The Backtrack 4 Final release happened today.

Both the Backtrack 4 USB/Persistent Changes/Nessus how-to and the Backtrack 4 with "Full" Disk Encryption how-to have been updated to reflect this release.



I made some minor updates to to my Backtrack 4 – Bootable USB Thumb Drive with “Full” Disk Encryption.

I fixed a few typos and added a section towards the end that shows how to mount your encrypted volume from the Live CD/USB drive in the event you have issues and need to fix things.

I also added a bit that should get rid of the 'can't find modules.dep' warning that appears at boot time.


{ 1 comment }

I have made an important update to the Backtrack 4 USB "Full" Encryption How-to.

I forgot to include the step where you select the drive install the boot loader to. Missing this step can cause the operating system on the machine you are using to not boot. Please review the how-to.

Below are some links to instructions on repairing boot records for a few common operating systems in case I am too late with this update:

Windows XP:

Windows Vista/7:

Ubuntu Linux:

I apologize for any issues that may have occurred due to my oversight.



My Backtrack 4 – USB/Persistent Changes/Nessus How-To has been updated again. Changes below

  1. Updated Nessus install procedures for version 4.2.0.
  2. Moved the 'apt-get upgrade' section to before the Truecrypt volume creation section. We now have enough updates that the initial update runs out of disk space before completing if the Truecrypt volume was created first.

The updated version is here.

The pdf has also been updated and can be found here.

I have, however, also kept the previous version available and it can be found here.

As usual, let me know if you find any issues or problems.



Hi folks.

The Backtrack 4 USB Drive How-to has undergone a huge re-write. One of the largest changes is that we are no longer using UNetBootin except for one minor thing and then only if you want to. Everything is done from within Backtrack itself now.

Another change is that I have added instructions on setting up encryption with Truecrypt directly into the how-to. Finally, I have added some interesting tweaks such as mounting the Truecrypt volume on boot, changing root's home directory to the encrypted volume on the fly and setting nessus up to log to the encrypted directory.

It still lives in the same place.

If you were using the old how-to and don't want to start over, it is living here now. The parts of the new how-to on encryption and tweaks will still work with the old how-to if you just want to add that bit.

As always, let me know of any problems, typos, mistakes, etc. of which I am sure there are plenty. 🙂



Woot. Offensive Security has released Backtrack 4 Pre-Final to the public.

I updated my Backtrack 4 USB/Persistent Changes/Nessus How-to a couple weeks ago with instructions, but a public link was not available.  The how-to has been updated with download locations and links to the md5sum and sha256sums.

Have fun.



Detecting Conficker – Updated

by kriggins on March 30, 2009

in Tools

Well, sometimes copy and paste works and sometimes it doesn't. The link was broken. Go here:

About half way down the page is a proof of concept network scanner put together by Felix Leder and Tillman that can detect if a system is infected with Conficker. No system access or authentication needed. Great job gentlemen.

I also understand there is a Nessus plugin available now and also a nmap NSE script on the svn respository.

Reblog this post [with Zemanta]


Yup. You guessed it. A new how-to that walks you through creating a bootable Backtrack 4 USB thumbdrive. This time we don't need to worry about updating Firefox or nmap though. You can find it at the link below.

Backtrack 4 - USB/Persistent Changes/Nessus

As always, let me know if you find any problems or have any suggestions.



Top 25 Coding Errors Released

by kriggins on January 12, 2009

in Educational, programming, Tools

In today's Bits post, I mentioned that a top 25 coding errors report was going to be issued today. Well, it's happened. From the SANS website:

Today in Washington, DC, experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime.

The web page listing all the information about the project is here.

There is good stuff there that should be looked at by all who are involved in information security, not to mention those involved in developing programs.


, ,

Reblog this post [with Zemanta]


@hevnsnt posted the following message to Twitter this morning.

hevnsnt watching Strand's hacker vids at

There are some nice videos there. Here are the titles of a few with direct links:

Definitely worth spending some time on.


, , ,