Web Hosting:
Help Irongeek.com pay for bandwidth and research equipment:
Irongeek.com
Irongeek.com
Welcome to Irongeek.com, Adrian Crenshaw's Information
Security site (along with a bit about weightlifting and other things that strike
my fancy). As I write articles
and tutorials I will be posting them here. If you would like to republish one of
the articles from this site on your webpage or print journal please e-mail me. Enjoy
the site and write us if you have any good ideas for articles or links.
XSS, SQL Injection and Fuzzing Barcode Cheat Sheet Updated
I've added the ability to use any lower ASCII character you wish, you just have
to know its decimal equivalent. I've also constructed and
ASCII
barcode chart that should help. Let me know if you figure out how to type
Ctrl-Alt-Del with your keyboard wedge. :)
Side note, tomorrow night I'll be on
the ISD Podcast, episode 61. See you at
Shmoocon.
01/30/2010
Video:When
Web 2.0 Attacks - Rafal Los
Recorded at: Louisville OWASP Chapter - Fourth Meeting, Friday January 29th,
2010
Speaker: Rafal Los will be discussing Flash and Web 2.0 security
I used the same rig I hope to use for recording the Fireside talks at
Shmoocon.
XSS, SQL Injection and Fuzzing Barcode Cheat Sheet
I was listening to an episode of
Pauldotcom, and Mick mentioned something about attacks on systems via
barcode. Because of the nature of barcodes, developers may not be expecting
attacks from that vector and thus don’t sanitize their inputs properly. I had
previously written "XSS,
Command and SQL Injection vectors: Beyond the Form" so this was right up my
alley. I constructed this page that lets you make barcodes in Code 93, Code 39,
Code 39ext and Code 128A, B and C.
01/25/2010
Botnets Presentation For Malware Class
I have to present two papers for my malware class, so I figure I'd share my
practice video with my readers. Slides are available in
PDF and
PPTX
forms.
Setting up the HoneyBOT HoneyPot
HoneyPots are hosts meant to be attacked either to distract the attackers or to
research their techniques. This video will cover setting up a simple HoneyPot in
Windows using an application called HoneyBOT. I'll also talk a little about
capturing a pcap file with dumpcap for later analysis.
Speaking at the Shmoocon FireTalks
My presentation was not accepted for the normal Shmoocon talks, but I will be
doing a much shortened version for the
FireTalks at Shmoo. For those wondering what I'll be talking about:
Title:
Funnypots and Skiddy Baiting
Desciption: Ever wanted to screw with those that screw with you? Honeypots might
be ok for research, but they don’t allow you to have fun at an attacker’s
expense the same way funnypot and skiddy baiting does. In this talk I’ll be
covering techniques you can use to scar the psyche or to have fun at the expense
of attackers or people invading your privacy. Some of the topics to be covered
are: Fun with DNS and Loopback, SWATing for Packets, Lemonwipe your drive,
Robots.txt trolling, And more…
I think there are still some slots open for Firetalks, so please submit
something on the site linked to above if you have an idea.
Grecs gave me the go ahead to record the
short FireTalks at Shmoocon 2010. I've been messing around with AVISynth, and I
plan to use it to make the Fireside talks look somewhat professional, like the
ones Defcon releases. I re-encoded my "Bulilding a Hacklab" video to test out
how well the script would work,
here are the results. Let me know what you think.
WiGLE WiFi Database to Google Earth Client for Wardrive Mapping Tool Updated
Uploaded version 0.90. Once again, Wigle.net changed the way I had to query
their database, so I had to fix IGiGLE so it worked again. I also changed how I
got the zip code to lat/long to work.It may also now work with NAC, UTM
or a Great Britain telephone area code, but this needs more testing so please
let me know.
As a side thing, check out Webcam Studio For
GNU/Linux (WS4GL). I'm hoping as it matures I'll be able to use it as a
poorman's tri-caster when I record/stream presentations at hacker cons. The live
picture in picture or split screen is an awesome feature. Toss Patrick Balleux
some cash to encourage further development.
12/29/2009
Setting up an Ethernet bridge in Ubuntu Linux
In a previous video, I showed how to set up an
Ethernet bridge
in Windows XP. This is very useful for sniffing traffic leaving your LAN for
the purposes of IDS (Intrusion Detection System), network monitoring, statistics
or just plain snooping. In this video, I cover setting up an Ethernet bridge in
Linux. Other tools used in this video include Wireshark, TCPDump, Etherape and
Driftnet.
RSS