Let me preempt this post with the following facts: I am a white male veteran with amazing parents. I went to a good school, and was never under-valued by the people I cared about. I fit no minority profiles in other words. I tell you this so that you can latch on to it as why I don’t understand anything in your rebuttal. But I think this gives me a unique view on the issue.
Looking for local events? I’ve gotten a lot of people asking me recently where the local events are in DC, and I almost every time turn them to the awesome http://www.novainfosecportal.com/ which is hands down the best source for local events for the DC-NoVA-MD area, not just NoVA. Grecs (follow him on twitter) does an amazing job at keeping it up to date and filled with every event possible. (Subscribe to his google calendar of events, get the RSS feed.
Well, sorta… I created a meterpreter script that takes the cygwin bundled version of Metasploit inside of a NullSoft installer that HD Moore created and deploys it using meterpreter to the compromised host, extracts/installs it, and runs the shell. Now I left this intentionally open so that you could package your own cygwin bundle (possibly with nmap and netcat), for your own evil fun. Thanks defintely go to Carlos Perez (Dark0perator) and HD Moore for their help getting this bad boy working right.
There are a lot of tools that I find in my endeavors would be really helpful, but can’t find on the net for whatever reason. A portable version of of tshark that has ARP spoofing capabilities. I want to be able to drop the file, issue the arguments and pull the pcap back. A application that can sniff traffic from a specific process. Metasploit’s keylogger is sort of there as it only pulls keys from the process of which it is attached (DLL is to ‘fault’ for this).
Matt, from the Exotic Liability forums, posed a suggestion for a episode: “Getting started [in] reverse engineering hardware drivers?”. I thought this was an interesting topic to attack so, I dug a bit into my RSS feed pile of goo and compiled this list of links. Hope this helps Matt. Individuals — Skywing - http://www.nynaeve.net/ Egypt - http://0xegypt.blogspot.com/ Yoni - http://blogs.msdn.com/michael_howard/ Raymond Chen - http://blogs.msdn.com/oldnewthing/
Val Smith recently wrote a post on the new Attack Research / carnal0wnage blog titled: ”Security Conferences, pen tests and incident response” Here are my thoughts on what he wrote: In paragraphs 2-6 he talks about two points. The first being that Hacker Conferences have become sort of commercialized with most speakers going for their day in the lime light or to pimp some product/0day. And the second being a lot of the talks are things that most can’t go home / back to work and test out or implement.
I posted this walkthrough to the Metasploit mailing list, but thought that it would serve well here as well. Especially with the recent iPhone 3.0 “Special” download spam I recently received. The binary comes out to a whopping 97 bytes for the stager. Would be a blazing fast download and coupled with the IExpress “hack” would make for an very hard to spot payload. A really down and dirty explination of what PassiveX is and why it’s useful in this sort of situation is that instead of making a direct connection back to you, it uses an iexplorer process with a cool ActiveX control to talk back.
I recently posted a blog post to Exotic Liability’s website with the same title, and I realized that it would make a great thing to post to here, and update regularly, or just put it on the wiki I keep saying that I get going here. Enough rambling, here is how you can get your fill of security: Podcasting: GetMon - http://www.getmon.com/ - This is a great site because you can download or listen to any of the security podcasts right from their site if you want to.
First of all, here is my slide deck from DojoSec with a couple added slides, words, and slight modifications: From Couch To Career In 80 Hours from Rob Fuller I have put this article off quite a few times due to some very cool and interesting things happening in our field as it applies to getting a job. That, and Matt Johansen beat me to it with his blog post titled: “A lot of Information Security Career Advice”, which I highly recommend you check out and add to your RSS reader.
Dark0perator and I will be giving a workshop at ToorCamp coming up July 2nd-5th: You can find us on the ToorCamp site: http://www.toorcamp.org/content/W13 Here is the description of our talk, save the bio(s): The Art of Pivot and Persistence: Shell is only the beginning. This workshop is based on the assumption that you have some level of access on a target system. From that it is demonstrated how to go from that level of access to taking over the whole company and how to keep that access, surviving reboots, AV scans, and even reimaging.