How To Start A Website

If you want to know how to start a website the right way then don’t get involved with these online businesses that offer you website design and a Page #1 listing on search engines. If they aren’t themselves on Page 1 how are they going to get you there? Even more ludicrous is those that promise a #1 listing!

A #1 listing on Google? For every customer? Get real! You know what? They will do as they say, otherwise it might be illegal, but they will give you a #1 listing for a keyword nobody ever uses. Like if you name is Jerry Yankovic IV they will give you a #1 listing for that. Know what I mean?

Forget it. Don’t pay to have your website built for you because it will cost a fortune, and you will be paying for ever to have it maintained. Do you really want to know how to start a website? DIY – that’s right. Do it yourself. That’s what I did and I did it myself.

I am going to take you along exactly the same road that led me to online success, and I will be with you all the way. It won’t be free, but your first few months won’t cost more than $500. What you will need is:

 

* A website and foolproof web design system
* Keyword research tools
* Traffic analysis software
* Search engine listing software
* Unlimited email addresses
* Unlimited autoresponders (to automate your business)
* A blog (to promote your business)
* A shopping cart system
* A means of receiving credit card payments
* Information on how to do it all
* Much more

 

I can offer you all of that and more for less than $500. Here’s the breakdown:

 

* Website: $299
* PayPal : FREE – this allows you to make and accept online payments by credit and debit card.
* All the rest of the above: INCLUDED
* My acclaimed eBook SEOcious selling at $47 FREE
* My article marketing encyclopedia Article Czar FREE

 

Check out internet millionaire Ken Evoy’s SiteBuildIt in a new window then return here if you are interested. He knows how to start a website – he is the master! If not, thank you for visiting, and please return again when you get into trouble. Only 1-5% people succeed online, but far more do so with one of Ken’s websites. I will help you with every step, though Ken’s instructions on how to start a website are truly foolproof – not the proverbial ‘foolproof’!
CHECK IT OUT HERE

OK,

If you are still here you liked what you saw, or are at least interested in being successful online at minimum cost with maximum help. You not only have my help but you also have Ken’s. Give it a go: $299 might seem a lot, but it isn’t. I spent thousands till I found this, and it turned my life around.

Email me your receipt and I will send you SEOcious and Article Czar free. Register for PayPal HERE.

If you prefer a more traditional credit card merchant register with
2Checkout HERE There is a $49 joining fee which is cheap compared to the $400+ charged by the major banks. They also offer a shopping cart.

No other website offering you information on how to start a website can offer you all of this.

DPAPIck v0.3 release notes

Well, I have to admit that it’s been a long time since I wrote here.

Lot of people complained during the past years that DPAPIck was only supporting Windows XP and Vista and basically wanted to know if one day we were going to support newer versions of Microsoft Windows.

Thanks to Francesco Picasso (@dfirfpi), this project now supports Windows versions from XP to the latest Windows 8.1 (sorry, we haven’t tested it on Windows 10 yet). He did the work and sent me a patch that allowed DPAPIck to run against Windows 7 blobs but it was also breaking XP support at the same time. So I took some extra time to give that a bit of polish and to improve a few things on how the tool was processing data.

As a side note, I wish to say that DPAPIck is an opensource project that currently relies on the amount of spare time I can dedicate to it (and being involved in other projects, this amount will not magically increase). But contributions are more than welcome, just like Francesco did.

So, let’s talk a bit on the changes/improvements that we made for v0.3 release:

  • Windows 7, 8 and 8.1 support (long story short, it seems that Microsoft learned how to read an RFC and changed one function on which DPAPI relies and which was not RFC compliant)
  • unit tests ; it was something I wanted to add for a long time to help me avoid stupid bugs and also to be able to extend this tool without experiencing functional regressions
  • iCloud probe (Francesco contribution)
  • Dropbox probe (again, thanks to Francesco for his contributions)
  • Serialization support of internal structures ; at the moment it may seem useless but this feature was needed for the upcoming next release, DPAPIck v0.4
  • PIP compliant installation so, hopefully, one would just have to type “pip install dpapick”
  • LSA secrets extraction supports newer Windows versions; here also Microsoft changed the underlying algorithms so I upgraded this part too (nothing fancy here, I just looked at the code of mimikatz)
  • LSA secrets now extracts both old and current values (previously, only the current value was extracted) and it can display also the timestamps associated with those values
  • Give the ability to add already decrypted masterkeys as well as their hash in the masterkeypool (the goal here is to provide ways of using DPAPIck with stuff that may be extracted at some point from memory dumps using volatility or from a live machine using mimikatz)
  • Improved the decryption algorithm to also test NTLM hash of the password (used for Windows 2000 backward compatible structures)

Is that it?

