A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


 Irongeek.com

 Irongeek.com

            Welcome to Irongeek.com, Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy).  As I write articles and tutorials I will be posting them here. If you would like to republish one of the articles from this site on your webpage or print journal please e-mail me. Enjoy the site and write us if you have any good ideas for articles or links.

Adrian

News/Change Log:

04/13/2014 Notacon 11 (2014) Videos
These are the videos from the 11th Notacon conference held April 10th-13st, 2014. Not all of them are security related, but  I hope my viewers will enjoy them anyway. Thanks to Froggy and Tyger for having me up, and to the video team: Securi-D, Ross, KP, Jeff and myself (Let me know who else to add).

Track 1

Big Data Technology – The Real World ‘Minority Report’ - Brian Foster

Naisho DeNusumu (Stealing Secretly) – Exfiltration Tool/Framework - Adam Crompton

Wireless Mesh Protocols - Alex Kot

MDM is gone, MAM is come. New Challenges on mobile security - Yury Chemerkin

Moving the Industry Forward – The Purple Team - David Kennedy

Pwning the POS! - Mick Douglas

Nindroid: Pentesting Apps for your Android device - Michael Palumbo

Building a private data storage cloud - Michael Meffie

Lessons Learned Implementing SDLC – and How To Do It Better - Sarah Clarke

Plunder, Pillage and Print - Deral Heiland & Peter Arzamendi

Microsoft Vulnerability Research: How to be a finder as a vendor - Jeremy Brown & David Seidman

SMalware Analysis 101 – N00b to Ninja in 60 Minutes - grecs

Omega – A Universe Over IP - Mo Morsi

IRS, Identity Theft, and You (or Someone Pretending to Be You). - 123-45-6789

Track 2

All About the Notacon Badge -Sam Harmon

Collaboration between Artificial Intelligence and Humans: How to cure every disease within 50 years - Joe O’Donnell

Science “Fair” - The Nomad Clan

Hacking Your Way Into the APRS Network on the Cheap - Mark Lenigan

Dominate! (Or let your computer do it for you.) - Paul Jarc

Wearable Technology as Art for Countersurveillance, Cinemaveillance, and Sousveillance - Ross Bochnek

3D Printing for Work and Fun (temp title) - Mirabela Rusu

Comparing “Go Green” With “Common Sense” - Suellen Walker

Living in the Future: It seems to be in Beta - Jeff Goeke-Smith

A Brief Introduction to Game Theory - Charlotte DeKoning - Beyond Using The Buddy System - Holly Moyseenko & Kris Perch

 

03/27/2014 Lockade: Locksport Electronic Games
This page is mostly going to be a place holder till I get all the games up. Gamification can make learning more fun, and some people are inspired and motivated by competition. This talk will be on integrating hobbyist electronics with lock picking games. We will show rough schematics, release code, and invite people to play the games at cons.
03/10/2014 ASAReaper: Grab Configs From Multiple Cisco Devices Over SSH (Demos PExpect and AES Encrypted INI Files in Python) Updated
Mostly updated for longer timeouts and to use "more system:run" so you can save passwords in the configs too. You should now just have to edit the commandonall and prefixonall to set the script up to run a given command on a series of Cisco ASAs in every context.
03/10/2014

 

So does IU Southeast and Indiana University take Linda Christiansen's plagiarism seriously?
The answer is apparently no. I've includes my emails with IU officials on the matter. Apparently, plagiarism is ok at IU/Indiana University Southeast if you are tenured faculty and it's only a business law and ethics syllabus.
02/10/2014 BSides Huntsville 2014 Videos
These are the videos from the BSides Huntsville conference. Thanks to @PaulCoggin, @CharlineNixon and all of the BSides Crew for having me out to help record and render the videos. Sorry for the bad sound, we had to go ambient in a crowded room.

BSides Huntsville 2014 - Intro

Building The Future of P-12 Cyber Education - Dr. Casey Wardynski

Cyber Security Program At HAH - Dr. Ray Vaughn

1337 in the Library: Obtaining your information security education on the cheap - Adrian Crenshaw @irongeek_adc

Zero to Hero: Breaking into the security Field - Jeremy Conway

Certifications in Cybersecurity - Adam Wade Lewis

Trojans – The Forgotten Enemy - Dave Chronister

The Amazing Cybermen - Ben McGee

Why you are pwn’d and don’t know it! - Ben Miller

Cyber Security, What's The Fuss? - Deborah William

HTTPS: Now You See Me - Tim Mullican

Introduction to hacking with PowerShell - Scott Busby

All You Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches - Valerie Thomas - @hacktress09

Digital Energy BPT - Paul Coggin
02/01/014 Intro to Darknets: Tor and I2P Workshop
This class introduces students to the I2P and Tor Darknets. We cover setting up Tor & I2P, the basics of use, and how to make hidden services. We also go over case examples like Eldo Kim Harvard & the Harvard Bomb Threat, Hector Xavier Monsegur (Sabu)/Jeremy Hammond (sup_g) & LulzSec, Freedom Hosting & Eric Eoin Marques and finally Ross William Ulbricht/“Dread Pirate Roberts” of the SilkRoad, to explain how people have been caught and how it could have been avoided.
01/30/2014 10 Years Of Irongeek.com
Today marks the 10th anniversary of Irongeek.com's existence. Also, the Intro to I2P/Tor Workshop Notes have been updated.
01/21/2014

ShmooCon Firetalks 2014
These are the videos for the ShmooCon Firetalks 2014. Day 2 I overslept, but Squidly1 got me copies from Ted's recordings ( http://www.MediaArchives.tv ).

