Most of you Twitterholics have seen this beautiful status. You get a total of 100 API calls per Twitter account per hour. What happens if you use all of your afforded calls? You can just use http://www.twitter.com/ no problem right? Well you loose a lot of what makes Twitter clients so useful (search, grouping, instant updates.. etc). Well, what if you leave you client up at home? TweetDeck by itself uses most of the API calls just by itself.
Hiding Meterpreter with IExpress from mubix on Vimeo. Using the IExpress, a built in tool (XP, not sure about other Windows versions), we package two executables together, so that the target is less likely to suspect foul play. Now, I used calc.exe, but you can use anything on both sides of the coin. Use a better game so that it’s easyier to dupe, or a different malicious executable (leekspin perhaps?
Official Press Release: February 24th, 2009. Kansas City, MO - The Cowtown Computer Congress (CCCKC) is happy to announce the opening of their Underground Lab to the public with a full week of events Beginning on March 2nd, the grand opening showcase the rich and vibrant community of creative minds in the Kansas City area. CCCKC, the first organization of its kind in the midwest, will serve the community by providing technology classes, donating unique projects to local organizations and technology assistance to those in need.
(This is the 3rd time I am writing this post, FF Fail, then Word crashed, so please excuse the lack of passion) The moment that PDANet published that they released an updated version that allows USB tethering, I ran home and “QuickPWNd” my phone (which took all 5 minutes). Loaded the app and now I had the coveted TETHERING. I was free of my bind to Comcast or Free Public Wifi.
Let me start off this post by saying that the main focus of any of these competitions is not to win, but to learn. Learning is usually accompanied by tears on the defenders side, but the best way to learn is to fail. That said though, the title of this post is about how to win: Planning Phase: This is where you win or lose. If you don’t have a good plan and a good team layout ahead of time, you are screwed.
So here is the deal. I have a ticket to the RSA Conference that is April 20-24 in San Francisco, at Moscone Center. I can’t use it. So I am offering it up as a bribe. Here is the bribe. I need a video of The Middler in action. From start (downloading) to finish (compromise / root / BeEF / owange) of another machine. The video must be without audio, pausing a bit with each step, and a maximum of 1020 x 720 in resolution preferably in Camtasia Studio format.
I got this off of a post by Jason Appelbaum and I thought it important to repost. We all need to remember where we came from once in a while. History of the Internet from Melih Bilgil on Vimeo.
It figures that someone who didn’t go actually made a list of tools. (Probably because they didn’t have to suffer the ShmooFlu) Check out: http://blog.security4all.be/2009/02/shmoocon-2009-overview-collection-of.html Thanks to Security4all for posting it up! If you see something that he doesn’t have, pictures, videos, links, or tools, please let him know. FireTalks / PodCasters Meetup audio can be found here soon: http://pcm.libsyn.com/
The official link is up and here it is.. well, until they release the beta: http://inguardians.com/tools/middler-alpha.tgz Keep up with http://www.inguardians.com/ for all of their great tools.
Metasploit is awesome, but some don’t know that their are updates all the time via SVN, and even fewer know of places to get good non-svn modules / scripts. Here are a few of my favorites: https://www.securinfos.info/metasploit/msfxdc.php http://metasploit.com/users/mc/ http://darkoperator.blogspot.com – newly added, check out the CookieMonster script and a host of others: http://pentest.cryptocity.net And of course: http://carnal0wnage.blogspot.com/