In other news, Jessica Miller from No Starch Press wanted me to announce this:

"We've just released the free PDF of bunnie's "Hacking the Xbox" in Aaron Swartz's honor, with links to support the causes Aaron believed in. I thought you might be interested in seeing bunnie's note and helping to spread the word -
http://nostarch.com/xboxfree "

I did not know Aaron, but as a person who has be screwed by an uncaring cover-ass bureaucracy before, I can sympathize.

“Thin Slicing a Black Swan: A Search for the Unknowns” by Michele “@mrsyiswhy” Chubirka & Ronald Reck
“When Did the Smartphone Pentest Framework Get Awesome?” by by Georgia “@georgiaweidman” Weidman
“ShellSquid: Distributed Shells With Node” by Tom Steele
“If You Can Open The Terminal, You Can Capture The Flag: CTF for Everyone” by Nicolle “@rogueclown” Neulist
“Becoming a Time Lord – Implications of Attacking Time Sources” Joe “@joeklein” Klein
“Swinging Security Style: An Immodest Proposal” by Wendy “@451wendy” Nather
“Drones: Augmenting your cyber attack tool bag with aerial weapon systems” by Zac “@ph3n0” Hinkel
“Managed Service Providers: Pwn One and Done” Damian “@integrisec” Profancik
“No Tools? No Problem! Building a PowerShell Botnet” Christopher “@obscuresec” Campbell
“Extending the 20 Critical Security Controls to Gap Assessments and Security Maturity Modelling” John “@pinfosec” Willis
“Protecting Big Data From Cyber APT in the Cloud” Bill “@oncee” Gardner
“Writing a Thumbdrive for Active Disk Antiforensics” Travis “@travisgoodspeed” Goodspeed

On the non-info-sec related front, you know I like to use my backlinks to get things in search results as sort of a bully pulpit. It's my understanding that IU Southeast Chancellor Sandra R. Patterson-Randles is searching for a new job because of some IU policy about mandatory retirement. Ask around the faculty/staff at IUS about her (off the record of course) before you make a hiring decision. Personally, I'd want someone who cares more about the espoused values of the organization, and less about appearances only. Then again, maybe she has the skill set you are looking for, but a parrot with good grammar would seem to be a much cheaper solution in that case.

Another video from Jeremy Druin.

Mutillidae: Using ettercap and sslstrip to capture login
This video by webpwnized (@webpwnized) reviews how to intercept web communications using ettercap and intercept web traffic that is supposed to be protected with SSL using SSLStrip.

Mutillidae SQL Injection via AJAX request with JSON response
This video by webpwnized (@webpwnized) covers pen-testing an SQL Injection vulnerability that occurs in an AJAX request made in the background. The response from the server is JSON. Since AJAX requests and regular request work the same way (since they both follow the rules of the HTTP protocol), the AJAX request can be pen-tested using the same tools and tecniques used with the more traditional requests. The SQL Injection flaw is first discovered then used to pull a list of the tables in the database along with the columns for the target table. Once the target is identified, the defect is used to pull a list of the username and password fields.

Introduction to buffer overflows from ISSA KY workshop 6
This recording is from the Kentucky ISSA Workshop #6 from the November 2012 meeting. In part 5, using Metasploit was covered. In this workshop, buffer overflow vulnerabilities were examined more closely to see how Metasploit exploits might be written. A custom program is written with a known buffer overflow and compiled without the stack canaries or non-executable stack. Also ASLR is disabled on the Ubuntu 12.04 testing host. The program is fuzzed to determine an overflow exists and decompiled with GDB to look at the program logic more closely. Python scripts are used to generate exploits that get closer to over-writing the return pointer with a user supplied value. Once the buffer overflow is identified and the size of the buffer found, the exploit development begins. A custom exploit is developed to inject shellcode into the buffer, determine a reasonable memory address in which to jump, and a root shell gained.

Where We're Going We Don't Need Keys - sp0rus

The Effects of Online Gaming Addiction - Gregory C. Mabry

Android Best Practices and Side Projects - Michael Walker

Starting up a Crypto Party - Peace

Build Free Hardware in Geda - Matthew O'Gorman, Tim Heath

IP Law: Myths and Facts - Rick Sanders

The Safety Dance: Wardriving the 4.9GHz Public Safety Band - Robert Portvliet, Brad Antoniewicz

The Power of Names: How We Define Technology, and How Technology Defines Us - Aestetix

DNS Sec Today - Thomas Clements

Why I am pessimistic about the future - Tom Cross

Welcome to PhreakNIC - Warren Eckstein

Magnets, How Do They Work? - Michael Snyder

Own the Network – Own the Data - Paul Coggin

Something about middleware - Douglas Schmidt

Homebrew Roundtable - Scott Milliken, Erin Shelton

Repurposing Technology - Kim Smith & Kim Lilley

Hiring the Unhireable: Solving the Cyber Security Hiring Crisis From DHS to Wall Street - Winn Schwartau

Network King Of The Hill (NetKotH): A hacker wargame for organizers who are lazy bastards - Adrian Crenshaw

Valerie Thomas: Appearance Hacking 101 - The Art of Everyday Camouflage

Tim Tomes "LanMaSteR53": Next Generation Web Reconnaissance

Thomas Hoffecker: Hack Your Way into a DoD Security Clearance

John Seely CounterSploit MSF as a defense platform

Chris Murrey "f8lerror" & Jake Garlie "jagar": Easy Passwords = Easy Break-Ins

Tyler Wrightson: The Art and Science of Hacking Any Target

Thomas Richards: Android in the Healthcare Workplace

Spencer McIntyre: How I Learned to Stop Worrying and Love the Smart Meter

Shawn Merdinger: Medical Device Security

Rockie Brockway: Business Ramifications of Internet's Unclean Conflicts

Nathan Magniez: Alice in Exploit Redirection Land

Magen Hughes: Are you HIPAA to the Jive

Justin Brown & Frank Hackett: Breaking into Security

Josh Thomas: Off Grid Communications with Android

Jennifer "savagejen" Savage & Daniel "unicorn Furnance": The Patsy Proxy

Jason Pubal: SQL Injection 101

James Siegel: Nice to Meet You

Brett Cunningham: Beyond Strings - Memory Analysis During Incident Response

Gus Fritschie & Nazia Khan: Hacked Hollywood

Evan Anderson: Active Directory Reconnaissance - Attacks and Post-Exploitation

David Young: ISO8583 or Pentesting with Abnormal Targets

David Cowen: Running a Successful Red Team

Damian Profancik: Managed Service Providers - Pwn One and Done

Ben Toews & Scott Behrens: Rapid Blind SQL Injection Exploitation with BBQSQL

Andy Cooper: Why Integgroll Sucks at Python..And You Can Too

SkyDogCon 2012 Videos
Here are the videos from SkyDogCon. Thanks to all of the SkyDogCon crew, especially SeeBlind and others for running the cameras.

Opening Remarks-Trevor Hearn-Skydog

Rious and Sachin - "Hack the Badge"
 
GCS8 and Ginsu - Physical Security; Make sure your building is "Butter Knife Proof"...

Marcus Carey - Security Myths Exposed
 
SpikyGeek - Dealing with difficult co-workers: How I became the "Thanks for the candy" guy
 
Peter Shaw - Pivot2Pcap: a new approach to optimzing cybersecurity operations by tightly coupling the big-picture view provided by Netflow with the in-depth resolving power of PCAP.
 
Carter Smith - Gangs and the use of Technology
 
G. Mark Hardy - Hacking as an Act of War
 
Jeff Brown - RE, CND and Geopolitics, Oh My!

Curtis Koenig - Insanely Great!

Lee Baird - Setting up BackTrack and automating various tasks with bash scripts

Bob Weiss & Benjamin Gatti - Cryptanalysis of the Enigma

Dr. Noah Schiffman - Bioveillance: The Surreptitious Analysis of Physiological and Behavioral Data

Martin Bos & Eric Milam - Advanced Phishing Tactics Beyond User Awareness

Sonny Mounicou - Build a UAV!

