I recently visited Tokyo, Japan. Just as always, my curiosity got the best of me and I started to calculate the population density of the buildings where I was staying. Giving fudge factor of non-populated apartments, I estimated 8,500 families in twelve 15 story buildings, living in a 1.5 mile square piece of land.That’s CRAZY. Mass transit and unrestricted modes of transit are not a whim, they are a requirement. I bet you’re asking how this applies to security, or for that matter computers at all.
When I was in middle school, I told a lie. I was so good at telling lies, and remembering even the infinite details of these lies that I could make them believable. Later in life, I learned that this skill was called “Social Engineering ;-)”, but back to the story; I told everyone that I had won a shopping spree at “Incredible Universe”, now named “Fry’s”. Even the teacher believed me.
Let me preempt this post with the following facts: I am a white male veteran with amazing parents. I went to a good school, and was never under-valued by the people I cared about. I fit no minority profiles in other words. I tell you this so that you can latch on to it as why I don’t understand anything in your rebuttal. But I think this gives me a unique view on the issue.
Looking for local events? I’ve gotten a lot of people asking me recently where the local events are in DC, and I almost every time turn them to the awesome http://www.novainfosecportal.com/ which is hands down the best source for local events for the DC-NoVA-MD area, not just NoVA. Grecs (follow him on twitter) does an amazing job at keeping it up to date and filled with every event possible. (Subscribe to his google calendar of events, get the RSS feed.
Well, sorta… I created a meterpreter script that takes the cygwin bundled version of Metasploit inside of a NullSoft installer that HD Moore created and deploys it using meterpreter to the compromised host, extracts/installs it, and runs the shell. Now I left this intentionally open so that you could package your own cygwin bundle (possibly with nmap and netcat), for your own evil fun. Thanks defintely go to Carlos Perez (Dark0perator) and HD Moore for their help getting this bad boy working right.
There are a lot of tools that I find in my endeavors would be really helpful, but can’t find on the net for whatever reason. A portable version of of tshark that has ARP spoofing capabilities. I want to be able to drop the file, issue the arguments and pull the pcap back. A application that can sniff traffic from a specific process. Metasploit’s keylogger is sort of there as it only pulls keys from the process of which it is attached (DLL is to ‘fault’ for this).
Matt, from the Exotic Liability forums, posed a suggestion for a episode: “Getting started [in] reverse engineering hardware drivers?”. I thought this was an interesting topic to attack so, I dug a bit into my RSS feed pile of goo and compiled this list of links. Hope this helps Matt. Individuals — Skywing - http://www.nynaeve.net/ Egypt - http://0xegypt.blogspot.com/ Yoni - http://blogs.msdn.com/michael_howard/ Raymond Chen - http://blogs.msdn.com/oldnewthing/
Val Smith recently wrote a post on the new Attack Research / carnal0wnage blog titled: ”Security Conferences, pen tests and incident response” Here are my thoughts on what he wrote: In paragraphs 2-6 he talks about two points. The first being that Hacker Conferences have become sort of commercialized with most speakers going for their day in the lime light or to pimp some product/0day. And the second being a lot of the talks are things that most can’t go home / back to work and test out or implement.
I posted this walkthrough to the Metasploit mailing list, but thought that it would serve well here as well. Especially with the recent iPhone 3.0 “Special” download spam I recently received. The binary comes out to a whopping 97 bytes for the stager. Would be a blazing fast download and coupled with the IExpress “hack” would make for an very hard to spot payload. A really down and dirty explination of what PassiveX is and why it’s useful in this sort of situation is that instead of making a direct connection back to you, it uses an iexplorer process with a cool ActiveX control to talk back.
I recently posted a blog post to Exotic Liability’s website with the same title, and I realized that it would make a great thing to post to here, and update regularly, or just put it on the wiki I keep saying that I get going here. Enough rambling, here is how you can get your fill of security: Podcasting: GetMon - http://www.getmon.com/ - This is a great site because you can download or listen to any of the security podcasts right from their site if you want to.