Thanks to:
http://novahackers.blogspot.com
http://www.irongeek.com

Day 1

Welcome grecs
Eyes on IZON: Surveilling IP Camera Security - Mark “@markstanislav” Stanislav
Get Out of Jail Free Cards? What Aviation Can Teach Us About Information Sharing - Bob “@strat” Stratton
Crossing the Streams with State Machines in IDS Signature Languages - Michael “@michaelrash” Rash
Another Log to Analyze – Utilizing DNS to Discover Malware in Your Network - Nathan “@HackHunger” Magniez
Windows Attacks: AT is the New Black - Rob “@mubix” Fuller
Weaponizing Your Pets: War Kitteh and the Denial of Service Dog - Gene “@gbransfield” Bransfield
Women's Tech Collective, and Gender Equality in Tech - Sarah “@dystonica” Clarke

Day 2

Welcome grecs
You Name It, We Analyze It - Jim “@JimGilsinn” Gilsinn
Having Your Cake and Eating It Too: FOIA, Surveillance, and Privacy - Michael “@theprez98? Schearer
Building An Information Security Awareness Program From Scratch - Bill “@oncee” Gardner
TrendCoins: Making Money on the Bitcoin/Altcoin Trends - Zac “@ph3n0? Hinkel
Writing Your Own Disassembler in 15 Minutes - Jay “@computerality” Little

01/17/2014 Installing Nessus on Kali Linux and Doing a Credentialed Scan
I recorded this video twice. First time, the sound was hideous when the fan came on. I decided to re-record it and post both versions. I cover installing Nessus on Kali Linux and doing Nessus credentialed scans using Windows passwords and Linux SSH keys.
01/13/2014 Update of the Linda Christiansen Plagiarism case in the article Critically Plagiarizing?: Ideas On Spotting Plagiarism
Just a small update after I got some data back from my open records request.
12/26/2013

SkyDogCon 2013 Videos
Here are the videos from SkyDogCon 3. Thanks to all of the SkyDogCon crew, especially @pentestfail who was in charge of video (I just spoke at this con, and killed my brain and liver cells). @pentestfail may still be working on some of the missing videos, so I plan to update this page later

Opening Remarks & Hack the Badge

Curtis Koenig: Hacking Your Career

Nathan Magniez: Alice in Exploit Redirection Land: A Trip Down the Rabbit Hole

Explanation of Contests

Security Phreak & SkyDog: The Dark Arts of OSINT

G. Mark Hardy: How the West was Pwned

Winn Schwartau: I Survived Rock and Roll!

Jon Callas: Do You Want to Know a Secret?

Billy Hoffman: Start Ups and Lessons Learned

Panel Talk: Building and Growing a Hacker Space With: l0stkn0wledge, Dave Marcus, and SkyDog

IronGeek & SkyDog: Con Video Rig Enhancements

Evan Booth: Terminal Cornucopia

Deviant Ollam: Android Phones Can Do That?!?: Custom Tweaking for Power Security Users

Branson Matheson: Hacking Your Minds & Emotions

Billy Hoffman: Inside the Hacker’s Studio Interviews Dave Marcus: Director and Chief Architect of Threat Research and Intelligence for McAfee®'s Federal Advanced Programs Group

Josh Schroeder: CCTV: Setup Attack Vectors and Laws

Travis Goodspeed: Building an Actively Antiforensic iPod

Branden Miller: NSA Wiretaps Are Legal and Other Annoying Facts

Branden Miller: DEFENSE-IN-DEPTH: FISTS, KNIFE, GUN

Vivek Shandilya: Lightning Talks

Charline Nixon: Lightning Talks

Chris Anderson: Operational Security and Your Mental Health

Michael Raggo: Data Hiding and Steganography

Closing Remarks / Good-Byes

12/26/2013 Intro to I2P/Tor Workshop Notes Updated
I'm working on updating my I2P/Tor Workshop Notes for a class I'll be doing soon. Please look at them and offer suggestions on extra topics I should cover.
12/26/2013 IU Southeast School of Business to offer an MIS (Management Information Systems) Masters degree? Yes, same people behind the IUS MBA.
I recently heard that IU Southeast is planning to offer an MIS (Management Information Systems) Masters degree. While I think their Computer Science and Informatics Schools seem good, since the degree would be co-ran by the School of Business I would not recommend it to anyone in the Louisville area under its current leadership. Anyplace where an IU Southeast Business Law & Ethics instructor appears to plagiarize on her own syllabus that warns that students will be instantly failed for plagiarism, and asking simple questions about laws as it relates to technology is considered "excessive us of jargon", is not a good place for IT people (and especially security people concerned with integrity) to be. While the School of Business at IUS has its current leadership, I strongly recommend that you steer clear if you really want to learn. Just figured I'd help others not go through the same things I did there.
12/14/2013 Intro to Metasploit Class at IU Southeast
This is a class we did to introduce students to Metasploit at IU Southeast. Special guest lecturer Jeremy Druin (@webpwnize). To follow along, I recommend downloading Kali Linux.
12/02/2013 Critically Plagiarizing?: Ideas On Spotting Plagiarism
Just a few tips for how to find plagiarism online, thanks to my old IU Southeast Business Law & Ethics teacher Linda Christiansen for giving me the example material.
11/11/2013

BSides Delaware 2013 Videos
These are the videos from the BSides Delaware conference. Thanks to all of the BSides Crew for having me out to help record and render the videos.