Alex Kirk - Lifecycle and Detection of an Exploit Kit

Chris Silvers - Go With the Flow: Strategies for successful social engineering

Scott Moulton - Hack your Credit Score; How the System is Flawed

David Wyde - User-Readable Data and Multiple Personality Disorder

Closing of Conference

Index:
Keynote Jack Daniel InfoSec Stress & Community
Nathan Heald - No Keys, No Worries Lock Picking
Jeremy Druin - NOWASP Mutillidae 2.2 A web pen-testing environment for secure development
Curtis Koenig - Grey Hats and Bug Bounties
Deral Heiland - From Printer to Pwnd Leveraging multifunction printers during penetration testing
James Jardine - Ninja Developers App Sec Testing and SDLC
Joshua Bartley - Data Hiding In Your Application
Keynote Michael Peters The Security TrifectaT - Isolation vs. Collaboration

In this batch we have:

Matt Weeks: Ambush- Catching Intruders at Any Point
Joshua Marpet: separating security intelligence from security FUD
Steve Werby: Building dictionaries and destroying hashes w/amazon EC2
Raphael Mudge: Dirty Red Team Tricks II
David Schuetz (Darth Null) – Slow down cowpoke – When enthusiasm outpaces common sense
Nicolle Neulist: Write your own tools with Python
David McGuire: Maturing the Pen Testing Professional
Matt Presson: Building a database security program
Chris Jenks: Intro to Linux system hardening
Eric Milam: Becoming Mallory
Patrick Tatro: Why isn't everyone pulling security- this is combat
Jason Frisvold: Taming Skynet-using the cloud to automate baseline scanning
JP Dunning & Chris Silvers: Wielding Katana- A live security suite
Mick Douglas – Sprinkler: IR
Matthew Perry: Current trends in computer law
Leonard Isham: SE me – SE you
CLOSING CEREMONY

See you next year, or at Hack3rcon, Skydogcon or Phreaknic.

In this batch we have:

Michael Schearer – Flex your right constituion and political activism in the hacker community
Eric Smith – Penetration testing from a Hot Tub Time Machine
Chris Nickerson (ind303) – Tactical Surveillance: Look at me now!
Jamie Murdock – How to create a one man SOC
Branden Miller / Bill Gardner – Building an Awareness and training program
Dan Crowley / Chris Vinecombe – Vulnerability Spidey Sense
Nathaniel Husted –  Everything you always wanted to know about Security Academia (But were too afraid too ask)
Bill Sempf – What locksport can teach us about security
JP Dunning (.ronin) - The Glitch: Hardware With Hacking Made Easy
Christopher Domas – The future of RE: Dynamic Binary Visulization
Tom Eston / Kevin Johnson – Social Zombies: Rise of the Mobile Dead
KC. Yerrid / Matt Jezorek / Boris Sverdlik (JadedSecurity)- It's not your perimenter. It's you
Deral Heiland -Format String Vulnerabilities 101
Jack Daniel – How Screwed Are We?
Kellep Charles: Security Vulnerablity Assessments. – Process and best practices
John Woods – So you got yourself an infosec manager job. Now what?
K.C. Holland (DevAuto) - Personal Darknet or How to get pr0n @ work
Tony DeLaGrange / Jason Wood:SH5ARK ATTACK- taking a byte out of HTML5!
Matthew Sullivan: Cookie Cadger – taking cookie hijacking to a new level
Stephen Haywood (AverageSecurityGuy) - Introduction to Metasploit Post Exploitation Modules
Noah Beddome: The devils in the Details-A look at bad SE and how to do better
Jay James & Shane MacDougall: Usine McAfee secure/trustguard as attack tools
Roamer and Deviant Ollam - Welcome to NinjaTel, press 2 to activate your device now
Laszlo Toth & Ferenc Spala: Think differently about database hacking

In this batch we have:

Skip Duckwall / Chris Campbell – Puff Puff Pass – Getting the most out of your hash
Jordan Harbinger – Social Engineering Defense Contractors on LinkedIn and Facebook: Who's plugged into your employees?
Paul Asadoorian / John Strand – Everything they told me about security was wrong.
Zack Fasel – Pwned in 60 Seconds -From Network Guest to Windows Domain Admin
Ryan Elkins – Simple Security Defense to thwart an Army of Cyber Ninja Warriors
atlas: RfCat-subghz or bust
Georgia Weidman – Introducing the Smartphone Pentest Framework
Gillis Jones – The Badmin Project
Kyle (kos) Osborn – Physical Drive-By Downloads
Johnny Long – The Evolution of HFC
Dual Core (int0x80) – Moar Anti-Forensics – Moar Louise
Bruce Potter – Security Epistemology: Beliefs – Truth – and Knowledge in the Infosec Community
Josh More – Pen Testing Security Vendors
Jason Gunnoe & Chris Centore -Building the next generation IDS with OSINT
Babak Javadi / Keith Howell: 4140 Ways your alarm system can fail
Benjamin Mauch – Creating a powerful user defense against attackers
Bart Hopper – Hunting Evil
Doug Burks – Security Onion – Network Security monitoring in minutes

Direct downloads from Archive.org will be uploaded when I have all of Day 2 ready.

Hi all. Expect these to come out in phases.

Opening Ceremony
HD Moore – The Wild West
Dan Kaminsky – Black Ops
Mudge – Cyber Fast Track; from the trenches
Jayson E. Street – Securing the Internet: YOU’re doing it wrong (An INFOSEC Intervention)
Jason Scott – Rescuing The Prince of Persia from the sands of time
Dave Marcus – 2FA-Enabled Fraud: Dissecting Operation High Roller
Rafal Los – House of Cards
Rob Fuller / Chris Gates – Dirty Little Secrets Part 2
Chris Hadnagy – Nonverbal Human Hacking
Rick Farina: The Hacker Ethos meets the FOSS ethos
Brent Huston – Info overload..Future shock.. IBM & nature of modern crime
Ian Amit – SexyDefense – the red team tore you a new one. Now what?
egyp7 – Privilege Escalation with the Metasploit Framework
Larry Pesce / Darren Wigley – Hacking Survival: So. You want to compute post-apocalypse?
James Arlen – Doubt – Deceit -Deficiency and Decency – a Decade of Disillusionment
Carlos Perez – DNS Reconnaissance
Sam Gaudet: Pentesting for non-pentesters…through virtual machines
Ryan Linn – Collecting Underpants To Win Your Network
Jerry Gamblin: is it time for another firewall or a security awareness program?

Setting User Agent String And Browser Information

Introduction to user-agent switching: This video uses the Firefox add-on "User-Agent Switcher" to modify several settings in the browser that are transmitted in the user agent string inside HTTP requests. Some web applications will show different content depending on the user agent setting making alteration of the settings useful in web pen testing.

Walkthrough Of CBC Bit Flipping Attack With Solution

This video shows a solution to the view-user-privilege-level in Mutillidae. Before viewing, review how XOR works and more importantly that XOR is communicative (If A xor B = C then it must be true that A xor C = B and also true that B xor C = A). The attack in the video takes advantage that the attacker knows the IV (initialization vector) and the plaintext (user ID). The attack works by flipping each byte in the IV to see what effect is produced on the plaintext (User ID). When the correct byte is located, the ciphertext for that byte is recovered followed by a determination of the correct byte to inject. The correct value is injected to cause the User ID to change.

Mutillidae is available for download at http://sourceforge.net/projects/mutillidae/. Updates about Mutillidae are tweeted to @webpwnized along with announcements about video releases.

Breaking Ground

KEYNOTE, Jack Daniel: "The State of Security BSides"

Matt Weeks: "Ambush - Catching Intruders At Any Point"

Robert Rowley: "Max Level Web App Security"

Davi Ottenheimer: "Big Data's Fourth V: Or Why We'll Never Find the Loch Ness Monster"

HD Moore: "Empirical Exploitation"

Christopher Lytle: "Puzzle Competitions and You"

Parth Patel: "Introducing 'Android Security Evaluation Framework' - ASEF"

Terry Gold: "RFID LOL"

Raphael Mudge: "Force Multipliers for Red Team Operations"

Andrew Hay & Matt Johansen: "Applications and Cloud and Hackers, Oh My!"