Well, we are already working with Francesco on DPAPIck v0.4 that is going to includes other big changes that we weren’t able to finish for this release.

Here is a rough overview of what to expect for v0.4:

  • bin/dpapidec tool will disappear for a better frontend (bin/dpapick) that can use the probes
  • Probes API will be upgraded to support the new frontend
  • leverage the serialization of internal structures (v0.3) to save/restore a state
  • Interactive shell as well as scripting support (something pretty similar to what volatility does)
  • Probably some new probes too
  • Python3 readiness (some dependencies such as M2Crypto might not be available in Python3)

On a bigger picture (i.e. features that I want to be there for DPAPIck v1.0), we are probably going to:

  • have a look at DPAPI-ng (used for connected Live accounts),
  • try to have a look on DPAPI related data that mimikatz can export to make them usable with DPAPIck.
  • try to add blob/masterkey creation capability
  • improve the inline documentation
  • provide some documention / guides on the wiki (specially for probes writing)

Leveraging that, DPAPIck would be able to act as a migration tool to import data from a computer A into a computer B, even if they don’t share the same Windows version. Another scenario would be to re-encrypt all the masterkeys with the current password to clear the CREDHIST file.

Again, if you want to contribute to this project, I’d be happy to integrate your patches/files in this project.

You can also use the bug tracker to ask for a feature request that we have not thought about. If you are requesting for additional, please, try to provide some test data for that.

Where to get it?

As usual, you can get the tool on Bitbucket either through mercurial or through the download section (click on the “Tags” tab).

If I didn’t screw up the installation system, you can also try “pip install dpapick” to get it on your computer and benefit from the upgrade capability that it provides 🙂

Filed under dpapi dfir roadmap python release

D-6 ?

Next week, DPAPIck will finally became the first opensource tool (GPLv3 licence) which is able to deal with DPAPI structures as well as the first tool that can do so from another operating system than Microsoft’s !

It has been entirely re-written in Python and only requires OpenSSL for decryption to be fully cross-platform. It is coming along with several applicative probes that embeds the decryption logic specific to each application that uses DPAPI (eg. Google Talk, Skype, Wireless keys, Internet Explorer, etc.).

And we are not releasing DPAPIck v0.2 alone ! It comes along with other surprises that we let you discover on August 🙂

Until the public release, you will be able to meet us, for the lucky ones who are attending BlackHat USA 2011 or DefCon 19. And if you are attending BlackHat, do not forget to go and see our presentation of OWADE, our new advanced forensic tool !

Filed under DPAPI BlackHat python OWADE

No, we’re not dead !

Pour la population francophone intéressée par DPAPI, nous avons rédigé un article qui sera publié dans la revue française MISC pour son numéro 56 (Juillet/Août).

Il reprend l’analyse des structures que nous avons publiée à BlackHat DC 2010, en incluant quelques corrections et quelques unes de nos avancées. Des bouts de scripts Python permettant de déchiffrer les structures sont également fournis dans l’article.

Nous continuons nos travaux sur le sujet et DPAPIck a été entièrement réécrit en Python pour faciliter les développements et les tests. Cette version devrait prochainement être mise à disposition de la communauté.

For non-French people, the above paragraphs are telling that we are about to publish an article about DPAPI in a French magazine that includes code snipplets in Python to decrypt the structures we talked about at BlackHat DC 2010.

We are still working on that subject and our tool, DPAPIck, has been entirely rewrote in Python to help us adding new features more easily. This new version may soon be made available to the community. Stay tuned !

Filed under publication magazine python DPAPI

Let’s talk about roadmap

I recently discovered that Bitbucket is not duplicating the issue tracker while forking a repository. Thus you don’t have any visibility on what’s going on for DPAPIck and that’s why I’m writing this post.

So, as far as we are going, this is why we planned to release for version 0.3:

  • EFS Certificate recovery
  • Inline documentation
  • bin tools rewriting to keep only one binary and link it to the probes (usage should be similar to volatility for those who are familiar)
  • Okteta support but low priority for this one…

Inline documentation is already done, EFS private decryption is done too but we need to add a PKCS#12 export function to keep the certificate with its private key and make it easy to work on EFS from Linux.

The bin tools rewriting is stale for the moment as I need to focus on another project. But as soon as I have time to go back on DPAPIck, I will finish this part and release a new version. Okteta support may be for a further version.

If you have any suggestion, any wish-list to add to our roadmap, feel free to leave a comment ! This blog is here for that kind of stuff too

1 4 5 6