@bsidesde, @kickfroggy, @quadling


110 Years of Vulnerabilities 
Brian Martin, aka Jericho
HTML 5 Security
Justin Klein Keane @madirish2600

Cloud - Business and Academia - Bringing it all together
Cloud Security Alliance - Delaware Valley Board

Uncloaking IP Addresses on IRC
Derek Callaway @decalresponds

Baking, even more, Clam(AV)s for Fun & Profit.
Nathan Gibbs @Christ_Media

Introducing Intelligence Into Your Malware Analysis
Brian Baskin
	
ANOTHER Log to Analyze - Utilizing DNS to detect Malware in Your Network
Nathan Magniez @HackHunger

Software Security: Game Day.
Evan Oslick @eoslick

Winning isn't Everything: How Trolling can be as much Fun
Joey @l0stkn0wledge
 
Antipwny: A Windows Based IDS/IPS for Metasploit
Rohan Vazarkar & David Bitner

Playing the Forensics Game: Forensic Analysis of Gaming Applications For Fun and Profit
Peter Clemenko III

Project.Phree: Phucking the NSA
BTS (square-r00t)

Hacking Benjamins (Intro to Bitcoin)
Bob Weiss @pwcrack

Pentoo
Zero_Chaos
Wireless Penetration Testing For Realz
Mellendick 

How to Become an Unwitting Accomplice in a Phishing Attack
Mark Hufe @hufemj

LinkedAllUpIn Your Email
utkonos

Growing Up In The Information Security Community 
@Forgottensec
11/01/2013 ISSA Kentuckiana - RESTful Web Services - Jeremy Druin - @webpwnized
Jeremy Druin (@webpwnize) gave the following presentation at the Nov 2013 meeting of the Kentuckiana ISSA.
10/30/2013 Circle City Con (http://circlecitycon.com) Hacker/Security Conference happening on June 13-15, 2014, Hyatt Regency, Indianapolis Indiana
Looks like I have another almost local con to go to, Circle City Con in Indy! I'll be doing video baring unforeseen circumstances, and may toss something into their CFP (please consider sending something in). More info at http://circlecitycon.com or Twitter stalk them at @CircleCityCon.
10/20/2013

 

The Rest of the Hack3rcon^4 Videos
Here are there rest of the videos from Hack3rcon^4

ANOTHER Log to Analyze - Utilizing DNS to Identify Malware - Nathan Magniez

Netsniff-NG - Jon Schipp

SDRadio: Playing with your Dongle – An Introduction to Software Defined Radio Using Cheap TV Tuner Cards - Justin Rogosky

10/20/2013 Hack3rcon^4 Videos
As I post them, they will be at the link above. So far we have:

Advanced Evasion Techniques - Pwning the Next Generation Security Products - David Kennedy

Imaging a Skyscraper - Brian Martin

Character Assassination: Fun and Games with Unicode - Adrian Crenshaw

MS08-067 Under the Hood - John Degruyter

NSA Wiretaps are Legal and Other Annoying Facts - Branden Miller

Red Teaming Your Bug-Out Bag - Tom Moore

Making it Rain and Breaching the Levees - K.C. Yerrid

10/07/2013 Louisville InfoSec 2013 Videos Mostly Up

These are the videos from Louisville Infosec 2013 conference. There are not all up yet, but this is my place holder.

Mobile Security and the Changing Workforce - Matthew Witten

Burn it Down! Rebuilding an Information Security Program - Dave Kennedy (Pending review)

Weaponized Security - Kellman Meghu

Information Security in University Campus and Open Environments - Adrian Crenshaw

Past Due: Practical Web Service Vulnerability Assessment for Pen-Testers, Developers, and QA - Jeremy Druin (Pending finished upload)

STRC: The Security Training and Research Cloud - Jimmy Murphy

Assessing Mobile Applications with the MobiSec Live Environment - Nathan Sweeney

Attacking iOS Applications - Karl Fosaaen

Can cloud and security be used in the same sentence? - Joshua Bartley

Breaking SCADA Communications - Mehdi Sabraoui

FBI – InfraGard - Current Cyber Trends

How Do I Get There from Here? Security-to-Privacy Career Migration - Michael Carr

Assessing the Risk of Unmanaged Devices (BYOD) - Pete Lindstrom

Acquisitions…your latest zero day - Mitch Greenfield/Scott MacArthur

NIST and your risky application - Conrad Reynolds

Convergence: Configurations, Vulnerabilities and Unexpected Changes - Brian Cusack

What Healthcare Can Learn from the Banking Industry - Jim Czerwonka

Eliminating Data Security Threats And BYOS - David Braun

Awards

10/04/2013  Derbycon 3.0 Videos Tracks 3, 4, 5 & Stable Talks Posted

Track 3 (Teach Me)
It's Only a Game: Learning Security through Gaming – Bruce Potter
Ooops – Now What? :: The Stolen Data Impact Model (SDIM) – Brent Huston
Anti-Forensics: Memory or something – I forget. – int0x80
The Mysterious Mister Hokum – Jason Scott
Appsec Tl;dr – Gillis Jones
DIY Command & Control For Fun And *No* Profit – David Schwartzberg
IPv6 is here (kind of) – what can I do with it? – Dan Wilkins
Dancing With Dalvik – Thomas Richards
Big Hugs for Big Data – Davi Ottenheimer
Antivirus Evasion: Lessons Learned – thelightcosine
Jared DeMott – Is Auditing C/C++ Different Nowadays?
Getting Schooled: Security with no budget in a hostile environment – Jim Kennedy
Browser Pivoting (FU2FA) – Raphael Mudge
Taking the BDSM out of PCI-DSS Through Open-Source Solutions – Zack Fasel & Erin “SecBarbie” Jacobs
John Strand – Hacking Back – Active Defense and Internet Tough Guys
An Encyclpwnia of Persistence – Skip Duckwall & Will Peteroy
Your Turn! – Johnny Long – HFC
Practical File Format Fuzzing – Jared Allar
Surviving the Dead – Christopher ‘EggDropX’ Payne
How can I do that? Intro to hardware hacking with an RFID badge reader – Kevin Bong
A SysCall to ARMs – Brendan Watters
The Netsniff-NG Toolkit – Jon Schipp
Why Dumpster Dive when I can pwn right in? – Terry Gold