Brendan O'Connor: "Reticle: Dropping an Intelligent F-BOMB"

Josh Sokol/Dan Cornell:"The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems"

James Lester & Joseph Tartaro: "Burp Suite: Informing the 99% of what the 1%'ers are knowingly taking advantage of."

dc949 - "Stiltwalker: Round 2"

Gillis Jones: "The Badmin project: (Na-na- nanana Na-na-nanana BADMIN)"

IPv6 Panel / Drinking Game

Proving Ground

Michael Fornal: "How I managed to break into the InfoSec World with only a tweet and an email."

David Keene: "Breaking Microsoft Dynamics Great Plains - an insiders guide"

William Ghote: "Lotus Notes Password Hash Redux"

Spencer McIntyre: "How I Learned To Stop Worrying and Love the Smart Meter"

Christopher Campbell "Shot With Your OwnGun: How Appliances are Used Against You."

Shawn Asmus, Kristov Widak: “Mirror Mirror – Reflected PDF Attacks using SQL Injection”

Georgia Weidman: "Introducing the Smartphone Penetration Testing Framework"

Phil Young: "Mainframed - The Forgotten Fortress"

Walt Williams: "Metrics that Suck Even Less"

Conrad Constantine: "The Leverage of Language: or : How I Realized Information Theory could Save Information Security"

Jason Ding: "The Blooming Social Media Economics Built on "Fake" Identities

Lightning Talks

Here are the talks from the OISF Anniversary Event 2012:

Conference Kickoff - Deral Heiland & Abyss of Cybersecurity - John Bumgarner
Size Does Matter: Password Tools and Data - Bob Weiss
Dingleberry Pi Building a Blackthrow: More inexpensive hardware to leave behind on someone else's network - Adrian Crenshaw
Threat Model Express - Sahba Kazerooni

Here are the talks from Bsides Cleveland 2012:

Secret Pentesting Technigues Shhh...Dave KennedyDave "ReL1K" Kennedy
Focusing on the Fool: Building an Awareness & Training Program - Branden Miller & Bill Gardner
<? $People ?> Process Technology - Jeff @ghostnomad Kirsch
Dingleberry Pi Building a Blackthrow: More inexpensive hardware to leave behind on someone else's network - Adrian "Irongeek" Crenshaw
Testing Enterprise DLP Systems // Advanced data exfiltration techniques - Albert School
Automating Incident Response - Mick Douglas
Business Ramifications of the Internet's Unclean Conflicts - Rockie Brockway
Netflow for Incident Response - Jamison Budacki
Winter is Coming: Cloud Security in Dark Ages - Bill Mathews
What locksport can teach us about security - Bill Sempf <missing>
Pass the Hash like a Rockstar - Martin "PureHate" Bos
Naked Boulder Rolling - Applying Risk Management to Web Application Security - J Wolfgang Goerlich
Anti-Forensics Filler - Irongeek
Outside the Echo Chamber - James Siegel (aka WolfFlight)
Pentesting ASP.NET - Bill Sempf

More Web Pen-Testing Videos From Jeremy Druin
Here are two more videos from Jeremy Druin (@webpwnized):

Using Command Injection To Gain Remote Desktop On Windows

How To Exploit Metasploitable 2 With Nmap Nexpose Nessus Metasploit

Recorded at AIDE 2012. Big thanks to Bill Gardner (@oncee) for having me out to record.

Anti-Forensics: Occult Computing
Adrian Crenshaw

Out of Character: Use of Punycode and Homoglyph Attacks to Obfuscate URLs for Phishing
Adrian Crenshaw

An Introduction to Traffic Analysis: A Pragmatic Approach
Jon Shipp

Pen Testing Web 2.0: The Client
Jeremy Druin

Breaking into Security
Frank J. Hackett and Justin Brown

Sabu the Hacker: The capture, the crimes, the damage done, the slip, the apprehension, and the fallout.
Dr. Marcus Rogers
Jill McIntyre
Boris Sverdlik
Ronald Layton, U.S. Secret Service

BNAT Hijacking: Repairing Broken Communication Channels
Jonathan Claudius

Setting up BackTrack and automating various tasks with bash scripts
Lee Baird

Going on the Offensive - Proactive Measures in Securing YOUR Company
Dave Kennedy

What: BSidesCleveland
When: Friday, July 13, 2012
Where: Embassy Suites Cleveland - Rockside
Address: 5800 Rockside Woods Boulevard, Independence 44131
Cost: Free (as always!)

Register at:
http://www.securitybsides.com/w/page/27427415/BSidesCleveland

Submit to CFP at:
http://www.securitybsides.com/w/page/53552319/BSidesClevelandCFP

Intro to Scanning: Nmap, Hping, Amap, TCPDump, Metasploit, etc. Jeremy Druin
This is the 2nd in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae for the Kentuckiana ISSA. This one covers scanning Nmap, Hping, Amap, TCPDump, Metasploit, etc.

At some point, I will start putting up some of my own content :) I have done some tricks that I hope will make the page load better, but I'm not sure about the browser compatibility. In the mean time, here is some more of Jeremy's work:

Using Metasploit Hashdump Post Exploit Module Creds Table And John
This video shows how to have the hashdump post exploitation module automatically populate the creds table in the metasploit database, then export the credentials to a file suitible to pass to the john the ripper tool in order to audit the passwords.

Using Metasploit Community Edition To Determine Exploit For Vulnerability
In previous versions of Metasploit it was possible to run "db_autopwn -t -x" in the msfcomsole in order to have metasploit guess the best exploits for a given vulnerability. This video looks at alternative functionality for the depreciated "db_autopwn -t -x" option in older versions of Metasploit's msfconsole. Metasploit Community Edition has similar exploit analysis functionality accessible via the web based GUI.
 

Jeremy had two more videos for you. It's beginning to become a load problem with all the iframe embedded videos :). I'm willing to take suggestions.

Using Hydra To Brute Force Web Forms Based Authentication Over Http
This video covers using nmap to ping sweep network then discover ports on two machines to locate a web server on which Mutillidae is running. Once the web server is running, the site is loaded into Firefox and the login page is located. Using View-Source, Burp-Suite, and the sites registration, the login process is studied. Potential usernames are gathered from using Reconnoitter, CeWL, and the sites own blog page. A password file from john the ripper is used. With the potential usernames and passwords in hand, hydra is used in http-post-form mode to search for a username and password which can log into the site.

Connect To Unreachable Web Site Through Meterpreter Port Forwarding
This video covers accessing a web site that is normally unreachable from our Backtrack 5 box. However, after gaining a session on a third box, we forward our web browser through the compromised host in order to browse the website. The port forwarding is done via a meterpreter session on the compromised host. After setting up the port forward, the browser is able to use the compromised host as a relay (almost like a web proxy) in order to browse to the "internal" web application.

Some of the current speakers: Jeff Moss, Dan Kaminsky, Kevin Mitnick, Martin Bos, Adrian Crenshaw, HD Moore, Dave Kennedy, Ryan Elkins, Johnny Long, Chris Nickerson, Chris Gates, Eric Smith, Paul Asadoorian, Rob Fuller, Larry Pesce, Chris Hadnagy, John Strand, Peter Van Eeckhoutte, int0x80, Thomas d’Otreppe, Jack Daniel, Jason Scott, Deviant Ollam, Jayson E. Street, James Lee, Rafal Los, Kevin Johnson, Tom Eston, Rick Hayes, Georgia Weidman and Karthik Rangarajan

Check out videos of last year's Derbycon here.

