Feel free to include my content in your page via my RSS feed Help Irongeek.com pay for bandwidth and research equipment:
Irongeek Security Hacking Illustrated Videos InfoSec Articles Mobile Pen-testing Tools Apps/Scripts Reviews RSS Your IP Podcasts Hoosier Hackers Newscat Links Contact Forums Workout Nutrition Supplements Humor Advertise Irongeek Campuses Fed Watch Books Store About
Search Irongeek.com: Affiliates: Web Hosting: Help Irongeek.com pay for bandwidth and research equipment:	Irongeek.com             Welcome to Irongeek.com, Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy).  As I write articles and tutorials I will be posting them here. If you would like to republish one of the articles from this site on your webpage or print journal please e-mail me. Enjoy the site and write us if you have any good ideas for articles or links. Adrian News/Change Log: 05/24/2013   Webshell Collection Page Updated With Source Code I have a script I run against my web logs periodically to see if anyone is trying to use a Remote File Include Webshell against my site. I've done some more filter work, and can now find more webshells with it. If you spot bugs in the code, please let me know. I'll also be speaking at TakeDownCon St. Louis and the OISF Anniversary Event on webshells, this is part of that project. 05/23/2013 About page and CV updated I finished my Master of Science in Security Informatics, so I've update my "about" page and CV. Unfortunately, I did not maintain the straight A average I had in my Informatics courses (I made a B in Machine Learning, which equals calculus, linear algebra, matrix mathematics and pain), so I had to change a blurb in my IU Southeast School of Bussiness/MBA review about being a straight A student in my new program. I just wanted to have more integrity than the people at the IUS MBA program who still boast about being the 9th rated part time MBA from the Business Week ratings in 2009, forgetting to mention that they have fallen to 74th since then (University of Louisville is at 35 by the way). Now, I know my readers think I'm a little OCD about this subject, which I admit I am, but I think integrity and ethics are important in both business and infosec, especially in those who are supposed to be educating the future workforce and leadership. I don't want others looking for a Master degree in the Louisville area to go through the same things I did, at least then something good would have come from what happened to me. There is some reason to think that IUS may get better, Gil Atnip, Ruth Garvey-Nix, and Sandra R. Patterson-Randles are all either retired or retiring from their positions of power. Still, the kinds of people who seem to gravitate toward academic administration positions have a tenancy to be less than caring towards student concerns in my experience. They may be better now, one VC seems to care at least a little considering his visits to the page and another VC seemed to be a decent person in the one Philosophy class I had with him, but the current student affairs person refuses to even respond to questions. Also, people like Jay White, Jon Bingham, and Linda Christiansen are still in their positions of power in the school of business, not even chastised for their behavior. With that in mind, I still can't recommend IUS to the people I know in IT around the Louisville area. I'm really sort of torn about it, as I think the IUS Informatics and Comp-Sci programs are pretty good, and I know there a good professors out there in business, but I don't think most people are willing to speak out unless they are personally involved. If you go there for Informatics or Comp-Sci, I recommend going with one of the math science options instead of business. 05/20/2013   ISSA Kentuckiana Web Pen-Testing Workshop Below are the videos form the Kentuckiana ISSA's Web Pen-Testing Workshop. It was put on in part to raise funds for Hackers For Charity. A few of theses are still uploading, but should be available shortly. Part 1: Intro to Mutillidae, Burp Suite & Injection Jeremy Druin Part 2: SQL Injection Conrad Reynolds Part 3: Uploading a web shell via SQLi Jeremy Druin Part 4: Authentication Bypass via SQLi & Cookie Tampering Jeremy Druin Part 5: Intro to Kentuckiana ISSA Jeremy Druin Part 6: Remote File Inclusion (RFI) & Local File Inclusion (LFI) Jeremy Druin Part 7: Webshells Demo Adrian Crenshaw Part 8: Intros to Speakers Part 9: HTML & Javasript Injection XSS Jeremy Druin Part 10: XSS & BeEF Conrad Reynolds Part 11: What we have of CSRF (Camera ran out of space, slides kept going) Jeremy Druin Part 12: JSON injection Jeremy Druin 04/21/2013 AIDE 2013: The rest of the videos At this point I had to leave for Notacon to record their talk and was not there to run the slide capture rig for AIDE. I shanghaied some volunteers into recording, and while they did not get the slide rig working, we have the presenter and slides on camera. Thanks for filling in. Boring eForensic