Track 4 (The 3-Way)     
Pigs Don’t Fly – Why owning a typical network is so easy – and how to build a secure one. – Matt “scriptjunkie” Weeks
Finding The Signal in the Noise: Quantifying Advanced Malware – Dave Marcus
Applying the 32 Zombieland Rules to IT Security – Larry Pesce
Windows 0wn3d By Default – Mark Baggett
Android 4.0: Ice Cream “Sudo Make Me a” Sandwich – Max Sobell
Attacking the Next Generation Air Traffic Control System; Hackers – liquor and commercial airliners. – Renderman
Antivirus Evasion through Antigenic Variation (Why the Blacklisting Approach to AV is Broken) – Trenton Iveys
Hello ASM World: A Painless and Contextual Introduction to x86 Assembly – nicolle neulist (rogueclown)
SQL injection with sqlmap – Conrad Reynolds CISA
The Internet of Things: Vulns – Botnets and Detection – Kyle Stone (@essobi) – Liam Randall
The Malware Management Framework – a process you can use to find advanced malware. We found WinNTI with it! – Michael Gough and Ian Robertson
Hack the Hustle! – Eve Adams
Operationalizing Security Intelligence in the Enterprise- Rafal Los
New Shiny in the Metasploit Framework – egypt
Everything you ever wanted to know on how to start a Credit Union – but were afraid to ask. – Jordan Modell
A developer’s guide to pentesting – Bill Sempf
Steal All of the Databases. – Alejandro Caceres
Sandboxes from a pen tester’s view – Rahul Kashyap
iOS Reverse #=> iPWn Apps – Mano ‘dash4rk’ Paul
Terminal Cornucopia – Evan “treefort” Booth
Wait; How is All This Stuff Free?!? – Gene Bransfield

Track 5 – Hybrid Room     
Building An Information Security Awareness Program from Scratch – Bill Gardner – Valerie Thomas
Malware : testing malware scenarios on your network – Tony Huffman (@myne_us) – Juan Cortes (@kongo_86)
Password Intelligence Project – Advanced Password Recovery and Modern Mitigation Strategies – John Moore “Rabid Security”
Tizen Security: Hacking the new mobile OS – Mark Manning (AntiTree)
RAWR – Rapid Assessment of Web Resources – Adam Byers – Tom Moore
Decoding Bug Bounty Programs – Jon Rose
Patching Windows Executables with the Backdoor Factory – Joshua Pitts
Jason Scott – Defcon Documentary Q&A
Panel: Building and Growing a Hacker Space – Joey Maresca – Dave Marcus – Nick Farr – SkyDog
SO Hopelessly Broken: the implications of pervasive vulnerabilities in SOHO router products. – Jacob Holcomb
Put Me In Coach: How We Got Started In Infosec – pr1me – Chris “g11tch” Hodges – Frank Hackett – Dave “ReL1K” Kennedy
Alice Goes Deeper (Down the Rabbit Hole) – Redirection 2.0 – Nathan Magniez
Emergent Vulnerabilities: What ant colonies – schools of fish – and security have in common. – Nathaniel “Dr. Whom” Husted
Why Your IT Bytes – Frank J. Hackett
Using Facial Recognition Software In Digital Forensics And Information Security – Brian Lockrey
How to Fight a War Without Actually Starting One – Brendan O’Connor
Crypto-Exploit Exercises: A tool for reinforcing basic topics in Cryptography – Nancy Snoke

Stable Talks
Gen Y:Getting Them to Talk Rather than Text at Work – Nancy Kovanic
Battle Scars And Friendly Fire: Threat Research Team War Stories – Will Gragido and Seth Geftic
Unmasking Miscreants – Allixon Nixon – Brandon Levene
gitDigger: Creating useful wordlists from public GitHub repositories – Jaime Filson (WiK)
PowerShell and Windows Throw the Best Shell Parties – Piotr Marszalik
Owning Computers Without Shell Access – Royce Davis
Sixnet Tools: for poking at Sixnet Things – Mehdi Sabraoui
Hardening Windows 8 apps for the Windows Store – Bill Sempf
Intro to Dynamic Access Control in Windows Server 2012 – Evan Anderson
Evolutionary Security – Embracing Failure to Attain “Good Enough” – Josh More
DIY Forensics: When Incident Response Morphs into Digital Forensics – John Sammons
ANOTHER Log to Analyze – Utilizing DNS to Discover Malware in Your Network – Nathan Magniez
Phishing Frenzy: 7 seconds from hook to sinker – Brandon <zeknox> McCann
Electronic Safe Fail: Common Vulnerabilities in Electronic Safes – Jeff Popio
The Good Samaritan Identity Protection Project  www.thegsipp.org – Zack Hibbard – Chris Brown and Jon Sternstein
Some defensive ideas from offensive guys. – Justin Elze and Robert Chuvala
Grim Trigger – Jeff “ghostnomad” Kirsch
A n00bie’s perspective on Pentesting… – Brandon Edmunds
My Security is a Graph – Your Argument is Invalid – Gabriel Bassett
Follow the Foolish Zebras: Finding Threats in Your Logs – Chris Larsen
Security Training and Research Cloud (STRC) – Jimmy Murphy
Passive Aggressive Defense – Jason Clark
So you want to be a pentester? – Raymond Gabler
Digital Energy – BPT – Paul Coggin
An Anti-Forensics Primer – Jason Andress
What if Petraeus was a hacker? Email privacy for the rest of us – Phil Cryer (@faker)
 