Three more great videos from Jeremy Druin (@webpwnized ):

Creating Syn Port Scan Manually With Scapy
Contrast Nmap And Amap Service Version Detection Scanning

Here is the list:
Kickin' it off for year number 8! Outerz0ne: The History, The Legend SkyDog
Bare Metal Install of Linux from a Network Server Halfjack
How To Cyberstalk Potential Employers IronGeek
Complex Litigation in America Tyler Pitchford
Hook, Line and Syncer: Outerz0ne Remix Chris Silvers
IPv4 -to- IPv6 Service Providers Challenges Jeremy Schmeichel & SlimJim
Your Camera is Worth $300,000 to Microsoft Scott Moulton
Outerz0ne Closing and Awards Skydog and Crew

Track 1
Day 1

Game Maker: Crash Course
Chris Sanyk

Minute Man: All I Need is 60 Seconds
Rick Deacon

Get your kicks on route IPv6
Mike Andrews

We lit IPv6. This is what happened.
Jeff Goeke-Smith

Civic Hacking
Jeff Schuler, Beth Sebian

Vulnerabilities of Control Systems in Drinking Water Utilities
John McNabb

Hacking for Freedom
Peter Fein

Building a Game for the Ages (well, the young ages anyway)
Bill Sempf

Day 2

Mo data? Mo problems!
Mick Douglas

What if Max Zoran Succeeded? Living without Silicon Valley
movax

How to totally suck at Information Security
Christopher Payne, Doug Nibbelink

(Just About) Everything you think you know about Wilderness Survival is Wrong
Mark Lenigan

Baking in Security
Jeff “ghostnomad” Kirsch

Your Hacker Class is Bullsh1t
Christopher Payne

REFACTORING THE REVOLUTION (Occupy as an Agile project)
Some Guy On Bridge

Custom Distributions Via Package Aliasing: release of The Pentest Repository
Ryan Holeman

Numbers, From Merely Big to Unimaginable
Brian Makin

Whose Slide Is It Anyway?
nicolle “rogueclown” neulist
(Sorry, I can't post this one since we did not get permission from everyone)

Track 2
Day 1

I’m a Hacker…and I’m a QSA (Hacking PCI Requirement 6.6. Why Your Web Applications are Still Not Secure)
David Sopata, Gary McCully

Neurohacking: from the bottom up
meecie

Code That Sounds Good: Music Theory and Algorithmic Composition
nicolle “rogueclown” neulist

Collaboration. You keep using that word…
Angela Harms

Kinetic Security
Knuckles, Jeff “ghostnomad” Kirsch, Ghostnomadjr

Milkymist: video synthesizers at the cutting edge of open source hardware
Sébastien Bourdeauducq

Development Operations: Take Back Your Infrastructure
Mark Stanislav

Exercise Your Mind and Body
Suellen Walker, Joe Walker

Day 2

How to Market the Morally Broken and Sociologically Depraved: A Guide to Selling Your Local Hacker Conference to the Public
Jaime Payne

Geocaching 101
Jon Peer

Notacon 9 Network

1984 2012 Legal Privacy Trends
Nick Merker

The Sword is Mightier than the Pen(test): an Introduction to Fencing
Brian Stone, Amy Clausen

What Locksport Can Teach Us About Security
Bill Sempf

Octodad: Building a Better Tentacle Ragdoll
Devon Scott-Tunkin

Three more great videos from Jeremy Druin (@webpwnized ):

Detailed Look At Linux Traceroute

This video takes a detailed look at the traceroute program in Linux. The newer traceroute is used (version 2.0.18). The later versions have the ability to send packets of different protocols (i.e. TCP) to the target. This feature was previously found in the LFT (Layer Four Traceroute) tool but not found in the Linux traceroute. While LFT still is more feature-rich than the traceroute built into Linux, the new features in Linux traceroute make the tool very useful and quite capible. It helps to understand how the traceroute tool forms the packets, to what ports the packets are sent, and what protocols can be used to send the packets. This information can be used to get traceroute commands to work through firewalls and HIPS systems when ICMP and/or UDP and/or most TCP ports are blocked.

Introduction To TCPDump Network Sniffer

This video is an introduction to the tcpdump network packet sniffer/capture tool. The video is relatively long because of the demo used required "building up" to the HTTP capture. The video only covers the basics but is meant to be a good introduction to practical use of tcpdump.

Basics Of Using The Maltego Reconnaissance Graphing Tool

This video looks at using Maltego to both gather and organize information in a customer pen-test. Maltego is a GUI-based tool for Linux which is included in the Backtrack 5 R2 release. The tool is able to gather information from public sources on entities. The Community Edition (used in this video) is free. There is a paid-version with more features. The site used in this video is irongeek.com and was used with written permission from the owner. If following along, please use a domain for which you have permission.

Also, I updated the Pen-testing practice in a box: How to assemble a virtual network post to fix an audio issue (it was cutting out after a certain amount of time).

How To Upgrade To Nessus 5 On Backtrack 5 R2

This video looks at upgrading Nessus 4 to Nessus 5. The operating system used in the video is Backtrack 5 R2. Nessus 4 was successfully registered and running on this OS prior to attempting to upgrade to Nessus 5. If a fresh Nessus install is needed, the process is different.

Creating Reports And Metasploit Db Importable Reports With Nmap Xml Output

Nmap reporting is excellent with the XML option but this is not used in a lot of cases. The XML output from nmap can be imported into other tools such as the Metasploit Community Edition (Import button), metasploit DB, and other tools. Also, the XML format can be opened in a web browser to produce a well-formatted report suitable for attachment to a pen-test.

Outerz0ne Video Move
Still working on moving videos to YouTube to support more devices. Since Outerz0ne is coming up I decided to move their videos next:

Outerz0ne 2011:

SkyDog - Opening Ceremonies/etc.
SkyDog - The Modern Day Hacker
IronGeek - Rendering Hacker Con Videos with AviSynth
MadMex - Windows Command Line Incident Response
HalfJack -Building your Own Green Home
Beau Woods - What Companies and Vendors must know about securing mobile devices, mobile applications, access and data.
Rick Hayes - Assessing and Pen-Testing IPv6 Networks
Pure Hate - Why your password policy sucks
Billy Hoffman - Advice on starting a start-up
Contest Prize Giveaway, Awards, Closing Ceremonies

Outerz0ne 2010:

Intro to Outerzone and Talk 1 - Security People Suck - Gene Bransfield
IronGeek - Turning the Zipit 2 into a mobile hacking device
Freeside
PBR90X - Social Networking #FAIL
Scott Moulton - Hard Drive Kung Fu Magic
Brian Wilson -Docsis Coolness
BobTalks
Billy Hoffman - Web Performance Talk Craziness
Closing Ceremonies

Outerz0ne 2009

Morgellon - *Duino-Punk! Manifesting Open Source in Physical Space from Outerz0ne 5
Tyler Pitchford - They took my laptop! - U.S. Search and Seizure Explained
SkyDog - Screen Printing Primer - Make your own Con Shirt!
SlimJim100 - Live Demo of Cain & Able and the Man-in-the-middle-attack
Nick Chapman - Embedded Malicious Javascript
Makers Local 256 - A primer on hackerspaces
Scott Moulton - Reassembling RAID by SIGHT and SOUND!
Rob Ragan - Filter Evasion - Houdini on the Wire
Acidus (Billy Hoffman) - Offline Apps: The Future of The Web is the Client?
Closing

Also, a video I did about Outerz0ne and Notacon 2009:

Outerz0ne and Notacon 2009 Hacker Cons Report

This is a class we gave for the Kentuckiana ISSA on the the subject of password exploitation. The Password Exploitation Class was put on as a charity event for the Matthew Shoemaker Memorial Fund. The speakers were Dakykilla, Purehate_ and Irongeek.

This is a class I gave for the Kentuckiana ISSA on the the subject of Anti-forensics. It's about 3 hours long, and sort of meandering, but I hope you find it handy. For the record, Podge was operating the camera :) Apparently it was not on me during the opening joke, but so be it, no one seemed to get it. I spend way to much time on the Internet it seems. Also, I'm in need of finding video host to take these large files. This class video is 3 hours, 7 min and 1.2GB as captured.

The following are videos from the Footprinting/OSInt/Recon/Cyberstalking class I did up in Fort Wayne Indiana for the Northeast Indiana Chapter of ISSA. I've split the class into three videos by subtopic, and included the text from the presentation for quick linking.

DOJOCON 2010 Videos Migrated To YouTube
I've started to migrate the con videos I record and embed on this site to YouTube. I'm doing this for a few reasons:

1. Vimeo took down Dave Marcus' talk because they said it was in violation of their TOS, and when I tried to explain to them what it was about they would not email me back (and I was a paying customer to their service at the time).
2. I'm now allowed longer videos on YouTube, so why not.
3. This should support more devices.

