Loaded C:\WINNT\system32\KERNEL32.dll differs from file image

I have recently been updating my Windows Forensics First Responder script and have noticed a number of servers reporting the following when using Sysinternals/Microsoft’s listdlls.exe.

*** Loaded C:\WINNT\system32\KERNEL32.dll differs from file image:
*** File timestamp:         Wed Apr 18 12:25:36 2007
*** Loaded image timestamp: Wed Apr 18 12:25:37 2007
*** 0x77e40000  0x102000  5.02.3790.4062  C:\WINNT\system32\KERNEL32.dll

Now I can think of lots of malicious reasons why this would be.  In fact I recently wrote on one of these reasons.   But I cant think of any legitimate reasons.

I’m not one to jump to conclusions without having evaluated all possibilities but my research is turning up almost nothing.

Can anyone think of a legitimate reason why windows would load kernel32.dll and then something alter it as its going into memory?

Thanks guys.

Why Won’t Dell Stop Sucking?!

For some reason people keep buying Dells.

I remember a couple of years ago all the small form factor optiplex’s I had suffered from a bad cap on the motherboard.  Eventually all of them just die.

My whole team at work have the same model workstation and the PSU went on each of them, one by one.

I have a service tag – the “serial number” unique to each computer – and type it into their site looking for drivers.  You would think, being that this tag is unique, that they could look up your computer and give you your network card drivers, your video driver etc.  NO!  Instead they give you the choice to download every driver for every chipset that was ever used on that given model.  Why do I have this service tag?!  Why don’t I just type in the model?!  Its the same results!

After all that people still buy these pieces of crap.  They never even question why that is.

A Very Righteous Hack

A roadside traffic sign in Austin, Texas was hacked into so that it displayed a message warning passing motorists of zombies ahead. Police are investigating the incident, and if they are caught, the perpetrators could face misdemeanor road sign tampering charges.  The vandals broke a lock on the sign and then managed to gain access to the computer that controls its readout because it was using a default password.  They also changed the password, so city employees had to wait for the manufacturer to reset the password before the sign could be changed.  A city spokesperson acknowledged that while “the sign’s content was humorous, … the act of changing it wasn’t.”


I have an issue of 2600 magazine from about 5 years ago that contains that default password.  I had always thought it would be funny if did something like this.  They even changed the default password.  How perfect.

DISCLAIMER: I do no endorse the “hacking” of morons who don’t change default passwords.

More on Heartland

Many experts continue to speculate on why it took so long for Heartland to identify and disclose the breach. According to the Storefront Backtalk report, the payment processor revealed the breach was first discovered in late October or early November, whereas previous statements indicated that it was only in the fall. The company has had two outside forensics teams and the Secret Service working on the problem for more than two months, and yet the “sniffer” software used to collect the data was located only last week.

Continue reading

Heartland Breach

Heartland Payment Systems acts as a payment gateway for credit card transactions for over 250,000 businesses. At some point a sniffer was installed in their data center intercepting all transactions. Some media outlets are calling this the “largest data breach ever”. They process “100 million credit card payments a month and more than 4 billion transactions per year” but currently have no idea when the malicious software was installed.

Continue reading

Dark Horse 4 – Sweet Stout

I have made a number of stout recipes since I started home brewing.  I beleive I have finaly refined my recipe down to perfectly suite my tastes.  This one falls under the BJCP category of 13b. Sweet Stout.  This is sometimes called a milk stout, cream stout or breakfast stout.

My base recipe I beleive is sound, but I’m not 100% sure what I want to do with it after I transfer it to the secondary firmentation vessel.  Because of this I will be transfering into 5 x 1gal secondaries instead of 1 5gal.  At that point I can do whatever additives I like and compare.  So far I beleive this is the plan.

1. Control.  Leave it as is with no additives
2. Cherry Extract (Organic)
3. Hazelnut Extract (Organic)
4. Chocolate Bar or Extract (Organic)
5. Either dry hopped with American Cascade hops or float oak chips for the “oak barrel aged” flavor.

I will let everyone know how it turns out. 🙂

I cant speel or gramer to good.

I cant speel or gramer to good.

People poke me with pointy stiks wen I spel bad, but still I sucks.

Seriously though, I have never been able to spell and get silly words mixed up (like then and than or there, their and they’re).  Attending school in a time before computers were common made this more problimatic.  Spell and grammer check have helped me a great deal but have become dependant on them.

My thinking and research are sound, and I enjoy publishing my work, but if I only had a secretary. 🙂

Homebrewing with Honey

Missy and I brewed up our first Mead the other day.  I have been using The Complete MeadMaker by Ken Schramm and Making Wild Wines & Meads by Pattie Vargas & Rich Gulling as my resources.

We decided to make a braggot instead of a straight up mead.  That is a very honey heavy beer.  Mead with malt, carbonation and sometimes hops.

Normally a beer with honey contains about 1lb of honey… this braggot contains 15 lbs.  We are calling it the “+1 Braggot of Drunkening”.

Leafing through these two books brought question to how I have always brewed with honey.

On page 41 of The Complete Meadmaker I read:

“Dr. Johnathan White of United States Department of Agriculture (retired) did a tremendous amount of research on honey and concluded that the amount of heat exposure needed to kill off the wild yeast in honey is as little as fine minutes at 150 F (66 C), or about 22 minutes at 140 F (60 C).”

In making previous batches of beer we added the honey at the beginning of the boil so the honey is exposed to 60-90 minutes of boiling temperatures.  According to this research that will kill a great deal of the aroma and flavor that honey contributes.

Brewing with honey, according to this research can be difficult.  We heated the honey in a seperate brew kettle (140 F for 22 minutes) and timed it so that its cook time ended about 10 minutes after the wort boil.

I have a brewmometer on my kettle so I waited till my wort chiller brought the wort to 140 F and then added the honey.

Our braggot is about 1-2 days from being transfered to the secondary.  I will let everyone know how it turns out.  If you know me, maybe you will be lucky enough to score a bottle or two. 🙂