Science Items - Brian Martin Hackers in Unganda: A Documentary (Kickstarter Project) - Jeremy Zerechak Small Businesses Deserve Security Too - Frank Hackett Help from the helpdesk - Mick Douglas (@bettersafetynet) Malware Analysis Triage for n00bs - Grecs (@Grecs) CCDC and Industry - James L. Siegel Jr. (WolfFlight) Building an Engaging and Effective Information Security Awareness and Training Program - Bill Gardner 04/21/2013   Notacon 10 Videos These are the videos from the 10th Notacon conference held April 18th-21st, 2013. Not all of them are security related, but  I hope my viewers will enjoy them anyway. Thanks to Froggy and Tyger for having me up, and to the video team: SatNights, Widget, Securi-D, Purge, Bunsen, Fry Steve and myself (at least that is who it was last year, if you got he names for 2013 let me know). Track 1 Model Integrated Computing (Code Generation) and how it loves you and deserves love back - Michael Walker Guns & Privacy - Deviant Ollam Domestic Preparedness (the zombie Apocalypse is nigh upon us) - Illustrious Niteshad & megalos DIY Neuroscience, EMGs, EEGs, and other recordings - meecie Hacking Your Ability to Communicate - kadiera Lasers for Fun! Lasers for Science. Lasers for Security! - Ethan Dicks Video Everywhere! aka The Personal Distributed HD Video Network - Woz Esolangs - Daniel Temkin How We Learned Security from Steve - ghostnomad, ghostnomadjr, knuckles & micronomad Are we getting better? – Hacking Todays Technology - David Kennedy Critical Making - Garnet Hertz DC to Daylight: A whirlwind tour of the radio spectrum, and why it matters. - Stormgren Skeleton Key: Transforming Medical Discussions Through 3D Printing - KK Pandya Youthful Exploits of an early ISP - Dop & KevN Whose Slide Is It Anyway? - nicolle @rogueclown neulist Track 2 I Forked the Law and We All Won - Fork The Law Make me Babyproof! - Gina “the kat” Hoang The Maru Architecture Design: A proposed BYOD architecture for an evolving threat landscape - Michael Smith You Keep A-Knockin’ But You Can’t Come In - grap3_ap3 Encryption for Everyone - Dru Streicher (_node) How I Became an iOS Developer for Fun and Debt - Mark Stanilav AR_GRAF.OBJ: a darknet for the nuEra ?? - kevin carey, shawne michaelain holloway & brian peterson Creating professional glitch art with PoxParty - Jon Satrom & Ben Syverson Let’s Go CSRF’n Now! - grap3_ap3 Bad Games Arcade - Jake Eliott The Winamp Imperative - Yoz (sorry, audio died at 6:09) 04/18/2013 AIDE 2013 I got to record and put up a few videos from AIDE. I had to head to Notacon before I could record them all, but I left some gear so hopefully I'll have more to come. Recorded at AIDE 2013. Big thanks to Bill Gardner (@oncee) for having me out to record. Network King Of The Hill (NetKotH): A hacker wargame for organizers who are lazy - Adrian Crenshaw (Irongeek) Can You Hear Me Now? Leveraging Mobile Devices on Pentests - Georgia Weidman RAWR (Rapid Assessment of Web Resources) - @al14s and @c0ncealed 04/11/2013 Hacker Swap Meet: Don't Let That Old Junk Go To Waste! Many of us are tech pack rats, we have old gear laying around we don't use but don't want to just throw away. Got something you want to trade with other hacker/maker types? Too expensive to ship but you can drive it to a con you will be at anyway? Set up the trade at the new forums I put up. One man's treasure is another man's hazmat. If you don't see a con/meet spot listed here, let me know and I can add it. http://www.hackerswapmeet.org/ I should have some old gear at Notacon I want to get rid of. 04/08/2013 Outerz0ne 9 (2013) Videos These are most of the videos from the Outerz0ne 9 conference. I have a few more I have to get clearances on before I post them. Big thanks to Joey and Evan on the video crew. SkyDog Kicks Off Year NINE! (Number Nine) Gursev Kalra - Impersonating CAPTCHA Providers Tuttle/Brimstone - State of the BitCoin Address; Pizza, Pirates, and Profiteers. Halfjack - Living to the Singularity: Geeks Guide to a Healthy Lifestyle Chad Ramey - Hacking the Atom Jeremy Schmeichel & Brian Wilson - IPv6? Ain't Nobody Got Time For That! Chris Silvers - Weapons of Miniature Destruction Hacker Movie Challenge Inside the Hacker's Studio - Billy Hoffman and IronGeek Contest Prize Giveaway, Awards, Closing Ceremonies Lightning Talks and such: Andy Green - The Southeast Collegiate Cyber Defense Competition Lightning Talk Lilyjade-v2.com - Why You Are Not Safe Lightning Talk Presentation Karaoke More......... 15 most recent posts on Irongeek.com: Webshell Collection Page Updated With Source Code About page and CV updated ISSA Kentuckiana Web Pen-Testing Workshop AIDE 2013:The rest of the videos Notacon 10 Videos AIDE 2013 Hacker Swap Meet: Don't Let That Old Junk Go To Waste! Outerz0ne 9 (2013) Videos Updated: Links for Doxing, Personal OSInt, Profiling, Footprinting, Cyberstalking

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2013, IronGeek
Louisville / Kentuckiana Information Security Enthusiast