I've started with DOJOCON 2010 to get Dave's talk back up. Below are the videos from the conference, at least the ones I can show :), enjoy.

Index:

Tiffany Strauchs Rad, @tiffanyrad: International Cyber Jurisdiction: "Kill Switching" Cyberspace, Cyber Criminal Prosecution & Jurisdiction Hopping
John Strauchs, @strauchs: Security and IT Convergence
Richard Goldberg, @GoldbergLawDC: Rules of Engagment: Mitigating Risk in Information Security Work
Jon McCoy: Ninja Patching .NET
Marco Figueroa, @marcofigueroa & Kevin Figueroa: Detecting & Defending Your Network using Nepenthes/Shaolin Tools
Dave Marcus, @davemarcus: Using Social Networks To Profile, Find and 0wn Your Victims
Brian Baskin, @bbaskin: P2P Forensics
Jonathan Abolins, @jabolins: Internationalized Domain Names & Investigations in the Networked World
Deviant Ollam, @deviantollam: Don't Punch My Junk
Michael Shearer, @theprez98: How to 0wn an ISP in 10 Minutes
Christopher Witter, @mr_cwitter: Enterprise Packet Capture on Da'Cheap
Ben Smith: Printer Exploitation
Adrian Crenshaw, @irongeek_adc: Malicious USB Devices: Is that an attack vector in your pocket or are you just happy to see me?
Shyaam Sundhar, @EvilFingers and John Fulmer, @DaKahuna2007: Is the IDS Dead?
Chris Nickerson, @indi303: The State of (In)Security
Gal Shpantzer, @shpantzer: Security Outliers: Cultural Cues from High-Risk Professions
Michael Smith, @rybolov: DDoS

Web Application Pen-testing Tutorials With Mutillidae
When I started the Mutillidae project it was with the intention of using it as a teaching tool and making easy to understand video demos. Truth be told, I never did as much with it as I intended. However, after Jeremy Druin (@webpwnized) took over the development it really took off. I have since come to find out he has been doing A LOT of YouTube video tutorials with Mutillidae, which he said I could share here. I will be copying his descriptions with slight editing and embedding his videos in this page. Videos include:
 

The code has been updated in the following ways:

On the PIC side: Updated Firmware for the USB Host Module - PIC24FJ256GB106 to work with more keyboards.

On the Teensy side:

0.04:
* If a keyboard was plugged in after the keylogger was already powered on, it would type "i7-". I added code
to fix this problem.
* Fixed RAW serial debug mode not to print key
* Changed name of variable "lasttenletters" to "lastfewletters" and expanded it to 60.
* Ctrl+Alt+Y is now used for typing more debugging details.
* Implemented likely to fail code for unlocking workstation using captured password.
* I had some problems with running out of SRAM because of all of my static strings. I started using the F()
function to pull these strings from flash memory to solve this issue.
* Fixed a case issue with lastfewletters. I did not know the method changed it in place.
* Fixed a bug in HIDtoASCII that made it top row of number keys not work right.

I've uploaded improved code,
Just PS/2:
* Converted ints to bytes in many places. Why take the extra space? :)
Both USB and PS/2:
* Made sure it worked with Arduino 1.0.
* Switched to using the SD library that comes with Teensyduino (from the comments, it looks like
it's a wrapper by SparkFun Electronics around William Greiman's work).
* Changed the variables "file" to "logfile" and "filename" to "logfilename" to be less ambiguous.

I also embedded my talk from Skydogcon and pasted my class project report on the end which gives a lot more details about how this hardware keylogger was created and why.

extern void CommandAtRunBarOSX(char *SomeCommand);
extern void CommandAtNewTerminal(char *SomeCommand);
extern void ShrinkCurWinOSX();

I also tested to make sure it worked with Arduino 1.0.

Jeremy Druin has been doing a lot of work on Mutillidae since I last posted to the front page/rss about it. Here is the change long since the last time I mentioned it:

Change Log for Mutillidae 2.1.7:

Added a new page for HTML5 storage. The page is meant to show how to both use and attack HTML5 storage. The page supports Local and Session storage types. The user can attack the storage in two contexts. They can act as if they want to read to contents of their own browsers session storage to see if the developer put authorization tokens or other items into the storage. They can also try to use XSS to steal the session storage. In this use-case the user would be acting as if they wanted to read someone elses storage. A large number of hints has been added to the page. The page name is "html5-storage.php" and can be accessed from the Cross Site Scripting menu and information leakage menu. In security level zero, the page has no defenses. In level 1, the page will use trivial JavaScript validation. In security level 5, the page will refuse to put the secrets in client side storage.

11/13/2011: Jeremy Druin / Kenny Kurtz

Change Log for Mutillidae 2.1.6:

Enhanced the .htaccess file to automatically disable magic quotes on systems which enable them by default (such as some OSX versions of PHP)
Fixed some bugs in the phpinfo.php file that made the page display weird.
Enhanced the hidden PHPINFO page so that it would work if the user browsed to http://localhost/mutillidae/index.php?page=phpinfo.php or to http://localhost/mutillidae/phpinfo.php. This example assumes Mutillidae is running on localhost.
Fixed a bug in index.php that kept the log-visit page from being included.
Fixed a bug in log-visit.php that kept the page from working.
Fixed installation instructions format for IE 8 not in compatibility mode.

11/10/2011: Jeremy Druin

Change Log for Mutillidae 2.1.5:

Added vuln to login sequence. Now a cookie is created with username. Students should try to XSS the cookie and see what happens. Also try a response splitting attack because a cookie is an HTTP header.
Created new twitter feed to make Mutillidae announcements and other web vulnerability tweaks. @webpwnized
Fixed installation instructions format for IE 8 not in compatibility mode

10/14/2011: Jeremy Druin

Change Log for Mutillidae 2.1.4:

Moved usage instructions and php errors from the home page to their own pages.
In insecure mode, changed the method of the user-info.php page to GET in order to make it easier to use sqlmap against Mutillidae. sqlmap supports POST but it is easier to use with GET.
Added hints about sqlmap to sql injection tutorial and to the easter egg file
Added a credit card table as a target in the database
Confirmed that the view-blog table can be attacked with sqlmap. The answer is in the Easter Egg file.

10/13/2011: Jeremy Druin

Change Log for Mutillidae 2.1.3:

Fix a bug. If the user was on the home page, without having clicked any link to this point (such as when using a bookmark), then the user clicked the "change security level", the page would redirect to page not found.
Increased the slide time for the ddsmoothmenu to make it slow down a little bit
Added a NEW vulnerability. Many sites have crazy pages that show server settings, expose admin functionality, allow configuration, or other features a user should not be able to see. The problem is not the pages themselves so much as the fact that developers think no one will guess the name and browse to them. Shoulder surfing, guessing, brute-forcing, etc can be used to find these pages. Mutillidae now has such a page. It is in the "Server Misconfiguration" category. See secret-administrative-pages.php for hints.
Augmented the installation instructions
Added link to ihackcharities to front page
Added a new security level. Now there is security level 1. The only difference in this release between level 0 and level 1 is that level 1 has JS validation. The JS validation has been in place for a while to allow but was activated in level 0. Since level 0 is supposed to be very easy, the decision was made to create level 1 and move JS validation to level 1. The JS validation is trivial to bypass. Simply disable JS or use a proxy such as Tamper Data, Paros, Burp, WebScarab, or others.
Page homenotes.php has been merged with home.php.
Page home.html has been renamed home.php
Added protection for SQL injection to add to your blog.php output of the current users blog entries. Prior to this patch, you could SQL inject in security level 5 by putting your injection in the current users login name because the query uses the current users login name as the input to the query.
Improved the DNS lookup page to add JS validation in security level 1 mode.
Changed padding for BACK button to use styles rather than HTML BR tags.
Changed the password generator password length to 15 to set a better example.
Some refactoring on user-info.php and login.php to clean up code
Added CSRF Protection to page add to your blog. This only works in secure mode.
Added more scripts to the easter egg file (Mutillidae Test Scripts)
Bug fix: The setupandreset.php errors were not printing out.
Stupid bug fix: Removed the "open DB" that was firing before the database was actually created.
Created output on page setupandreset.php to show what happened
Added try/catch and more error handling to setupandreset.php
 