09/30/2013 Derbycon 3.0 Videos Tracks 1 & 2

I think I have all of tracks 1 and 2 posted:, more to come

Scanning Darkly - HD Moore (keynote)
Kinetic Pwnage: Obliterating the Line Between Computers and the Physical World - Ed Skoudis (keynote)
Look Ma - No Exploits! - The Recon-ng Framework - Tim “LaNMaSteR53? Tomes
Practical Exploitation Using A Malicious Service Set Identifier (SSID) - Deral Heiland
JTAGulator: Assisted discovery of on-chip debug interfaces - Joe Grand
Seeing red in your future? - Ian Iamit
TMI: How to attack SharePoint servers and tools to make it easier - Kevin Johnson and James Jardine
The High Risk of Low Risk Applications - conrad reynolds
It’s Okay to Touch Yourself - Ben Ten (Ben0xA)
Collaborative Penetration Testing With Lair - Tom Steele and Dan Kottmann
Malware Automation - Christopher Elisan
What’s common in Oracle and Samsung? They tried to think differently about crypto. - L·szlÛ TÛth - Ferenc Spala
Burning the Enterprise with BYOD - Georgia Weidman
Getting the goods with smbexec - Eric Milam(brav0hax) and Martin Bos (purehate)
Shattering the Glass: Crafting Post Exploitation Tools with PowerShell - Matt Johnson
Cheat Codez: Level UP Your SE Game - Eric Smith
My Experiments with truth: a different route to bug-hunting - Devesh Bhatt
The Art and Science of Hacking Any Organization - Tyler Wrightson
Living Off the Land: A Minimalist’s Guide to Windows Post-Exploitation - Christopher Campbell & Matthew Graeber
Cracking Corporate Passwords - Exploiting Password Policy Weaknesses - Minga / Rick Redman
Ownage From Userland: Process Puppeteering - Nick Cano
) UNION SELECT `This_Talk` AS (‘New Exploitation and Obfuscation Techniquesí)%00 - Roberto Salgado
Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network - SOLOMON SONYA and NICK KULESZA
Phishing Like The Pros - Luis “Connection” Santana
Raspberry Pi - Media Centers - and AppleTV - David Schuetz
Cognitive Injection: Reprogramming the Situation-Oriented Human OS - Andy Ellis
IOCAware - Actively Collect Compromise Indicators and Test Your Entire Enterprise - Matt Jezorek and Dennis Kuntz
Cash is King: Who’s Wearing Your Crown? - Tom Eston and Spencer McIntyre
Security Sucks - and You’re Wearing a Nursing Bra - Paul Asadoorian
Windows Attacks: AT is the new black - Rob Fuller and Chris Gates
How Good is Your Phish - @sonofshirt
Identifying Evil: An introduction to Reverse Engineering Malware and other software - Bart ‘d4ncind4n’ Hopper
How Im going to own your organization in just a few days. - RazorEQX
Pass-The-Hash 2: The Admin’s Revenge - Skip Duckwall and Chris Campbell
The Cavalry Is Us: Protecting the public good and our profession - Josh Corman
Love letters to Frank Abagnale (How do I pwn thee let me count the ways) - Jayson E. Street
The Message and The Messenger - James Arlen
50 Shades of RED: Stories from the "Playroom" - Chris Nickerson
Beyond Information Warfare “You Ain’t Seen Nothing Yet” - Winn Schwartau
Stop Fighting Anti-Virus - Integgroll
How the Grid Will Be Hacked - Josh Axelrod and Matt Davis
help for the helpdesk - Mick Douglas
Weaponizing your Coffee Pot - Daniel Buentello
Practical OSINT - Shane MacDougall (NOTE THAT THIS IS AN ADULT ONLY TALK - 18+ or older)
Stop making excuses; it’s time to own your HIV (High Impact Vulnerabilities) - Jack D. Nichelson
Uncloaking IP Addresses on IRC - Derek Callaway

09/29/2013 Derbycon 3.0 Videos
As I get them up, you can find them here. Big thanks to my video jockeys Robin, ladymerlin, Jennifer, Sabrina, Reid, Skydog, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, MadMex, Joey, Steven, Sara, Branden Miller and Night Carnage
09/18/2013 Unicode Security Notes Page
This page has notes for my HackerHalted and Hack3rCon talk.
08/24/2013 Unicode Text Steganography Encoders/Decoders
The idea of this page is to demo different ways of using Unicode in steganography, mostly I'm using it for Twitter. :) I have some notes on the bottom about how these Unicode characters show up or get filtered by some apps. Most of the algorithms should work ok on Twitter, Facebook however seems to strip out more characters. There seems to be no perfect character set.
08/09/2013 Every Unicode Character For Fuzzing and Research
I will be doing a talk on Unicode and security at Hacker Halted, as prep work I've generated some files with ever Unicode character. I'd be interested in knowing if any of them crash apps on you. Open with care.

Every Unicode Character Blob Page or TXT file
Every Unicode Character 80 Column Page or TXT file
Every Unicode Character With Hex Page or TXT file

08/06/2013

BSidesLV 2013 Videos
These are the videos from the BSides Las Vegas conference. Thanks to all of the BSides Crew for having me out to help record and render the videos. @bsideslv, @banasidhe, @kickfroggy, @quadling, @jack_daniel 

"The Security Industry - How to Survive Becoming Management" - Christien Rioux

Discovering Dark Matter: Towards better Android Malware Heuristics - Jimmy Shah, David Shaw, Matt Dewitt

Mom! I Broke My Insulin Pump... Again! - Jay "Rad" Radcliffe

Dungeons & Dragons, Siege Warfare, and Fantasy Defense in Depth - Evan Davidson and Noah Schiffman

HiveMind: Distributed File Storage Using JavaScript Botnets - Sean Malone

gitDigger: Creating useful wordlists from public GitHub repositories - WiK and Mubix

