Update to post: Metasploit Heart’s Microsoft Ok, so many people had issues with the Vimeo video, that I posted it to youtube in hopes that you’ll be able to play it all the way through. I still have no idea what the issue is, it’s played perfectly on all the computers that I’ve tried it on.
Recently I have been debating on whether to get a Netbook or the Kindle 2. (I am only in this debate because my lovely wife decided to buy a table and chairs, for the house. There is no winning when they buy things for ‘the house’ or ‘the kids’). Anyways, I tweeted up my dilemma and got a huge amount of responses. They came from both sides of the fence. Some said Kindle and some said Netbook, and they all had good arguments.
Most of you Twitterholics have seen this beautiful status. You get a total of 100 API calls per Twitter account per hour. What happens if you use all of your afforded calls? You can just use http://www.twitter.com/ no problem right? Well you loose a lot of what makes Twitter clients so useful (search, grouping, instant updates.. etc). Well, what if you leave you client up at home? TweetDeck by itself uses most of the API calls just by itself.
Hiding Meterpreter with IExpress from mubix on Vimeo. Using the IExpress, a built in tool (XP, not sure about other Windows versions), we package two executables together, so that the target is less likely to suspect foul play. Now, I used calc.exe, but you can use anything on both sides of the coin. Use a better game so that it’s easyier to dupe, or a different malicious executable (leekspin perhaps?
Official Press Release: February 24th, 2009. Kansas City, MO - The Cowtown Computer Congress (CCCKC) is happy to announce the opening of their Underground Lab to the public with a full week of events Beginning on March 2nd, the grand opening showcase the rich and vibrant community of creative minds in the Kansas City area. CCCKC, the first organization of its kind in the midwest, will serve the community by providing technology classes, donating unique projects to local organizations and technology assistance to those in need.
(This is the 3rd time I am writing this post, FF Fail, then Word crashed, so please excuse the lack of passion) The moment that PDANet published that they released an updated version that allows USB tethering, I ran home and “QuickPWNd” my phone (which took all 5 minutes). Loaded the app and now I had the coveted TETHERING. I was free of my bind to Comcast or Free Public Wifi.
Let me start off this post by saying that the main focus of any of these competitions is not to win, but to learn. Learning is usually accompanied by tears on the defenders side, but the best way to learn is to fail. That said though, the title of this post is about how to win: Planning Phase: This is where you win or lose. If you don’t have a good plan and a good team layout ahead of time, you are screwed.
So here is the deal. I have a ticket to the RSA Conference that is April 20-24 in San Francisco, at Moscone Center. I can’t use it. So I am offering it up as a bribe. Here is the bribe. I need a video of The Middler in action. From start (downloading) to finish (compromise / root / BeEF / owange) of another machine. The video must be without audio, pausing a bit with each step, and a maximum of 1020 x 720 in resolution preferably in Camtasia Studio format.
I got this off of a post by Jason Appelbaum and I thought it important to repost. We all need to remember where we came from once in a while. History of the Internet from Melih Bilgil on Vimeo.
It figures that someone who didn’t go actually made a list of tools. (Probably because they didn’t have to suffer the ShmooFlu) Check out: http://blog.security4all.be/2009/02/shmoocon-2009-overview-collection-of.html Thanks to Security4all for posting it up! If you see something that he doesn’t have, pictures, videos, links, or tools, please let him know. FireTalks / PodCasters Meetup audio can be found here soon: http://pcm.libsyn.com/