Summerschool Aachen 2004/Hidden Things Lab

From C4 Wiki
Jump to: navigation, search

Hidden Data

Slides & examples are at

The coffee table talk

The slides of the coffee table talk are online, you can find them here.

-- Ilja van Sprundel

Looking for authors of documents in Cambridge

I have scanned the * domain using google and wget and retrieved around 1000 M$ Word documents. I then put together a python script that makes a list of authors, documents, urls triplets. This indicates how profilic particular authors are (they have authored documents placed in many different URLs), and exposed quite a few little secrets.

-- user: George

Did I just 0wn a User Mode Linux?

I spend the lab session playing around with User Mode Linux (UML) and evaluating whether it was easy to identify UML from the "inside". It is... it seems like the developers do not intend to hide the "true" identity of a User Mode Linux at all.

After that i discussed some "breakout scenarios" with Thorsten.

I'll post some more on all that tomorrow...

-- Lutz Böhne

Simulating Web Activity

I've spent the time in the lab writing a perl script for simulating users browsing the web. It uses the immensely useful WWW::Mechanize::Sleepy module from CPAN. I have uploaded the script to Discovery.

At first I wanted to simulate SSH activity, but I decided that I didn't know enough about the SSH protocol and that it would take too much time to understand and modify the SSH source code.

-- Alexander Becher

Breaking sebek

I spend the first part of the lab making final adjustments to the slides of the coffee table talk. after the coffee table talk i intended to make some code to nop out most of the sebek stuff in kernel memory. While I was looking at the sebek code I found 2 bugs in the code that allows any user (that includes all non-root users) to circumvent the sebek logging. These findings will be released shortly.

-- Ilja van Sprundel

traceroute visualization

I worked on traceroute visualization. It was actually a lot of fun. Though I am unsure how usefull it is. I added some options, like showing the netname instead of the ip address.

--MM 17:11, 5 Oct 2004 (CEST)