Collaborative Penetration Testing With Lair - Tom Steele and Dan Kottmann

Social Aftermath Responding to Social Pwnage - Steven F. Fox

Silence Equals Death - Violet Blue

The Cavalry Isn't Coming: Starting the Revolution to Fsck it All! - Nicholas J. Percoco and Joshua Corman

A Fire In The Eye - Olli-Pekka Niemi and Antti Levomaki

Defense Evasion Modeling - Frank Artes

"Malware Management Framework" - We detected WinNTI with it! - Michael Gough

Crunching the Top 10,000 Websites' Password Policies and Controls - Steve Werby

Governments and UFOs: A Historical Analysis of Disinformation and Deception - Richard Thieme

Strange interactions in personal data: Brokers and the CFAA - Christine Dudley

Diamonds, Fitness and Cults: Manipulation for Fun and Profit - Katie Rodzon

Vulnerability & Exploit Trends: A Deep Look Inside The Data - Ed Bellis, Michael Roytman

EC2 or Bust - How to Build Your Own Pen Testing Lab in Amazon EC2 - Grecs

Techniques for Escaping the AppSec Labyrinth - Andrew Hay

The Erudite Inebriate's Guide to Life, Liberty, and the Purfuit of Happinefs - Jack Daniel

Hack the Hustle! Career Strategies for Information Security Professionals - Eve Adams

Information Sharing, or "I've got 99 problems and they're probably pretty similar to yours" - Chris Mills

Convincing Your Management, Your Peers, and Yourself That Risk Management Doesn't Suck - Josh Sokol

How embracing social media helped me stop the hackers, save the world and get the girl! - Javvad Malik

Malware Automation - Christopher Elisan

Popping the Penguin: An Introduction to the Principles of Linux Persistence - Mark Kita

Network Survival WCS - James Costello

The Slings and Arrows of Open Source Security - Tod Beardsley and Mister X

What if Petraeus was a hacker' Email privacy for the rest of us - Fak3r

Never Mind Your Diet, Cut the Crap From Your Vocabulary - Keli Hay (Brian Martin)

The 7 habits of highly effective CISOs - Franklin Tallah (Wendy Nather)

The Little Dutch Boy - D0n Quix0te (Bill E. Ghote)

Stop Shooting Blanks: No magic bullets in your arsenal - Renegade6 (Nicolle Neulist)

Flameout - Burnout Supernova - Dan Ward (Ally Miller)

The Sensual Side of 3D Printing - Kat Sweet (Javvad Malik)

Fun with WebSockets using Socket Puppet - Mister Glass (Weasel)

Using Machine Learning to Support Information Security - Alex Pinto (Joel Wilbanks)

The Truth, You Thought We Wouldn't Know' - Wolf Flight (Terry Gold)

Vulnerabilities in Application Whitelisting: Malware Case Studies - Jared Sperli and Joe Kovacic (J0hnny Brav0)

The Goodness is Baked In: Baking Assurance into Software - Ebony (Davi Ottenheimer)

Matriux Leandros:An Open Source Penetration Testing and Forensic Distribution - Prajwal Panchmahalkar (Savant42)

Sixteen Colors: Archiving the Evolution of ANSI and ASCII Art - Doug Moore (Brendan O'Connor)

You Are Being Watched! - Bharat Jogi

Calling All Researchers: A Discussion on Building a Security Research Framework - Michael "DrBearSec" Smith

Evil Empire: SIEM FTW - EggDropX and Tha CheezMan

Attribution Shmatribution! FIX YOUR SHIT! - Krypt3ia

Breach Panel - Davi Ottenheimer, Raymond Umerley, Jack Daniel, Steve Werby, David Mortman & George V. Hulme

Roll-your-own Lightning Talks

Attacking and Defending Full Disk Encryption - Tom Kopchak

Say It to My Face - Shannon Sistrunk

Alex Dreams of Risk: How the Concept of Being a Craftsman can Help you Find Meaning and Avoid Burnout - Alex Hutton

You can't make people act more securely, you can help them want to. - Ivan Campbell and Twyla Campbell

08/02/2013 BSidesLV 2013 Videos
Putting these up at the link above as I get them together. This will take a bit, 5 tracks takes time. Follow @bsideslv for more.
07/14/2013 OISF 2013 Videos

These are the videos from the OISF Anniversary Event

Webshells History, Techniques, Obfuscation and Automated Collection - Adrian Crenshaw

Kali Linux Backtrack Linux reborn - Martin Bos

Locks & Physical Security - Deviant Ollam

Leveraging Mobile Devices on Pentests - Georgia Weidman

Reverse Engineering Demystified (a little maybe) - Chris Eagle

07/04/2013 Web Shells Collection Page Updated
I'm prepping to give my Webshells talk again at OISF and TakeDownCon Rocket City. I like to update things if I give a talk more than once, so I enhanced my script to save an archived copy of the webshells in a zip file so even if the infected host cleans it up (which they really should), it can be examined later.
07/04/2013 NQSFW Free CISSP Study Guide
I'm working on studying for a CISSP, so I figured I should record my notes. As I do them, I plan to post them here. @gozes also pointed me to http://www.opensecuritytraining.info/CISSP-Main.html which looks like a damn good resource.
06/21/2013 BSides Boston Videos
While at BSidesRI I met a bunch of folks from BSidesBoston. Roy asked me to put up a link to their videos:
https://www.youtube.com/channel/UCmPk1vRLVFIcYjXM9lWFUHA/videos
Next year I hope to be able to make it out there.
06/15/2013 All BSides Rhode Island Videos

Friday pre-con:

Large-scale application security - Charlie Eriksen
SMB SRMF for identifying top 10 risks - Jim Peeler
How I Do a Weekly Podcast (or Three) - Paul Asadoorian
Show and Tell: Super-Minipwner - James Edge
Opening the Treasure Chest-Attacking Network Attached Storage on a Pen Test - Russell Butturini

