Web Hosting:
Help Irongeek.com pay for bandwidth and research equipment:
Irongeek.com
Irongeek.com
Welcome to Irongeek.com, Adrian Crenshaw's Information
Security site (along with a bit about weightlifting and other things that strike
my fancy). As I write articles
and tutorials I will be posting them here. If you would like to republish one of
the articles from this site on your webpage or print journal please e-mail me. Enjoy
the site and write us if you have any good ideas for articles or links.
Adrian
News/Change Log:
07/16/2009
NDiff:
Comparing two Nmap 5 scans to find changes in your network
Fyodor gave me a heads up that Nmap 5 was coming out, so I figured I'd do a
couple of videos on useful new features that come with Nmap 5 and later. For a
better understanding of Nmap in general, check out my older videos which I will
link to after the presentation. In this video I will cover the basics of using
NDiff to compare two seperate Nmap scans. This is really useful for change
management, where you want to know what new devices have appeared on your
network or about ones that have disappeared for some reason. You could easily
schedule Nmap to run on your network weekly, and then compare the differences
with NDiff to see what has changed.
As a side note, looks like I'm going to
Defcon. Thanks to Haxorthematrix,
Sereyna, Minoad, Mr. Bradshaw, George and anyone else who donated to my
Paypal so I could go.
07/11/2009
Exotic Liability Episode 25: Irongeek
sits inNDiff:
Comparing two Nmap 5 scans to find changes in your network
Fyodor gave me a heads up that Nmap 5 was coming out, so I figured I'd do a
couple of videos on useful new features that come with Nmap 5 and later. For a
better understanding of Nmap in general, check out my older videos which I will
link to after the presentation. In this video I will cover the basics of using
NDiff to compare two seperate Nmap scans. This is really useful for change
management, where you want to know what new devices have appeared on your
network or about ones that have disappeared for some reason. You could easily
schedule Nmap to run on your network weekly, and then compare the differences
with NDiff to see what has changed.
I came in as a guest of the Exotic Liability podcast, episode 25. I've not
listened to it yet, hope I came off ok. Some of the things we discussed include:
Incident response switchblade, Tiger Team: The Whole Story, Our neighborhood
memories, Kon-boot, Cool tools for data collection, P/W cracker speed test
challenge, Look at my thumb, Olympic games, Louisville Info Sec Conference,
Anti-forensics and Legalities. Thanks for having me on.
As a sidenote, I may
be going to Defcon after all but nothing is confirmed yet. I'll need to find
someone's floor to crash on Wednesday night as I think I'll be arriving a day
before the person I'm staying with the rest of the con.
07/09/2009
Incident Response U3 Switchblade From TCSTool
In Russell's own words: "The U3 incident response switchblade is a tool designed
to gather forensic data from a machine in an automated, self-contained fashion
without user intervention for use in an investigation. The switchblade is
designed to be very modular, allowing the investigator/IR team to add their own
tools and modify the evidence collection process quickly." This video shows you
how to setup u3ir, and modify it.
PHPIDS Install Notes and Test Page
I've been playing around with PHPIDS and have posted my notes on installing it
as well as details on the kinds of attacks by web site gets. Interesting, I get
a lot of attacks, mostly RFI.
As a side note, GFI was kind enough to sponsor
my site for two months, show our appreciation by trying out some of their
log and vulnerability
scanning software.
OWASP
Top 5 and Mutillidae: Intro to common web vulnerabilities like Cross Site
Scripting (XSS), SQL/Command Injection Flaws, Malicious File Execution/RFI,
Insecure Direct Object Reference and Cross Site Request Forgery (CSRF/XSRF)
This is a recording of the presentation I gave to the Louisville Chapter of
OWASP about the Mutillidae project. A while back I wanted to start covering more
web application pen-testing tools and concepts in some of my videos and live
classes. Of course, I needed vulnerable web apps to illustrate common web
security problems. I like the WebGoat project, but sometimes it's a little hard
to figure out exactly what they want you to do to exploit a given web
application, and it's written in J2EE (not a layman friendly language). In an
attempt to have something simple to use as a demo in my videos and in class, I
started the Mutillidae project. This is a video covering the first 5 of the
OWASP Top 10.