SkyDog - Conference Opening Remarks

Curtis Koenig - The Neurobiology of Decision Making

Chris Anderson - Corporate Evil

Rious - Making of the SkyDogCon Electronic Badge

IronGeek - More PHUKED Than Ever

Nick Levay - Counter Espionage Strategy and Tactics

Karlo Arozquerta - Windows Command Line Forensics

Brian Wilson - DOCSIS Networks

Brent Baldwin/Robert Jason - Brewing Coffee the Soft Brew Way

Sonny Mounicou - Hackerspace Technology 101

Pat McCoy/Mike McGilvray - Hook, Line and Syncer: A Liar for Hire's Ultimate Tackle Box

James Ruffer - Information gathering and social media attacks to gain physical and electronic access to companies

Bart Hopper - Avoiding the Landmines in Your Own Backyard

HackerSpace Panel

Ben Feinstein - Morto Kombat: Understanding the Morto Worm

Change logs:

PS/2 Hardware Keylogger/PHUKD:

0.01:
* Holding mod keys did not always work for multi select. Got it working (at least I think I did).
* Nulls were getting into the logs, so I made an unhandled keycode exception.

USB Hardware Keylogger/PHUKD:

0.01:

* Holding mod keys did not always work for multi select. Got it working by taking out the key replay code,
and made held keys function better in the process. Also, it made the code simpler to read as I got rid
of a bunch of unneeded cruft code. :)
* Nulls were getting into the logs, so I made an unhandled keycode exception.
*Changed log brackets from <> to [].

0.02:
* Fixed bug in logging unknown keys.
* Added logging for keys [KEY_TAB] and [KEY_NON_US_NUM].
* Ctrl+Alt+S toggles the typing of raw bytes as they come in the serial connection.
* Converted ints to bytes in many places. I think their was a type casting problem causing weird issues.
* Fixed a buffer overflow issue caused by IncomingHIDReportIndex going over 18.
* Many other tiny changes.
 

For related work see:

Hardware Key Logging Part 1: An Overview Of USB Hardware Keyloggers, And A Review Of The KeyCarbon USB Home Mini (Text)
Hardware Key Logging Part 2: A Review Of Products From KeeLog and KeyGhost (Text)
Hardware Key Logging Part 3: A Review Of The KeyLlama USB and PS/2 Keyloggers (Text)
Irongeek - Hardware Keyloggers: Use, Review, and Stealth Presentation (Phreaknic 12) (Video)
Hardware Keyloggers In Action 1: The KeyLlama 2MB PS/2 Keylogger (Video)
Hardware Keyloggers In Action 2: The KeyLlama 2GB USB Keylogger (Video)
Bluetooth Wireless Hardware Keylogger Review (Video)
Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device (Defcon 18) (Video)
Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device (Text)
Plug and Prey: Malicious USB Devices (Text)
Malicious USB Devices: Is that an attack vector in your pocket or are you just happy to see me? (Video)

Contents are as follows:

Opening Ceremony - Johnny Long - Keynote (via Skype)
Chris Silvers and Pat McCoy Hook Line and Syncer A Liar for Hires Ultimate Tackle Box
Boris Sverdlik Your Perimeter Sucks
Joshua Perry OSINT
Gus Fristschie Getting f***ed on the river
Eric Milam Automating MiTM for Winning
Keith Pachulski Common Project Issues with Technical Assessments
Tim Tomes and Mark Baggett Lurking in the Shadows
Martin Bos Your Password Policy Sucks
James Macgregor Watson Online Time OF cRIME
Charlie Vedaa F*** the Penetration Testing Execution Standard
Stephan Looney Up and Running with Backtrack Workshop
Thomas Hoffecker Exploiting PKI for Fun & Profit or The Next Yellow Padlock Icon
@grecs How to Win Followers and Influence Friends Hacking Twitter to Boost Your Security Career
Jon Schipp Knowing What's Under Your Hood Implementing a Network Monitoring System

Also, since we had problems with the audio rig in Joff Thyer's talk he sent me slides and demo videos for his Covert Channels using IP Packet Headers presentation. Enjoy.

Day 3, Track 2

Jason n00bz – Advanced Penetration Techniques for the non-technical n00b (Not Recorded)
Jayson E. Street – Steal Everything, Kill Everyone, Cause Total Financial Ruin!  (Or How I Walked In And Misbehaved)
James Lee (egypt) – State of the Framework Address (Sound came out as just ground noise)
Ron Bowes – Advanced Nmap Scripting: Make Nmap work for you!"
(Sound came out as just ground noise)
Deviant Ollam – Distinguishing Lockpicks: Raking vs Lifting vs Jiggling and More
Raphael Mudge – Dirty Red Team tricks

Day 3, Track 3
Note: Some of these had weird ambient noise that I could not remove without making all of the audio sound weird. I did the fix to JDuck's, but the rest I left alone.

Chris Roberts – A Tribute to Dr. Strangelove
Kyle Osborne (kos) – The Hidden XSS – Attacking the Desktop
Mick Douglas – Blue team is sexy — refocusing on defense — Part II — All you baseline are belong to us
Garrett Gee – Typo-squatting Just Got A Lot More Dangerous (Not Recorded)
Thomas d’Otreppe (mister_x) – OpenWIPS-ng
Joshua Drake (jduck) – Exploiting Java Memory Corruption Vulnerabilities

I have ideas for Derbycon 2 to make the recording a bit more reliable. See you next year!

 Day 2, Track 3:

Georgia Weidman – Throw It in the River? Towards Real Live Actual Smartphone Security
Rob Simon – Pentesting over Powerlines
Larry Pesce – You are the Smart Meter: Making (and hacking) of the 2011 MA-CCDC electronic badges
Bill Sempf – Is locksport a sport?
Infojanitor – Virtual trust, Virtual Permission and the Illusion of Security
Ben Feinstein & Jeff Jarmoc – Get Off of My Cloud": Cloud Credential Compromise and Exposure
Jimmy Shah – Mobile App Moolah: Profit taking with Mobile Malware
McCorkle & Rios – 100 bugs in 100 days: An analysis of ICS (SCADA) software
Scott Ullrich + Chris Buechler – Open source firewalling with pfSense (Sound came out as just fuzz)
Spiky Geek – How I learned to roll my own:Building custom pen testing platforms on the fly (Sound came out as just fuzz)
Brent Huston – Realize Your Hacker Heritage: Do The Needful

 Day 3, Track 1

Charlie Miller – Battery Firmware Hacking
Peter Van Eeckhoutte & Elliot Cutright – Win32 Exploit Development With Mona and the Metasploit Framework
Ryan Linn – collecting Underpants To Win Your Network
Jamison Scheeres – Social Engineering is a Fraud (Awaiting approval)
Josh Kelley (winfang98) – Infectious Media – Bypassing AutoRun once and for all
Kevin Johnson & Tom Eston – Desktop Betrayal: Exploiting Clients through the Features They Demand

Enjoy!

Brian Baskin – Walking the Green Mile: How to Get Fired After a Security Incident
Joe Schorr – “Rule 1: Cardio” (and 9 other rules to keep intruders out)
Thomas Hoffecker – Exploiting PKI for Fun & Profit or The Next Yellow Padlock Icon?
Matthew Becker – 73o7\/\/@\/\/Ki – Survival Hacking your way out of Armageddon
Bart Hopper – Avoiding the Landmines in your own Backyard
Chris Gates and Rob Fuller – The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
Boris Sverdlik – Your perimeter sucks
Evan Booth – Hide yo kids, hide yo wife: Residential security  and monitoring the bottom line
Rick Farina – Free Floating Hostility
Jack Daniel – Surviving a Teleporter Accident (It could happen to you)
Adrian Crenshaw – Building a Svartkast: Cheap hardware to leave behind on someone else’s network

Had to do some work on the audio to raise the voices and lower the noise. Choke up on the mic folks. :) Next year maybe we can get some lavalier microphones.

