Odd Pen-test: Security Camera

From: Yvan Boily (yboily_at_seccuris.com)
Date: 05/05/04

  • Next message: Yvan Boily: "Camera"
    To: <pen-test@securityfocus.com>
    Date: Tue, 4 May 2004 19:45:21 -0500
    
    

    I was recently given an odd project. Given a configured security camera in
    which the hardware configuration is password protected, break the password
    and modify the configuration.

    I am completely unfamiliar with this hardware, but am going to give it a
    try.

    The camera is GVI-BCDNIR, which connects to the monitoring station via a
    V+2001 Multi-4 PCI capture card.

    The software package is a suite called TotalSecure DVR 2.2 from Productive
    Consultants Inc.

    I am attempting to disassemle the software to identify the authentication
    mechanisms as a starting point, but any further suggestions?

    Yvan Boily
    Information Security Analyst
    Seccuris

    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------


  • Next message: Yvan Boily: "Camera"

    Relevant Pages

    • Solaris Security Summary
      ... Administering Security on the Solaris OE ... Configuration control, facility management, and system ... Authentication: The ability to prove who you are. ...
      (comp.unix.solaris)
    • Re: DCOM calls fails - access denied
      ... That's exactly how I understood the ASP.NET security. ... But why does one configuration work but not the other? ... should get the token from IIS. ... If you set there a domain account, ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • [TOOL] LogAgent, ASCII Log Monitor
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... LogAgent tries to fill that gap by monitoring the log files on ... for network-wide log file centralization. ... # This program gets its configuration from the file config.txt, ...
      (Securiteam)
    • Re: Security for 64 bit Vista Laptop
      ... Windows Defender is enabled, as is Windows firewall. ... I'd like to address strong security. ... Understanding and Configuring User Account Control in Windows Vista. ... Internet Explorer Enhanced Security Configuration changes the browsing ...
      (microsoft.public.windows.vista.security)
    • Re: Security for 64 bit Vista Laptop
      ... Windows Defender is enabled, as is Windows firewall. ... I'd like to address strong security. ... Understanding and Configuring User Account Control in Windows Vista. ... Internet Explorer Enhanced Security Configuration changes the browsing ...
      (microsoft.public.windows.vista.security)