing with networks, and hacking anything that I can. I'm an Offensive Security Certified Professional and just took my CISSP exam. I'll try to document new technology, tablet, vulnerabilities, and other security topics. I especially want to document exploits that I have researched.
Gaming. When I have free time, I like gaming on many different platforms. That changed when our kids were born. Now that they are a little older, I can play some games with them, such a Skylanders. Now that I'm in flight training, gaming time will probably be limited to X-Plane.
Cars. My wife and I are looking for cars, so I've been doing a lot of research and will try to document my findings. She's interested in a Mazda 5, and I'm interested in a Subaru BRZ with 50 more horsepower. I've got my fingers crossed that 2014 will have an STI version.
Flying. As I mentioned above, I just started flight training. I've wanted to do this for at least 10 years. The first flight was a little overwhelming. By writing it down, I think I'll reinforce what I learned. This will be kept in a different blog: jbisflying.blogspot.com.
Cooking. Like I tell my wife, I don't like cooking. I like eating. Early on, I realized that meant I would have to cook food for myself if I wanted to eat well. I can't/won't eat out every day! Every once in a while, I run across a good recipe. I want to make sure I keep track of them.
The primary reason for starting it today is that I just started my flight training today. I want to document it while it was still fresh in my mind. Hopefully this will help someone else, like other people's writings have helped me in the past. However, I don't really expect anyone to read this.
Let me explain the topics. First, technology and computer security. I've always liked technology and have an engineering degree. I enjoy building my own computers, playing with networks, and hacking anything that I can. I'm an Offensive Security Certified Professional and just took my CISSP exam. I'll try to document new technology, tablet, vulnerabilities, and other security topics. I especially want to document exploits that I have researched.
Gaming. When I have free time, I like gaming on many different platforms. That changed when our kids were born. Now that they are a little older, I can play some games with them, such a Skylanders. Now that I'm in flight training, gaming time will probably be limited to X-Plane.
Cars. My wife and I are looking for cars, so I've been doing a lot of research and will try to document my findings. She's interested in a Mazda 5, and I'm interested in a Subaru BRZ with 50 more horsepower. I've got my fingers crossed that 2014 will have an STI version.
Flying. As I mentioned above, I just started flight training. I've wanted to do this for at least 10 years. The first flight was a little overwhelming. By writing it down, I think I'll reinforce what I learned. This will be kept in a different blog: jbisflying.blogspot.com.
Cooking. Like I tell my wife, I don't like cooking. I like eating. Early on, I realized that meant I would have to cook food for myself if I wanted to eat well. I can't/won't eat out every day! Every once in a while, I run across a good recipe. I want to make sure I keep track of them.
Subscribe to:
Posts (Atom)