Dennis Kuntz – Mining Sensitive Information From Images Using Command-Line OCR
Michael Arpaia – Beat to 1337: Creating A Successful University Cyber Defense Organization
Carlos Perez (darkoperator) – Tactical Post Exploitation
Paul Asadoorian + John Strand: Offensive Countermeasures: Still trying to bring sexy back
Tony Huffman (Myne-us) – When Fuzzers Miss: The no Hanging Fruit.
Rafal Los – You’re Going to Need a Bigger Shovel – A Critical Look at Software Security Assurance
Rick Hayes + Karthik Rangarajan – OSINT Beyond the Basics
int0x80 (of Dual Core) – Anti-Forensics for the Louise
Rick Redman – Tomorrow you can patch that 0day – but your users will still get you p0wn3d
Tottenkoph – Data Mining for (Neuro) hackers

Unfortunately, the audio buzz on Joff Thyer's "Covert Channels using IP Packet Headers" talk is pretty catastrophic. I'll look at it again, but I don't have high hopes. Also, I know some of the later videos have this audio issue as well.

Adrian, Dave, Martin: Welcome to DerbyCon 2011 – Intro to the con and events
KEYNOTE ~ HD MOORE – Acoustic Intrusions
Johnny Long – Hackers for Charity Update
Kevin Mitnick + Dave Kennedy – Adaptive Penetration Testing
The Penetration Testing Execution Standard (PTES) Panel
Bruce Potter – The Details Don’t Matter
Chris Nickerson – Compliance: An Assault on Reason
Pat McCoy & Chris Silvers – Hook, Line and Syncer: The Liar for Hire’s Ultimate Tacklebox
atlas – sploit me if you can
Jason Scott – Jason Scott’s Shareware Calvacade
Vlad Gostom & Joshua Marpet – Smile for the Grenade! Camera go Bang!

Darknets/Cipherspaces such as Tor and I2P have been covered before in great detail. Sometimes it can be hard to follow attack strategies that have been used against them as the papers written on the topic have been academic and abstract. What this talk will attempt to do is step back and give an overview of the topic in a manner hopefully more conducive to the understanding of security practitioners, giving more concrete examples. While little to nothing in this talk will be "new and groundbreaking" it should lead to a better understanding of how encrypted anonymizing networks can be subverted to reveal identities.

Nashville Infosec
When: Sept 15, 2011
Where: Nashville, TN
http://www.technologycouncil.com/connect/infosec-2011/

Louisville Infosec
When: September 29th
Where: Louisville, KY
http://louisvilleinfosec.com/

DerbyCon
When: September 30th – October 2, 2011
Where: Louisville, KY
http://www.derbycon.com/

Hack3rCon 2011
When: October 21-23rd, 2011
Where: the Charleston House Hotel and Conference Center
http://www.hack3rcon.org/

SkyDogCon
When: Nov 4th – Nov 6th
Where: Holiday Inn Airport, Nashville, TN
http://www.skydogcon.com

Phreaknic
When: Nov 4th – Nov 6th
Where: Days Inn Stadium, Nashville, TN
http://www.phreaknic.info

Subjects to be announced later.

Security Tips For The Small Business From 70,000 Feet - Joseph Hollingsworth and Adrian Crenshaw
A little while back Joe Hollingsworth and I were interviewed for an article in the Southern Indiana Business Source. The local Kiwanis club asked for a 25 min talk on the subject of the article, so we came up with this mandate:
Given only 25 minutes, tell us what a small business could do to help their security posture.
Well, it ended up being almost 40min and we did not get through all of the slides. The live video camera failed, so the audio in this video is what the laptop recorded. It may not be something most of my readers will be interested in, but it may help you present on a similar topic.

Darknets/Cipherspaces such as Tor and I2P have been covered before in great detail. Sometimes it can be hard to follow attack strategies that have been used against them as the papers written on the topic have been academic and abstract. What this talk will attempt to do is step back and give an overview of the topic in a manner hopefully more conducive to the understanding of security practitioners, giving more concrete examples. While little to nothing in this talk will be "new and groundbreaking" it should lead to a better understanding of how encrypted anonymizing networks can be subverted to reveal identities.

Places to go, data to see
I2P eepSites
I2P Services/Apps
Tor Hidden Service Websites
Tor Hidden Service IRC

I2P Install
Install I2P In Windows
Install I2P in Linux (Standard Method)
Install I2P in Linux using APT Method
Proxy Settings for I2P

Tor Install
Install Tor in Windows
Install Tor in Linux
Proxy Settings for Tor

I2P Tweaks
I2P, connection and Firewall settings
Name Service subscripts to add
To Make I2P accessible to your network
Run I2P as a service

Tor Tweaks
Tor IRC
Specify an Exit Node in Tor
Make Tor accessible to your network
Run Tor as service in Windows
To make Vidalia work again in Window after making Tor a service
Run Tor as service in Linux (Ubuntu)
To make Vidalia work again in Linux after making Tor a service
Torify vs Torsock (hint:use Torsocks) in Linux

Tor Hidden Services
Just a simple Tor Hidden Service
Backing up Tor Hidden Server Key

Working with I2PTunnels
Using the built in web server (Jetty) I2P Tunnel
Make SSH Server and SOCKS Tunnel
Naming and announcing your eepSite
Encrypted Lease Set

Extra
Other Notes

I also plan to make videos for each of these short text guides.

Ohio Information Security Forum (OISF) Anniversary Event Videos
These are the presentations from the Ohio Information Security (OISF) Anniversary Event. The descriptions are largely Ligatted from the OISF website.

Endpoint Security Decisions - Kurt Roemer
Defending against XSS - Jason Montgomery
Project Ubertooth: Building a Better Bluetooth Adapter - Michael Ossmann
Making Windows 7 SP1 32/64bit Boot CD/DVD/USBs with Winbuilder - Adrian Crenshaw
Cloud Computing Security - Dr. James Walden

AIDE 2011 Conference Videos
These are the presentations from the AIDE 2011 conference at Marshall University. We had some issues early on with the schedule not matching the talks, so descriptions are incomplete. The descriptions I do have are largely Ligatted from the AIDE website.

Social Networks - Evan Patterson
Who are you going to call? - Evan Patterson
WV Crimes requiring Electronic & Digital Evidence - Philip Morrison
Professionalism on the Witness Stand - Phillip Morrison
Common Darknet Weaknesses - Adrian "Irongeek" Crenshaw
Recent HIPAA/HITECH Changes - Caleb Knight
Hacking A Mature Security Program - David "ReL1K" Kennedy

AIDE: July 15th, 2011
Cipherspaces/Darknets: An Overview Of Attack Strategies

Ohio Information Security Forum: July 16th, 2011
Making Windows 7 SP1 32/64bit Boot CD/DVD/USBs with Winbuilder

Defcon/B-Sides: Aug 2-7th, 2011
Only speaking at Defcon, but I plan to hang around B-Sides while I’m in Vegas that week.
Talk: Cipherspaces/Darknets: An Overview Of Attack Strategies
Workshop (in 2 parts):  "Getting up and running with I2P and Tor" & "Hosting sites as I2P eepSites and Tor hidden services"

Louisville Infosec: Sept 29th, 2011
As some of you know, the Louisville Infosec is happening the day before Derbycon, so if you are already in town you might as well come out. I'm running the Network King Of The Hill (NetKotH) game there, and to get more players they gave me a special reg code to get the first 15 people in for free who promise to compete in the game. The code is: koth2011
Last year the first prize was an iPod touch, not sure what it will be this year.

Derbycon: Sept 30th-Oct 2nd
I'm one of the organizers for the event. Most likely I'll not be speaking (we had so many submissions for talks, and we wanted to fit in as many as possible), but I will be doing a workshop along with the other founders Dave Kennedy and Martin Bos.

