Help Irongeek.com pay for
bandwidth and research equipment:

Web Hosting By:


Sponsored by:

Google
Affiliates:
















Irongeek's Featured Links:

Web Hosting

Web Hosting

Free Web Hosting hosting

Keylogger

Document Scanning

Free Domain Names

Notebooks

Recover Data

Free Antivirus

hosted exchange 2007

EC-Council ECSA Training Videos

Emergency Lights







































Web Hosting:
Help Irongeek.com pay for bandwidth and research equipment:

 

Irongeek.com

Irongeek.com

            Welcome to Irongeek.com, Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy).  As I write articles and tutorials I will be posting them here. If you would like to republish one of the articles from this site on your webpage or print journal please e-mail me. Enjoy the site and write us if you have any good ideas for articles or links.

Adrian

News/Change Log:
02/04/2010

I'll be at Shmoocon tomorrow, may have a live stream up some of the time
Don't know if I'll be able to manage it, but I may be streaming some of my activities from Shmoocon using WebCamStudio for Linux. If I can, you will see it below (or on the Irongeek.com site if you read this via RSS):
Free TV Show from Ustream

02/03/2010 XSS, SQL Injection and Fuzzing Barcode Cheat Sheet Updated
I've added the ability to use any lower ASCII character you wish, you just have to know its decimal equivalent. I've also constructed and ASCII barcode chart that should help. Let me know if you figure out how to type Ctrl-Alt-Del with your keyboard wedge. :)

Side note, tomorrow night I'll be on the ISD Podcast, episode 61. See you at Shmoocon.

01/30/2010 Video:When Web 2.0 Attacks - Rafal Los
Recorded at: Louisville OWASP Chapter - Fourth Meeting, Friday January 29th, 2010
Speaker: Rafal Los will be discussing Flash and Web 2.0 security

I used the same rig I hope to use for recording the Fireside talks at Shmoocon.

01/28/2010 Infosec Daily Podcast Episode 56
We are recording tonight, so it should be up by the morning. This time the tech segment will be on the recent bar code hacking project, which at Mick's suggestion now has XSS/SQL Injection for QR 2d bar codes.
01/28/2010 XSS, SQL Injection and Fuzzing Barcode Cheat Sheet
I was listening to an episode of Pauldotcom, and Mick mentioned something about attacks on systems via barcode. Because of the nature of barcodes, developers may not be expecting attacks from that vector and thus don’t sanitize their inputs properly. I had previously written "XSS, Command and SQL Injection vectors: Beyond the Form" so this was right up my alley. I constructed this page that lets you make barcodes in Code 93, Code 39, Code 39ext and Code 128A, B and C.
01/25/2010 Botnets Presentation For Malware Class
I have to present two papers for my malware class, so I figure I'd share my practice video with my readers. Slides are available in PDF and PPTX forms.
01/21/2010 Infosec Daily Podcast Episode 51
We are recording tonight, so it should be up by the morning. This time the tech segment will be on Tracking users, malware and data leaks via the USB serial numbers on flash drives, smart phones and MP3 players.
01/19/2010

 

Setting up the HoneyBOT HoneyPot
HoneyPots are hosts meant to be attacked either to distract the attackers or to research their techniques. This video will cover setting up a simple HoneyPot in Windows using an application called HoneyBOT. I'll also talk a little about capturing a pcap file with dumpcap for later analysis.
01/12/2010

 

Sitting in on Infosec Daily Podcast Episode 44
We are recording tonight, so it should be up by the morning. They are letting me do a tech segment on setting up an Ethernet bridge in Linux and network bridging in Windows. Also, I hope we will cover a bit about Google's reaction to China's attacks on human rights activist's Google accounts.
01/09/2010 Speaking at the Shmoocon FireTalks
My presentation was not accepted for the normal Shmoocon talks, but I will be doing a much shortened version for the FireTalks at Shmoo. For those wondering what I'll be talking about:

Title: Funnypots and Skiddy Baiting
Desciption: Ever wanted to screw with those that screw with you? Honeypots might be ok for research, but they don’t allow you to have fun at an attacker’s expense the same way funnypot and skiddy baiting does. In this talk I’ll be covering techniques you can use to scar the psyche or to have fun at the expense of attackers or people invading your privacy. Some of the topics to be covered are: Fun with DNS and Loopback, SWATing for Packets, Lemonwipe your drive, Robots.txt trolling, And more…

I think there are still some slots open for Firetalks, so please submit something on the site linked to above if you have an idea. Grecs gave me the go ahead to record the short FireTalks at Shmoocon 2010. I've been messing around with AVISynth, and I plan to use it to make the Fireside talks look somewhat professional,  like the ones Defcon releases. I re-encoded my "Bulilding a Hacklab" video to test out how well the script would work, here are the results. Let me know what you think.

01/05/2010 New Text Article: Tracking users, malware and data leaks via the USB serial numbers on flash drives, smart phones and MP3 players
In this article I talk about using the USB serial number some devices have for security and forensics purposes. By the way, I'm starting to use Twitter more, so feel free to follow me: @Irongeek_ADC
01/01/2010

 

WiGLE WiFi Database to Google Earth Client for Wardrive Mapping Tool Updated
Uploaded version 0.90. Once again, Wigle.net changed the way I had to query their database, so I had to fix IGiGLE so it worked again. I also changed how I got the zip code to lat/long to work. It may also now work with NAC, UTM or a Great Britain telephone area code, but this needs more testing so please let me know.
12/29/2009 Ethernet bridge in Ubuntu Linux video updated
I fixed the sound and frame size in the video I posted this morning.

As a side thing, check out Webcam Studio For GNU/Linux (WS4GL). I'm hoping as it matures I'll be able to use it as a poorman's tri-caster when I record/stream presentations at hacker cons. The live picture in picture or split screen is an awesome feature. Toss Patrick Balleux some cash to encourage further development.

12/29/2009

 

Setting up an Ethernet bridge in Ubuntu Linux
In a previous video, I showed how to set up an Ethernet bridge in Windows XP. This is very useful for sniffing traffic leaving your LAN for the purposes of IDS (Intrusion Detection System), network monitoring, statistics or just plain snooping. In this video, I cover setting up an Ethernet bridge in Linux. Other tools used in this video include Wireshark, TCPDump, Etherape and Driftnet.
More.........

blog comments powered by Disqus

Ten most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2010, IronGeek
Louisville / Kentuckiana Information Security Enthusiast

Alls good, in the hood.