BSidesRI Track:

Hacking Your Neighbors for Fun! - Josh Wright
Public cloud PCI compliance or a sharp stick in the eye, which to choose? - Chris Brenton
Bite the Wax Tadpole - The importance of culture in user security - Kati Rodzon and Mike Murray
Exploiting the Top Ten Database Vulnerabilities and Misconfigurations - Josh Shaul
Exploit Development for Mere Mortals - Joe McCray
Future Trends in IT security - Ron Gula
The Freaky Economics Of Cybersecurity - Robert David Graham

PaulDotCom Track:

Booting the Booters, Stressing the Stressors - Allison Nixon and Brandon Levene
Talk More Better - Jack Daniel
Security Sucks, and You're Wearing The Nursing Bra - Paul Asadoorian (Not Recorded)
So, you want to compute post-apocalypse? - Larry Pesce & Darren Wigley
Feeling Sick? Healthcare Information Security - Roy Wattanasin
Blitzing with Your Defense - Ben Jackson
Lessons Learned: Why I became a PaulDotCom Intern and why you should become an Intern too. - Mike Perez
Learning Security on the Cheap (30 min) - Patrick Laverty

Download link coming later.

06/15/2013 BSides Rhode Island Videos
As I get them up, I'm putting them on this page above.
06/13/2013

 

ASAReaper: Grab Configs From Multiple Cisco Devices Over SSH (Demos PExpect and AES Encrypted INI Files in Python) Updated
Updated the code to make it easier to maintain and to fix a timeout issue. Also, Arne Lovius told me about a tool called Rancid (http://www.shrubbery.net/rancid) that can do the same thing as my script and more, but I figured the sample code is still of help to some.
06/13/2013

Indiana University (IU, IUS, IU*, Etc) Salaries
I noticed the someone visited my IU Southeast School of Business (MBA) Review page from a search for something like "IU Salaries". This made me curious as I knew Indystar had the information. Seems Indystar's page is having errors, another newspaper hides it behind a pay wall, and IU makes you login with an account AND use an on campus IP. My understanding is this information is suppose to be public, but it seem somewhat hard to find. As a public service, here is the 2012/2013 Salary information in HTML (Just for IUS) and Excel formats (all campuses) for easier parsing. Hopefully it helps alumni and the like consider if it is really a fruitful place to donate to (and how to earmark donations). For some of the pay levels, it really is a shameful waste.

06/07/2013

Kali Linux Live Boot USB Flash Drive - Jeremy Druin
Jeremy Druin (@webpwnize) gave the following presentation on creating a persistent Kali Linux thumbdrive install for the June 2013 meeting of the Kentuckiana ISSA.

05/27/2013 Webshell Demos And Notes
This is a page I'm putting together for my TakeDownCon and OISF talks on webshells. My slides are pretty text, link, command and code heavy, so this way I can just point the attendees to this page for all the notes and links.
05/24/2013

 

Webshell Collection Page Updated With Source Code
I have a script I run against my web logs periodically to see if anyone is trying to use a Remote File Include Webshell against my site. I've done some more filter work, and can now find more webshells with it. If you spot bugs in the code, please let me know. I'll also be speaking at TakeDownCon St. Louis and the OISF Anniversary Event on webshells, this is part of that project.
05/23/2013 About page and CV updated
I finished my Master of Science in Security Informatics, so I've update my "about" page and CV. Unfortunately, I did not maintain the straight A average I had in my Informatics courses (I made a B in Machine Learning, which equals calculus, linear algebra, matrix mathematics and pain), so I had to change a blurb in my IU Southeast School of Bussiness/MBA review about being a straight A student in my new program. I just wanted to have more integrity than the people at the IUS MBA program who still boast about being the 9th rated part time MBA from the Business Week ratings in 2009, forgetting to mention that they have fallen to 74th since then (University of Louisville is at 35 by the way). Now, I know my readers think I'm a little OCD about this subject, which I admit I am, but I think integrity and ethics are important in both business and infosec, especially in those who are supposed to be educating the future workforce and leadership. I don't want others looking for a Master degree in the Louisville area to go through the same things I did, at least then something good would have come from what happened to me. There is some reason to think that IUS may get better, Gil Atnip, Ruth Garvey-Nix, and Sandra R. Patterson-Randles are all either retired or retiring from their positions of power. Still, the kinds of people who seem to gravitate toward academic administration positions have a tenancy to be less than caring towards student concerns in my experience. They may be better now, one VC seems to care at least a little considering his visits to the page and another VC seemed to be a decent person in the one Philosophy class I had with him, but the current student affairs person refuses to even respond to questions. Also, people like Jay White, Jon Bingham, and Linda Christiansen are still in their positions of power in the school of business, not even chastised for their behavior. With that in mind, I still can't recommend IUS to the people I know in IT around the Louisville area. I'm really sort of torn about it, as I think the IUS Informatics and Comp-Sci programs are pretty good, and I know there a good professors out there in business, but I don't think most people are willing to speak out unless they are personally involved. If you go there for Informatics or Comp-Sci, I recommend going with one of the math science options instead of business.
05/20/2013

 

ISSA Kentuckiana Web Pen-Testing Workshop
Below are the videos form the Kentuckiana ISSA's Web Pen-Testing Workshop. It was put on in part to raise funds for Hackers For Charity. A few of theses are still uploading, but should be available shortly.
Part 1: Intro to Mutillidae, Burp Suite & Injection Jeremy Druin
Part 2: SQL Injection Conrad Reynolds
Part 3: Uploading a web shell via SQLi Jeremy Druin
Part 4: Authentication Bypass via SQLi & Cookie Tampering Jeremy Druin
Part 5: Intro to Kentuckiana ISSA Jeremy Druin
Part 6: Remote File Inclusion (RFI) & Local File Inclusion (LFI) Jeremy Druin
Part 7: Webshells Demo Adrian Crenshaw
Part 8: Intros to Speakers
Part 9: HTML & Javasript Injection XSS Jeremy Druin
Part 10: XSS & BeEF Conrad Reynolds
Part 11: What we have of CSRF (Camera ran out of space, slides kept going) Jeremy Druin
Part 12: JSON injection Jeremy Druin
04/21/2013 AIDE 2013: The rest of the videos
At this point I had to leave for Notacon to record their talk and was not there to run the slide capture rig for AIDE. I shanghaied some volunteers into recording, and while they did not get the slide rig working, we have the presenter and slides on camera. Thanks for filling in.

