Going-Dark-Still-e1357817594814-copy Just by way of Public Service Announcement, T3CHKOMMIE.com including all of its services will be going dark on the 28th of June and will not be expected to come back online until mid to end of July. We are in the process of moving back to the east coast and will be taking the servers with me. Feel free to check the Google cache if you need some scripts/documentation/help. We anticipate being back online before the end of the July. We also anticipate having much faster upload speeds to serve you T3CHKOMMIE.com content as fast as you can download it! Thank you again for visiting. We hope this humble little site has proved useful for you and that you come back and see us in a month or so!

email_white with blackIt has been quite some time since my last post and today I feel compelled to spill the beans on some magic many in the business world abuse: Email.

I am sure you have seen or know someone in your office that abuses Email. Maybe it is the person that doesn’t proof read their Emails and has to send out a redaction Email a few minutes later explaining a typo, an attachment they never attached, or my favorite, getting day/month/year wrong of an upcoming event. (more…)

CHIN0001 For those of you that follow the Naughty List, things have been quite for the past few weeks. Today, however, China has really stepped it up! Over 7000 attempts on my FTP server in the last few hours. Check out the new pie charts on site. China is dominating with over 80% of the total attempt account. Just another reason to make sure you have policies and devices in place to protect yourself from all those things that want in.

wp_bruteforce_opt1.png.scaled1000Hello everyone,

I wanted to spend a few minutes and try to illuminate this “everyone is stealing your passwords” scare over the last few days. Most of you may know about “The Naughty List” I have been keeping tabs on some of the bad things that go on.

First of all, I don’t consider a Brute Force attack an attempt to steal anything. Someone or something takes some wild guesses thousands of times in hopes that it guesses something eventually. It’s like someone coming to my house with a million keys and trying each one to see if any work. This method is far different then a skilled lock-picker with tools attempting to gain entry to my house. (more…)

TCPdStat is a very popular network capture analyzer. It breaks down a packet capture session into packet categories by protocol and then returns usable statistics that allow the user to understand more about the condition and traffic of the network during the TCPdump session. (tcpdump is a simple packet collector much like Wireshark but it is a command line only tool usually found in most Unix systems).

The Verdict


The Good: Powerful | Fast | Lightweight | Useful network details

The Bad: No GUI | Not well supported | Difficult to Install and not included in most Debian repositories | No PCAP-NG support

Recently, I have been mucking around on the Wireshark forums trying to get some details on a LUA script I was thinking about writing. I wanted to use Wireshark’s protocol analyzers and TCP Reassembler to write a script that would automatically sift through an offline PCAP capture file and reconstruct anything it could find. I got some help from the forums and was pointed to some other Network Forensic Analyst Tools (NFAT). The first one was Network Miner. (more…)

The Verdict


The Good: Super fast | Clean usable UI | Intuitive | Lots of information and details about the network | Auto reassembles files from TCP stream | Simple to install and run | Free

The Bad: Not beautiful | Installation isn’t really an “installation” | Free version is missing some nice bells and whistles | paid version too expensive

Last weekend I spent about 20 hours carving through two 40 GB hard disk images. This was an assignment to collect images of money from the hard drives to gain more experience with various forensics methods and tools. One hard drive was a Windows XP image, the other was a Linux flavor.

Each image contained more than 30 images of money, and the images were on the disk in various states. Some had been deleted but not yet over written, some had been saved with incorrect file extensions, and others were spread across different sectors of the disk or in various chunks of an archive files.

The Verdict


The Good: Very user oriented | Much better than the previous Web GUI | Organizes and sorts data by type | Media View for a preview of a the file | String View for looking at the character sequences of the files | Keyword Search | File Ingest-er quite fast for large images | Multiple image support

The Bad: Java! | Slower than sin when viewing larger files | Susceptible to crashing and hanging | Windows only

HackerInsideT3CHKOMMIE.com has implemented it’s “Naughty List”! The list should be visible on the right side of the site and scrolls through attempted attacks on our servers. The information is released to illustrate just how frequently bad people try bad things. We hope this will provide some entertainment while also encouraging others to be diligent in keeping their network assets, especially those facing the internet, safe and secure. We are working on building statistical analysis and graphs to represent the scrolling data in real time as well. Check the list frequently to get an idea of where typical attacks are coming from and what protocols they are going after! The List updates about every 30 min.