Dark0perator and I will be giving a workshop at ToorCamp coming up July 2nd-5th: You can find us on the ToorCamp site: http://www.toorcamp.org/content/W13 Here is the description of our talk, save the bio(s): The Art of Pivot and Persistence: Shell is only the beginning. This workshop is based on the assumption that you have some level of access on a target system. From that it is demonstrated how to go from that level of access to taking over the whole company and how to keep that access, surviving reboots, AV scans, and even reimaging.
I highly recommend both of these courses, and the chance to get in front of the instructors and ask questions live is worth it IMHO. So bang on those manager doors and work it out, because seats fill quickly and they are limited. **Check out the [Offensive Security - Instructor Lead Training](http://www.offensive-security.com/ilt.php) page for updated information.** We are excited to announce our next Offsec Live Classes. Since you asked to be notified of our next dates you will be happy to be among the first to have your teams invited to one of our next classes.
Stolen from: http://www.flickr.com/photos/31513605@N05/
DojoSec Monthly Briefings - April 2009 - Rob Fuller (mubix) from Marcus J. Carey on Vimeo.
Now, before you get all huffy about the title, it’s not what you think. Keep reading: It’s been 20 days since I received my Kindle 2 (word of warning, NEVER use USPS. Spend the money; it’s not worth the stress). But enough of lullygaging, let me get straight to it: Advertised Features: Email DOC, HTML/HTM, JPEG/JPG, GIF, PNG, BMP (Also, everything can be put in a ZIP for one time sending).
Last Friday (March 6th, 2009) I posed the question above. What I got in return was nothing short of amazing, and to tell you the truth, it amazed me how the tally rounded out. I categorized the answers and counted them up (MANAGERS, listen up!): (12 votes) - Security Fundamentals: This category involves the application of A/V, IDS/IPS, basic safe surfing techniques, least privilege use, and an understanding of phishing.
First I wanted to say, sorry for this and the last installment of Room362 being non-technical. They are topics that I feel strongly about and so felt impelled to share.One of the biggest problems in the world, IMHO, are people who have unfounded hate. This is compounded by the anonymity of the Internet. Allowing that hate to have no reprocussion or identity. Let me also say I have a deep respect for Free Speech, the depths of which I fear, few truly know.
My recent post “OzymanDNS - Tunneling SSH over DNS” caused a good friend, and someone I highly respect in the information security field, Dave Hull from Trusted Signal, to call me out on the ethics of the post. Instead of lying to you, Dave, and to myself, I did not put any thought into the ethics of the post until Dave brought it up. Well, except for that auto subconscious RIGHT/WRONG check.
Hak5 Episode 504 Shownotes (In the episode I say that it’s cross platform, use the release links for the Windows binaries to get it working on windows or use cygwin) DISCLAIMER - I IN NO WAY ENDORSE ILLEGAL ACTIVITIES - USE THE FOLLOWING GUIDE IN A TEST ENVIRONMENT OR AT YOUR OWN LEGAL RISK. UPDATE:Thanks to Chris Gates and Robin Wood for pointing me towards a fixed up version of OzymanDNS and a great tutorial: HERE
Update to post: Metasploit Heart’s Microsoft Ok, so many people had issues with the Vimeo video, that I posted it to youtube in hopes that you’ll be able to play it all the way through. I still have no idea what the issue is, it’s played perfectly on all the computers that I’ve tried it on.