06/12/2009
Louisville Infosec Conference Looking
For Sponsors/Speakers
As many of you know, I'm involved with the local ISSA group here in the
Louisville area. They are looking for sponsors for the upcoming Louisville
Infosec conference (Thursday, October 8, 2009 at Churchill Downs). We had about
250 attendees last year, so it could be a good spot for advertising your company
via a booth. One of our keynotes this year is Johnny Long. John Strand and
Eugene Schultz should also be presenting. If you are interested in being a
sponsor email marketing (at) issa-kentuckiana.org and let them know Adrian sent
you. We also may have a few speaker slots open for the breakout sessions,
contact chair (at) louisvilleinfosec.com if you have a proposal. For more
information, check out the Louisville
Infosec Conference site.
06/10/2009
Speaking at the OWASP
Louisville meeting, June 19th 2009
Hi all, the local OWASP chapter has asked me to speak about the
Mutillidae project. While I'd like to cover all of the OWASP Top 10 that it
implements, I think there will only be time for the top 5. The description as
posted on their site follows:
The second OWASP meeting will feature a presentation from Adrian Crenshaw
of Irongeek. Adrian is a Louisville based Security professional that has
worked in the IT industry for the last twelve years.
Adrian runs the information security website Irongeek.com, which specializes
in videos and articles that illustrate how to use various pen-testing and
security tools. He's currently working on an MBA, but is interested in
getting a network security/research/teaching job in academia. Please see the
description from Adrian on his presentation on the 19th.
Title: Mutillidae: Using a deliberately vulnerable set of PHP scripts to
illustrate the OWASP Top 10 Description: A while back I wanted to start
covering more web application pen-testing tools and concepts in some of my
videos and live classes. Of course, I needed vulnerable web apps to
illustrate common web security problems. I like the WebGoat project, but
sometimes it's a little hard to figure out exactly what they want you to do
to exploit a given web application, and it's written in J2EE (not a layman
friendly language). In an attempt to have something simple to use as a demo
in my videos and in class, I started the Mutillidae project.
Mutillidae is a deliberately vulnerable set of PHP scripts meant to
illustrate the OWASP Top 10. This talk will cover installing Mutillidae in a
test environment, and how to use it to illustrate the OWASP Top 10 web
vulnerabilities in easy to understand terms.
Our meeting location will be at Memorial Auditorium, located at 970 S. 4th
Street (Corner of 4th Street and Kentucky Street).
This tool is for prevention.
ARPFreeze lets you setup static ARP tables so that attackers (using
Cain, Ettercap, Arpspoof or some other tool) can't pull off an ARP poisoning
attack against you.
06/03/2009
XSS, Command and SQL Injection vectors: Beyond the Form
We are all familiar with XSS via a form field in a web application, but what
about other vectors? The article talks about using User Agent strings, even
logs, object properties and other odd alternative vectors for XSS, SQL and
command injection. What other vectors can you think of?
06/02/2009
Another book for the list
Looks like my site has been mentioned in another book, Security+ Guide to
Network Security Fundamentals by Mark Ciampa. Thanks Mark.
802.11 Wireless Security Class for the Louisville ISSA Part 1
Originally, this was going to be one 4hr class, but Jeff had something come up
so he could not cover WEP/WPA cracking, and my section took so long that Brian
never got a chance to present his material on DD-WRT. I'm hoping to get them
back to do a part 2 of this video. In this section I cover the basics of WiFi,
good chipsets, open file shares, monitor mode, war driving tools, testing
injection, deauth attacks and the evil twin attack. Some of this comes out as
kind of a stream of consciousness, but hopefully you can find some useful
nuggets from my brain dump of what I've learned about 802.11a/b/g/n hacking. As
far as classes goes this is the mostly complicated one I've set up, and for a
wireless class Brian and I had to run a lot of wires. :)
RSS