Boring eForensic Science Items - Brian Martin

Hackers in Unganda: A Documentary (Kickstarter Project) - Jeremy Zerechak

Small Businesses Deserve Security Too - Frank Hackett

Help from the helpdesk - Mick Douglas (@bettersafetynet)

Malware Analysis Triage for n00bs - Grecs (@Grecs)

CCDC and Industry - James L. Siegel Jr. (WolfFlight)

Building an Engaging and Effective Information Security Awareness and Training Program - Bill Gardner

04/21/2013

 

Notacon 10 Videos
These are the videos from the 10th Notacon conference held April 18th-21st, 2013. Not all of them are security related, but  I hope my viewers will enjoy them anyway. Thanks to Froggy and Tyger for having me up, and to the video team: SatNights, Widget, Securi-D, Purge, Bunsen, Fry Steve and myself (at least that is who it was last year, if you got he names for 2013 let me know).

Track 1

Model Integrated Computing (Code Generation) and how it loves you and deserves love back - Michael Walker

Guns & Privacy - Deviant Ollam

Domestic Preparedness (the zombie Apocalypse is nigh upon us) - Illustrious Niteshad & megalos

DIY Neuroscience, EMGs, EEGs, and other recordings - meecie

Hacking Your Ability to Communicate - kadiera

Lasers for Fun! Lasers for Science. Lasers for Security! - Ethan Dicks

Video Everywhere! aka The Personal Distributed HD Video Network - Woz

Esolangs - Daniel Temkin

How We Learned Security from Steve - ghostnomad, ghostnomadjr, knuckles & micronomad

Are we getting better? - Hacking Todays Technology - David Kennedy

Critical Making - Garnet Hertz

DC to Daylight: A whirlwind tour of the radio spectrum, and why it matters. - Stormgren

Skeleton Key: Transforming Medical Discussions Through 3D Printing - KK Pandya

Youthful Exploits of an early ISP - Dop & KevN

Whose Slide Is It Anyway? - nicolle @rogueclown neulist

Track 2

I Forked the Law and We All Won - Fork The Law

Make me Babyproof! - Gina “the kat” Hoang

The Maru Architecture Design: A proposed BYOD architecture for an evolving threat landscape - Michael Smith

You Keep A-Knockin’ But You Can’t Come In - grap3_ap3

Encryption for Everyone - Dru Streicher (_node)

How I Became an iOS Developer for Fun and Debt - Mark Stanilav

AR_GRAF.OBJ: a darknet for the nuEra ?? - kevin carey, shawne michaelain holloway & brian peterson

Creating professional glitch art with PoxParty - Jon Satrom & Ben Syverson

Let’s Go CSRF’n Now! - grap3_ap3

Bad Games Arcade - Jake Eliott

The Winamp Imperative - Yoz (sorry, audio died at 6:09)

04/18/2013 AIDE 2013
I got to record and put up a few videos from AIDE. I had to head to Notacon before I could record them all, but I left some gear so hopefully I'll have more to come. Recorded at AIDE 2013. Big thanks to Bill Gardner (@oncee) for having me out to record.

Network King Of The Hill (NetKotH): A hacker wargame for organizers who are lazy - Adrian Crenshaw (Irongeek)

Can You Hear Me Now? Leveraging Mobile Devices on Pentests - Georgia Weidman

RAWR (Rapid Assessment of Web Resources) - @al14s and @c0ncealed

04/11/2013 Hacker Swap Meet: Don't Let That Old Junk Go To Waste!
Many of us are tech pack rats, we have old gear laying around we don't use but don't want to just throw away. Got something you want to trade with other hacker/maker types? Too expensive to ship but you can drive it to a con you will be at anyway? Set up the trade at the new forums I put up. One man's treasure is another man's hazmat. If you don't see a con/meet spot listed here, let me know and I can add it.
http://www.hackerswapmeet.org/
I should have some old gear at Notacon I want to get rid of.
04/08/2013 Outerz0ne 9 (2013) Videos
These are most of the videos from the Outerz0ne 9 conference. I have a few more I have to get clearances on before I post them. Big thanks to Joey and Evan on the video crew.
SkyDog Kicks Off Year NINE! (Number Nine)
Gursev Kalra - Impersonating CAPTCHA Providers
Tuttle/Brimstone - State of the BitCoin Address; Pizza, Pirates, and Profiteers.
Halfjack - Living to the Singularity: Geeks Guide to a Healthy Lifestyle
Chad Ramey - Hacking the Atom
Jeremy Schmeichel & Brian Wilson - IPv6? Ain't Nobody Got Time For That!
Chris Silvers - Weapons of Miniature Destruction
Hacker Movie Challenge
Inside the Hacker's Studio - Billy Hoffman and IronGeek
Contest Prize Giveaway, Awards, Closing Ceremonies
Lightning Talks and such:
Andy Green - The Southeast Collegiate Cyber Defense Competition Lightning Talk
Lilyjade-v2.com - Why You Are Not Safe Lightning Talk
Presentation Karaoke

More.........

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast