Web Hosting:
Help Irongeek.com pay for bandwidth and research equipment:
Irongeek.com
Irongeek.com
Welcome to Irongeek.com, Adrian Crenshaw's Information
Security site (along with a bit about weightlifting and other things that strike
my fancy). As I write articles
and tutorials I will be posting them here. If you would like to republish one of
the articles from this site on your webpage or print journal please e-mail me. Enjoy
the site and write us if you have any good ideas for articles or links.
Adrian
News/Change Log:
12/18/2009
SANS 504 Class in Bowling Green KY Chris Sanders wrote to let me know
SANS will be putting on a "Hacker Techniques, Exploits & Incident Handling"
class in my neck of the woods. Figured I'd let the local folks know.
IndySec Metasploit Class Videos
When Steve invited me up to
Indianapolis to help with a Metasploit class I jumped at the opportunity.
We had a good time and IndySec puts
on a great event. They let me record the talks, unfortunately I was testing out
a new video rig and the audio failed on the first three parts (Intro/Welcome,
Network Setup, Getting started with Metasploit). The rig worked great for the
Social Engineering,
Meterpreter and
SQL Pwnage/Fast Track sections.
My presentation was just a rehash of the video I put up last week on
msfpayload/msfencoder/metasploit 3.3 so I decided not to post it on this
page.
If you find these videos useful,
consider going to the
Metasploit Unleashed page and donating to the Hackers For Charity Kenya food
for work program, or come to the
next IndySec event. For best viewing,
I recommend downloading the MP4 files below.
12/04/2009
Using msfpayload and msfencode from Metasploit 3.3 to bypass anti-virus
This subject has been covered before, but why not once more? Metasploit 3.3 adds
some new options, and better Windows support. As stated in the title, this video
will cover using msfpayload and msfencode from Metasploit 3.3 to bypass
anti-virus. I will also talk a little about using CWSandbox and VirusTotal to
examine malware. If you find this video useful, consider going to the
Metasploit Unleashed page and donating to the Hackers For Charity Kenya food
for work program, or come to the
IndySec charity event. By the way, I've put out two versions of this video,
one an SWF and the other a streaming video. Please let me know which you prefer.
12/01/2009
Using FOCA to collect Metadata about an organization
Applications can add all sorts of data into the documents they create or edit.
DOC, PDF, XLS and other file types can contain all sorts of extra data, like
usernames, network paths, printers and application version numbers. This sort of
information is great for doing initial research about an organization before
doing a pen-test. This video with cover using FOCA, pointing it at a domain
name, and grabbing metadata from doc, ppt, pps, xls, docx, pptx, ppsx, xlsx, sxw,
sxc, sxi, odt, ods, odg, odp, pdf and wpd files.
11/30/2009
IndySec Metasploit Unleashed Charity Event
For those in the Indiana area, the IndySec group in Indianapolis is having a
Metasploit Unleashed Charity Event. Details can be found at:
Here are the core details:
When: December 12th from 1:00 PM to 5:00 PM
How much: $30.00 all donated to
Hackers for Charity
food program
Where: BlueLock, 6325 Morenci Trail, Indianapolis, IN
What to bring: A laptop with Backtrack or the MSF installed.
Baby Bubba Zombie Children's Book
It's Thanksgiving time again, and that means zombies, at least to me. My
zombiefest tradition started sometime around 2000. There’s just something
about a family sitting around a table, eviscerating a turkey and then
stumbling around in a tryptophan induced stupor that makes me think of the
walking dead. For those that don't know me in person, and can't be at the
fest, I thought I would share some zombie goodness with you. First, there is
the
Zombie children's book
Pascalle and I created. I made a narrated video of it that I hope you
will enjoy. Also, there is the
WinZombies application. It's like XPenguins/WinPenguins, except instead
of arctic fowls it creates little undead minions that walk around your
desktop.
Now, on to security related happenings. A few weeks ago I posted my video on
Building a Hacklab. The guys over at
Pauldotcom did a tech section about the same topic in episode 176, so go
check it out. They point out Exploit-db
as a replacement for Milw0rm. I'd also like to point out that
VMPlayer now lets you
create VMs without having to use 3rd party applications. I said in the
presentation that it didn't, but the newly released version supports this
functionality.
And finally, while you are enjoying your turkey, go check out
http://www.social-engineer.org
. I'm reading through their framework right now, and am enjoying it quite a
lot.
Our next meeting will be Friday, November 6th from 11:30 AM to 1:00 PM at
IPI. As always, we will have free lunch, raffle prizes, and CPE credits! We
continue to execute our primary mission at each function - to continue
learning, network with other Security Professionals, and have FUN!
Please RSVP no later than Tuesday, November 3rd - 5 PM to programs -at-
issa-kentuckiana.org.
The topic is "Setting up a "hack lab" for learning security concepts."
Adrian Crenshaw - Irongeek.com
Our speaker is Adrian Crenshaw, the geek behind Irongeek.com and the guy who
set up and ran our very successful Capture the Flag event at the Louisville
Metro InfoSec Conference!
Adrian will show how to set up tools and systems to best test and learn
security techniques. This knowledge is vital for any Information Security
professional who wants to stay on top of the latest risks.
10/26/2009
Getting started with the I2P Darknet
I2P (originally standing for Invisible Internet Project) can be seen as a
networking layer sitting on top of IP that uses cryptography to keep messages
confidential, and multiple peer to peer network tunnels for anonymity and
plausible deniability. While Tor is focused more for hiding your identity while
surfing the public Internet, I2P is geared more toward networking multiple I2P
users together. While you can surf to the public Internet using one of the I2P
out proxies, it's meant more for hiding the identity of the providers of
services (for example eepSites), sort of like Tor's concept of Hidden Services,
but much faster. Another advantage I2P has is NetDB, a distributed way to let
peers know about each other once initial seeding has occurred. Tor on the other
hand uses it's own directory to identify servers, which in theory could be more
easily blocked. Both networks have their advantages and trade offs. This video
won't cover the details of I2P's peering or encryption systems, and may seem
kind of rambling, but it should be enough to get you up and running on the
darknet.
Please note, this video came out way larger than I
intended.
It's that time of the year again, and that means it's time for my favorite
con: Phreaknic!!! This year I will be presenting a hopefully more refined
version of my
Darknets talk. Check out their site for
more speakers.
Some of the other speakers include Acidus (Billy Hoffman), Morgellon, Droops,
Tyler "Trip" Pitchford, Esq., Scott Moulton, DOSMan and SlimJim. Skydog has
posted some videos about the conference on the front page of
Phreaknic.info, like this one:
but if you want to get a better feel for what the conference is
like, check out my documentary video from the
Phreaknic 12 hacker con.
10/12/2009
How to Cyberstalk Potential Employers Article Updated
I've added some sections at the end with useful links, tools and further
research. I also fixed some minor typos. If you have any ideas for additions
please email me.
10/11/2009
Louisville InfoSec CTF 2009
This video summarizes one possible way contestants could have completed the
Capture The Flag event at the 2009
Louisville Infosec. Tools and concepts used in the video include: Backtrack
4, Kismet Newcore, Nmap, Metasploit, Meterpreter, Firefox, SQL Injection, Cain,
Truecrypt and 7zip.
The winning team was comprised of Rel1k (Dave Kennedy),
Pure-Hate, Archangel, and Titan. Yes, Dave did compromise my personal laptop
during the event, teaches me for not mitigating 0 days before the conference. :)
When Archangel told me he was bringing Dave in for his team, I knew which way
thing were going to go down. Rel1k and Purehate are Backtrack 4 developers, and
Archangel and Titan are no slouches either. Congrats guys.
File Carving and File Recovery with DiskDigger
DiskDigger is a tool that allows you to recover deleted files off of a FAT or
NTFS drive. It has two modes of operation: In the first it merely looks in the
FAT/MFT to find files marked as deleted, in much the same way that the tool
called Restoration does. In the 2nd mode it does a file carve down the drive
looking at the raw bits and finding the know headers and footers of various file
types, much like PhotoRec. While PhotoRec seems a little more powerful,
DiskDigger is easier to use and its preview functionality is quite nice. This
video will cover the basics of recovering deleted files with DiskDigger.
09/27/2009
Pin-hole Spy Video Camera Disguised as a Pen
I thought some of you might find this an interesting gadget, so I decide to
review it. It might be useful for reconnaissance before a pen-test, or as a
covert place to store files.
09/25/2009
Phreaknic needs speakers
As many of you know, I'm a regular at the Phreaknic conference in Nashville
Tennessee. It's an awesome hacker con, my personal favorite. It's happening Oct
30rd through Nov 1st. They still have some speaker slots open, so please, if you
have an interesting topic email
phreaknic13@gmail.com and toss your name in the pot to be a speaker. More
information about the conference can be found at
http://www.phreaknic.info/
I worked on formatting and added entries for "Temp folder
for Outlook attachments", "Flash Cookies Location" and "Printer spool folder". I
also added a menu so you can quickly find the entry you are looking for:
Capture The Flag At Louisville
Infosec Conference Details
As many of you know, I've been busy setting up a hacker war game for the
Louisville Infosec conference on
Oct 8th. The Louisville Infosec website has information about the
CTF event on their site, which should be updated shortly. If you would like
to compete please email the
Conference Chair. If you use the code "irongeek" you get $20 off the
admission fee for the conference. I believe the time frame is 9am to 3:30pm, but
the position of the event should allow you to watch the keynotes, eat the
included lunch and still, compete.
What are the prizes?
First prize is a Wi-Spy 2.4x Wireless Scanner!
The second prize is a WD 320GB USB Hard Drive
Third Prize is a Pico Mini USB 4GB (small enough to carry in your wallet)
Scenario (subject to some change):
The admins try to run their network as a tight ship, but you have been brought
in to do a pentest. You know the admins have a Truecrypt volume out there with
Personally Identifiable Information (PII). Your goal is to find it, and decrypt
its contents till you get a list of names and Social Security Numbers. Little
hints will be given via a comment wall on one of the web servers. To win points
bring proof to the judge that the particular flag task has be completed.These
are the "flags", and their point values:
0. Attach to the Wireless network (hint:CTF is in the name) and show the judge
how you got the SSID. 15 points
(Name will be given if you can't find it, but you won't be able to get points
for it.)
1. Find the IP of the of the Windows box named WinCTF owned by IronGCorp, and
list 3 or more open ports. 5 points
2. Find the IP of the x86 based Linux box ran by IronGCorp, and list 3 or more
open ports. 5 points
3. What box are the admins running their Intranet site on, and what is the web
server type/version? 5 point
4. What is the Windows box's (WinCTF) Administrator password? 10 points
5. What is the x86 Linux box's Root password? 5 points
6. Copy PII.tc (a true crypt volume) to your box. 10 points
7. Password to the PII.tc file. 10 points
8. Password to a non x86 based Linux box. 10 points
9. Password to a 7zip archive. 10 points
10 The decrypted PII.csv file. 25 points
Highest point score at the end of the game wins. If two contestants have the
same points at the end of the game, the first to accumulate their point total
wins. Obviously, if you play as part of a team you have to figure out amongst
yourselves how to split the prize. The winner will get up on stage and explain
what he did when he picks up his prize.
09/03/2009
Mutillidae Venerable Web App Updated
I found out that my little teaching app stopped working with new versions of
XAMPP. It seems I have to use <?php to start my PHP tags, using just <? no
longer worked. I've updated Mutillidae to 1.3 and made it work again.
09/01/2009
WiGLE WiFi Database to Google Earth Client for Wardrive Mapping Tool Updated
I've uploaded version 0.80 of my wardrive mapping app IGiGLE.I had to
fix some things since Wigle.net added a field to their output, throwing off all
of my code. I've also added information to each entry regarding its network
type, either infrastructure or ad-hoc.
08/24/2009
Anti-Forensics: Occult Computing Class
This is a class I gave for the
Kentuckiana ISSA on the the subject of Anti-forensics. It's about 3 hours
long, and sort of meandering, but I hope you find it handy. For the record,
Podge was operating the camera :) Apparently it was not on me during the opening
joke, but so be it, no one seemed to get it. I spend way to much time on the
Internet it seems. Also, I'm in need of finding video host to take these large
files. This class video is 3 hours, 7 min and 1.2GB as captured.
Side Note: I
still have about 7 free passes to the
Louisville InfoSec to give away. If you want a
free pass, just email me at irongeek at irongeek.com and agree to be in the CTF
event. If you don't want to be in the CTF, you could instead use the code "irongeek" when you register
and you will get $20 off the cost ($79 instead of $99).
Security and Forensics
Podcasts Irongeek Listens To
I got tired of going to a bunch of different sites to see if my favorite hacking
podcasts had a new episode out, so I made a site that puts them all together on
one page in chronological order. Let the XSS via RSS commence!
Details: This class will teach the basics of Anti-forensics, how people hide
data and events on their computer for both legitimate and illegitimate reasons.
We will cover data carving, disk wiping, encryption, steganography , timestamps,
clearing logs and other ways people may attempt to cover their digital tracks.
The subject matter should be of interest to many groups, it's "Not about just
hiding your stash from the Fuzz…". Some of the groups that may be interested
include:
Companies that want to know how to clear boxes before donating them
Law/policy enforcement agents who want to know how folks hide computer
activities
Users who want to know how to hide their activities from invasive law/policy
enforcement
Things to bring if you want to be hands on, but not absolutely required:
1. A Windows XP/Vista/7 laptop. Having an extra laptop to wipe may also be
educationa.
2. An external drive/thumb drive you don't mind wiping.
3. Some software I'll be emailing a link to a few days before the class.
4. Energy drinks for the teacher.
As always, the class is free, even to non ISSA members. Please reserve a spot by
RSVPing to programs -at- issa-kentuckiana.org.
08/09/2009
Louisville InfoSec:Free passes,
discounts and the CTF
As many of you know, I attend the local Louisville Infosec conference. This year
they have offered me some promotional stuff for the conference. If you use the
code "irongeek" when you register
you will get $20 off the cost. Also, they have given me 10 free passes to give
out, but here are my conditions: 1. You must participate in are CTF event. 2. I
want you to do a write up about the conference after you attend. If you want a
free pass, just email me at irongeek at irongeek.com. For those that want more
information about the con, check out the
Louisville InfoSec website. Here are some of our speakers this year:
John
Strand
Paul Asadoorian
Scott Moulton
Alex Lanstein
Adrian Crenshaw
Dr. Eugene Schultz
John Pavone
Rick Taylor
Brian Long
John Maynor
Lee Kushner
Jason Wessel
Mark Maxey
DD-WRT
v24-sp1: CSRF Example (Bugtraq ID: 35742 )
I was interested in giving a real world example of using a CSRF attack, similar
to the ones I mentioned in my
OWASP
Top 5 video, and maybe use it against a piece of internal equipment that is
behind a NAT box. Then I heard about
the
Carlos Perez write-up on using Metasploit against a vulnerability in the DD-WRT
v24-sp1 firmware. I thought this would be a great way to demo the concept of
using CSRF/XSS against hardware behind a NAT, especially since I've done a
video on installing DD-WRT before.
07/25/2009
Phreaknic 12 Videos Posted
After much encoding work, I've got all of the talks from Phreaknic 2008 up. I've
posted some of the more security related videos in my RSS feed over the past
day, but if you follow the link there's video of the other talks as well. Hope
to see some of you at Phreaknic 2009,
and if you see me at Defcon hit me up for some stickers.
Nathan Hamiel /Shawn Moyer - Satan is on my Friends List: Attacking Social
Networks
Social Networking is shaping up to be the perfect storm... An implicit trust of
those in one's network or social circle, a willingness to share information,
little or no validation of identity, the ability to run arbitrary code (in the
case of user-created apps) with minimal review, and a tag soup of client-side
user-generated HTML (Hello? MySpace? 1998 called. It wants its markup vulns
back). Yikes. But enough about pwning the kid from homeroom who copied your calc
homework. With the rise of business social networking sites, there are now
thousands of public profiles with real names and titles of people working for
major banks, the defense and aerospace industry, federal agencies, the US
Senate... A target-rich and trusting environment for custom-tailored,
laser-focused attacks. Our talk will show the results of a series of public
experiments aimed at pointing out the security and privacy ramifications of
everyone's increasingly open, increasingly connected online personae and the
interesting new attack vectors they've created.
Darren Kitchen - Lessons Learned in Hacker Media
From e-zine to podcast the world of hacking has been filled with media of all
sorts. In this talk I will speak about my experiences and lessons learned in
"new media". In particular how they relate to underground culture and our social
responsibility to the next generation of security enthusiasts.
07/24/2009
Daniel Hooper - An Introduction to Software Defined Radio by Cowboy Dan
Software Defined Radio (SDR) is the latest (and possibly last) iteration of
radio communication technology. Traditional radio technology is very
hardware-oriented, and somewhat inaccessible to the software-hacking community.
NO LONGER! With a fixed piece of hardware such as the Universal Software Radio
Peripheral (USRP), we can emulate many different kinds of traditional hardware,
from CW Morse-code type transmissions, all the way up to digital QAM, HDTV, and
beyond. This presentation will demonstrate how to get set up with GNU Radio and
the USRP hardware. We will perform a few simple tasks such as receiving radio
and TV. The goal is to get most people in the audience comfortable with the
setup process so that they can start experimenting.
07/24/2009
SkyDog & Crew - Starting your own Hackerspace (Panel Talk)
Got a bunch of hacker/maker friends and wanna do some projects? Start a
hackerspace! We'll take you on an adventure as we look back over the last year
and reflect on the progress we have made getting our hackerspace started, and
share some pitfalls and triumphs along the way. Skydog will be joined by
Seeblind, the VP of the HC, Mudflap, the Secretary, and Someninjamaster, a
devoted, hardworking member.
07/24/2009
Irongeek - Hardware Keyloggers: Use, Review, and Stealth (Phreaknic 12)
This talk will cover hardware keyloggers and their use. About six will be
presented in person for folks to try hands on, with a few others referenced in
the slide show (mini-pci ones for example) . I'll cover the advantages and
disadvantages of the current crop on the market and how they work. Also covered
will be possible ways to detect hardware keyloggers via physical inspection an
software.
07/24/2009
TRiP - Discussion of the legality of wardriving (Phreaknic 12)
This talk is to provide a "current" legal status of wardriving throughout the
US. The talk will include an overview of wardriving and it's history (wardialing),
the statues regulating all 50 states and how courts have interrupted such
statutes, recent arrests for wardriving/related activities, and a brief overview
of the international statues.
07/24/2009
Scott Moulton - At Least TEN things you didn't know about your hard drive!
(Phreaknic 12)
This speech comprises at least 10 things that are 2+2=5 type situations people
do not realize about hard drives. For Example, Data is written in Cylinders on
hard drives, all partitions are created on Cylinder Boundaries and that leaves
an offset from the end of one partition to the next which leaves a gap between
partitions that is unusable or free space at the end of the disk. In addition to
that, the point would be, since the outer edge of a drive starting at Track 0 is
the fastest location on the drive, and the first partition is created on a
cylinder boundary at the outside edge, then each and every partition you create
on the disk has to be at a cylinder boundary into the disk. This means the
second partition is on a slower part of the drive than the first. So for Mac
Users that create a 32 gig Fat32 partition on their drive (actually the 6th/7th
partition on the drive) is 32 gigs from the end of the drive on a Cylinder
boundary and they just installed Windows on the slowest part of the drive. No it
will not be animated!
07/24/2009
Scott Milliken/Erin Shelton - Beer Hacking - Real World Examples (Phreaknic 12)
You build your own computers from the bare parts. You'd die before paying
someone else to actually write a basic HTML page for you. So why is it that you
pay up to 10x the actual cost of making beer for something of lesser quality?
This presentation will cover the various methods of making your own alcoholic
beverages (beer, cider, wine), including the equipment required and approximate
setup costs for each. Even if your skill in the kitchen is limited to the
microwave, there is a method of brewing that will work for you. Some
experimentation tricks will also be covered so that you can literally hack your
beer to create a new flavor. Samples of various batches made by the presenters
will be available during the presentation, assuming they haven't already drunk
all of it.
07/24/2009
Bruce Potter - Three Cool Security Technologies You've Never Heard Of (Phreaknic
12)
This talk will introduce you to 3 cool security technologies that you've
probably never been exposed to. There is still innovation going on, and much of
the most useful tech isn't getting press time. So I'm going to try and rekindle
some of that love you've lost over the years by giving you the 20 minute
low-down on each one. Go get some wine, light the candles, sit back, and enjoy
security again. What are the 3 technologies? Well, you'll just have to attend
the talk to find out.
Ncat
Tutorial: A modern Netcat from the Nmap team
For those not in the know, Netcat is a utility who's goal is to be like the Unix
cat command, but for network connections. It has been referred to as
a "Swiss-army knife for TCP/IP" for good reason, since it can do so many things.
This is the biggest Flash tutorial I've done in awhile at 41.2MB, so I plan to
relax some. See you at Defcon.
07/18/2009
Compiling
Nmap form source on Ubuntu
Along the way to making a video on Ncat I needed to compile Nmap 5 from source,
so I figured I might as well do a video on that as well. There are many reasons
why you might want to compile Nmap from source instead of just using the package
manager, so enjoy.
07/17/2009
Windows 7: Copy A Modified User Profile Over The Default Profile
While this is not directly security related, it should be helpful to those who
are testing Windows 7. I'm posting it to help those who are searching the
Internet for details on copying user profiles in Windows 7.
07/16/2009
NDiff:
Comparing two Nmap 5 scans to find changes in your network
Fyodor gave me a heads up that Nmap 5 was coming out, so I figured I'd do a
couple of videos on useful new features that come with Nmap 5 and later. For a
better understanding of Nmap in general, check out my older videos which I will
link to after the presentation. In this video I will cover the basics of using
NDiff to compare two seperate Nmap scans. This is really useful for change
management, where you want to know what new devices have appeared on your
network or about ones that have disappeared for some reason. You could easily
schedule Nmap to run on your network weekly, and then compare the differences
with NDiff to see what has changed.
As a side note, looks like I'm going to
Defcon. Thanks to Haxorthematrix,
Sereyna, Minoad, Mr. Bradshaw, George and anyone else who donated to my
Paypal so I could go.
07/11/2009
Exotic Liability Episode 25: Irongeek
sits inNDiff:
Comparing two Nmap 5 scans to find changes in your network
Fyodor gave me a heads up that Nmap 5 was coming out, so I figured I'd do a
couple of videos on useful new features that come with Nmap 5 and later. For a
better understanding of Nmap in general, check out my older videos which I will
link to after the presentation. In this video I will cover the basics of using
NDiff to compare two seperate Nmap scans. This is really useful for change
management, where you want to know what new devices have appeared on your
network or about ones that have disappeared for some reason. You could easily
schedule Nmap to run on your network weekly, and then compare the differences
with NDiff to see what has changed.
I came in as a guest of the Exotic Liability podcast, episode 25. I've not
listened to it yet, hope I came off ok. Some of the things we discussed include:
Incident response switchblade, Tiger Team: The Whole Story, Our neighborhood
memories, Kon-boot, Cool tools for data collection, P/W cracker speed test
challenge, Look at my thumb, Olympic games, Louisville Info Sec Conference,
Anti-forensics and Legalities. Thanks for having me on.
As a sidenote, I may
be going to Defcon after all but nothing is confirmed yet. I'll need to find
someone's floor to crash on Wednesday night as I think I'll be arriving a day
before the person I'm staying with the rest of the con.
07/09/2009
Incident Response U3 Switchblade From TCSTool
In Russell's own words: "The U3 incident response switchblade is a tool designed
to gather forensic data from a machine in an automated, self-contained fashion
without user intervention for use in an investigation. The switchblade is
designed to be very modular, allowing the investigator/IR team to add their own
tools and modify the evidence collection process quickly." This video shows you
how to setup u3ir, and modify it.
PHPIDS Install Notes and Test Page
I've been playing around with PHPIDS and have posted my notes on installing it
as well as details on the kinds of attacks by web site gets. Interesting, I get
a lot of attacks, mostly RFI.
As a side note, GFI was kind enough to sponsor
my site for two months, show our appreciation by trying out some of their
log and vulnerability
scanning software.
OWASP
Top 5 and Mutillidae: Intro to common web vulnerabilities like Cross Site
Scripting (XSS), SQL/Command Injection Flaws, Malicious File Execution/RFI,
Insecure Direct Object Reference and Cross Site Request Forgery (CSRF/XSRF)
This is a recording of the presentation I gave to the Louisville Chapter of
OWASP about the Mutillidae project. A while back I wanted to start covering more
web application pen-testing tools and concepts in some of my videos and live
classes. Of course, I needed vulnerable web apps to illustrate common web
security problems. I like the WebGoat project, but sometimes it's a little hard
to figure out exactly what they want you to do to exploit a given web
application, and it's written in J2EE (not a layman friendly language). In an
attempt to have something simple to use as a demo in my videos and in class, I
started the Mutillidae project. This is a video covering the first 5 of the
OWASP Top 10.
06/12/2009
Louisville Infosec Conference Looking
For Sponsors/Speakers
As many of you know, I'm involved with the local ISSA group here in the
Louisville area. They are looking for sponsors for the upcoming Louisville
Infosec conference (Thursday, October 8, 2009 at Churchill Downs). We had about
250 attendees last year, so it could be a good spot for advertising your company
via a booth. One of our keynotes this year is Johnny Long. John Strand and
Eugene Schultz should also be presenting. If you are interested in being a
sponsor email marketing (at) issa-kentuckiana.org and let them know Adrian sent
you. We also may have a few speaker slots open for the breakout sessions,
contact chair (at) louisvilleinfosec.com if you have a proposal. For more
information, check out the Louisville
Infosec Conference site.
06/10/2009
Speaking at the OWASP
Louisville meeting, June 19th 2009
Hi all, the local OWASP chapter has asked me to speak about the
Mutillidae project. While I'd like to cover all of the OWASP Top 10 that it
implements, I think there will only be time for the top 5. The description as
posted on their site follows:
The second OWASP meeting will feature a presentation from Adrian Crenshaw
of Irongeek. Adrian is a Louisville based Security professional that has
worked in the IT industry for the last twelve years.
Adrian runs the information security website Irongeek.com, which specializes
in videos and articles that illustrate how to use various pen-testing and
security tools. He's currently working on an MBA, but is interested in
getting a network security/research/teaching job in academia. Please see the
description from Adrian on his presentation on the 19th.
Title: Mutillidae: Using a deliberately vulnerable set of PHP scripts to
illustrate the OWASP Top 10 Description: A while back I wanted to start
covering more web application pen-testing tools and concepts in some of my
videos and live classes. Of course, I needed vulnerable web apps to
illustrate common web security problems. I like the WebGoat project, but
sometimes it's a little hard to figure out exactly what they want you to do
to exploit a given web application, and it's written in J2EE (not a layman
friendly language). In an attempt to have something simple to use as a demo
in my videos and in class, I started the Mutillidae project.
Mutillidae is a deliberately vulnerable set of PHP scripts meant to
illustrate the OWASP Top 10. This talk will cover installing Mutillidae in a
test environment, and how to use it to illustrate the OWASP Top 10 web
vulnerabilities in easy to understand terms.
Our meeting location will be at Memorial Auditorium, located at 970 S. 4th
Street (Corner of 4th Street and Kentucky Street).
This tool is for prevention.
ARPFreeze lets you setup static ARP tables so that attackers (using
Cain, Ettercap, Arpspoof or some other tool) can't pull off an ARP poisoning
attack against you.
06/03/2009
XSS, Command and SQL Injection vectors: Beyond the Form
We are all familiar with XSS via a form field in a web application, but what
about other vectors? The article talks about using User Agent strings, even
logs, object properties and other odd alternative vectors for XSS, SQL and
command injection. What other vectors can you think of?
06/02/2009
Another book for the list
Looks like my site has been mentioned in another book, Security+ Guide to
Network Security Fundamentals by Mark Ciampa. Thanks Mark.
802.11 Wireless Security Class for the Louisville ISSA Part 1
Originally, this was going to be one 4hr class, but Jeff had something come up
so he could not cover WEP/WPA cracking, and my section took so long that Brian
never got a chance to present his material on DD-WRT. I'm hoping to get them
back to do a part 2 of this video. In this section I cover the basics of WiFi,
good chipsets, open file shares, monitor mode, war driving tools, testing
injection, deauth attacks and the evil twin attack. Some of this comes out as
kind of a stream of consciousness, but hopefully you can find some useful
nuggets from my brain dump of what I've learned about 802.11a/b/g/n hacking. As
far as classes goes this is the mostly complicated one I've set up, and for a
wireless class Brian and I had to run a lot of wires. :)
RSS