• Added more comments to the code to explain how defenses work
• Added support for the <u></u> tag to the blog. In secure mode Mutillidae will allow this tag but still safely encode output and stop XSS.
• Added JavaScript filtering to prevent single quotes from being entered in blog entries. This give practice bypassing JavaScript "security" and helps the user understand JavaScript cannot provide security.
• Added lots of JS filtering to login.php. Nearly all characters are filtered. Users are encouraged to understand that JavaScript and filtering are useless for security.
• Added autofocus to login.php and add-to-blog.php
• Added more "allowed dangerous HTML tags" to the blog. Until now only the bold HTML tag was supported. Also the output was not HTML5 compliant. For example, if the user entered a bold tag, then a bold tag was output however the bold tag is depreciated. Styles must be used. So Mutillidae allows the user to input a bold tag but will correctly encode this as a sytle upon output. The italic tag is now supported as a dangerous input which is safely output without fear of Cross Site Scripting. These defenses only operate in secure mode of course. In insecure mode, the site allows any input and simply outputs whatever is input without any encoding.
• Changed menu for OWASP A1 - Injection to differentiate between SQL, HTML, and Command Injection. This should make it more clear which pages exhibit vulnerabilities with the specific injecton sub-types. Also added new link for Blind SQL Injection.
• Changed menu for OWASP A2 - Cross Site Scripting to differentiate between XSS coming in via user supplied fields (GET/POST) and values within HTTP Request Headers.
• Added tutorials feature.
• Added SQL Injection Totorial
• Added Cross Site Scripting tutorial
• Added Command Injection tutorial
• Added new feature. Hints can now be at different levels. Each time the user clicks Hints, the level increases by 1 until rolling over.
• Removed the installation instructions from the home page. A new page for instructions is created and linked from the menu.
• Augmented the installation instructions to include running from Samurai, creating a custom ISO, installing to XAMPP, and running in virutal machines.
• Reformatted install instructions and main home page to be compliant with HTML 5.

http://action.eff.org/site/TR/Contest/Advocacy?team_id=1730&pg=team&fr_id=1060

Please help if you can.

Obligatory Robert A. Heinlein/Lazarus Long quote:

'If tempted by something that feels "altruistic," examine your motives and root out that self-deception. Then, if you still want to do it, wallow in it!'

OSInt, Cyberstalking, Footprinting and Recon: Getting to know you
The following are videos from the Footprinting/OSInt/Recon/Cyberstalking class I did up in Fort Wayne Indiana for the Northeast Indiana Chapter of ISSA. I've split the class into three videos by subtopic, and included the text from the presentation for quick linking.

DNS, Whois and Domain Tools
Finding general Information about an organization via the web
Anti-social networks
Google Hacking
Metadata
Other odds and ends

• Added a new page rene-magritte.php to explore click-jacking. In secure mode, Mutillidae will send the X-FRAME-OPTIONS: DENY header. In modern browsers, this will cause the browser to throw an error rather than allow the page rene-magritte.php to be framed.
• Added a resources link to the main menu. Links are to information or tools that can help with testing Mutillidae.
• Added new class LogHandler to take over logging. Previously logging statements has to be copied to each spot that logging was needed. With the new class, logging requires only one line of code and the logger automatically logs based on the current security level. If in insecure mode, no attempt to stop XSS or SQLi is made. With the new class, many less lines of code are needed and many more places log. With more places logging, there is a much better chance of finding a log exploit and taking advantage (insecure mode). Logging added to pages: add-to-your-blog, dns-lookup, text-file-viewer, source-viewer.php, register.php, redirectandlog.php, and user-info.php
• Added more default users to initial setup to give more targets.

From the Northeast Indiana Chapter of ISSA: The workshop, entitled "Cyberstalking, Footprinting and Recon: Getting to know you" will be held on Saturday May 21, 2011 from 8:30 AM until 5 PM. Computers will be provided by Orthopedics NE and will be held at their location of 5050 N. Clinton St., Fort Wayne, IN 46825 ( http://tinyurl.com/43tqu7n ). Lunch will be provided by Splunk; designed to collect, index and harness the fast moving machine data generated by all your applications, servers and devices - physical, virtual and in the cloud. Search and analyze all your real-time and historical data from one place. A donation of $10 will be appreciated and passed on to the chapter charity; Toys for Tots. Do not bring cash. Make checks out to "TOYS FOR TOTS". We will also have membership information for anyone interested. This is an OPEN event to anyone in the community but we have a limited number of seats so please email an RSVP to me and I will send you a seat confirmation. Computers will be provided by ONE but feel free to bring your trusty laptop. Adrian will be working with Backtrack and we will have it loaded as a VM on your machine when you show up.

While I was at the Central Ohio InfoSec Summit I recorded Dave's and Tom's talks, as well as my own. Hope you enjoy them.

Attacking and Defending Apple iOS Devices - Tom Eston
http://www.spylogic.net

Leveraging Social-Engineering in your INFOSEC Program - David Kennedy
http://www.secmaniac.com

Crude, Inconsistent Threat: Understanding Anonymous - Adrian Crenshaw

Also, I'll be speaking here next week in Columbus Ohio:
http://infosecsummit.org/

Looks like the event is sold out, but maybe I can convince them to let me record some talks. Dave Kennedy will also be there, and hopefully I'll have some Derbycon stickers for anyone that wants them.

• Replaced root relative links with local relative links to allow more freedom in root folder name
• Added email address for Jeremy
• Added change log to site
• Added Toggle Hints into core menu but link disappears in secure mode
• Added new failure to restrict URL access vuln

Outerz0ne 2011 Hacker Con
The following are videos of the presentations from the Outerzone 2011 hacker conference. Thanks to Skydog, Robin, Scott, SomeNinjaMaster and the Hacker Consortium crew for the con. Also thanks to Seeblind and others for doing AV. I'm looking forward to Skydogcon and working with the guys again at Derbycon.

List:

SkyDog - Opening Ceremonies/etc.
SkyDog - The Modern Day Hacker
IronGeek - Rendering Hacker Con Videos with AviSynth
MadMex - Windows Command Line Incident Response
HalfJack -Building your Own Green Home
Beau Woods - What Companies and Vendors must know about securing mobile devices, mobile applications, access and data.
Rick Hayes - Assessing and Pen-Testing IPv6 Networks
Pure Hate - Why your password policy sucks
Billy Hoffman - Advice on starting a start-up
Contest Prize Giveaway, Awards, Closing Ceremonies

For other security podcasts I recommend, check out my security podcast feed aggregator.

Also, don't forget Outerz0ne (March 18-19, 2011 Atlanta, GA) is coming up!

Bill Gardner (@oncee) invited me out to Marshall University to speak and record videos at the AIDE Winter Meeting 2011. Below are the results.

List:
  Opening Remarks & Security Enabler, Bill Gardner & Rob Dixon
  Where we at? A look at Information Security, David Kennedy (ReL1K)
  Radio Reconnaissance in Penetration Testing, Matt Neely
  Social Engineering In-Depth, Chris Criswell & Wayne Porter
  Penetration Testing - The Continuing Failures of an Industry, Keith Pachulski
  Blue team is sexy - refocusing on defense, Mick Douglas
  DDoS: Defending Against an Internet Mob, Kenneth Scott
  Cipherspace/Darknets: anonymizing private networks, Adrian Crenshaw
  Hackers Trail Mix, Elliott Cutright

Register

Flyer

Next up, see you at AIDE (Febuary 17-18, 2011 Huntington, WV) and Outerz0ne (March 18-19, 2011 Atlanta, GA)!

Sections:

1. Introduction
2. Background
2.1 USB mass storage containing malware
2.2 U3 thumb drives with "evil" autorun payloads
2.3 Why this paper will focus on the last two categories
2.4 Hardware key loggers
2.5 Programmable HID USB Keyboard Dongle Devices
3. Locking down Windows and Linux against Malicious USB devices
3.1 Locking down Windows Vista and Windows 7 against Malicious USB devices
3.2 Locking down Linux using UDEV
4. Tracking and scanning for malicious USB devices in Windows environments
5. Possible extensions to the USB standards
6. Conclusions

Installing I2P under Windows
Installing I2P under Linux

and you will want to read the article on application level de-anonymizing techniques that can be used against I2P hosted services for some background information.

I apologize for it being somewhat meandering, I was doing the video largely off the cuff. Also be aware that "Hidden Services" is more of Tor's terminology for much the same concept, in I2P you set up "I2P Server Tunnels". I'll be talking about de-anonymizing I2P services in my Black Hat DC 2011 talk shortly.

Welcome to Cipherspace.

I'll be covering my work on de-anonymizing I2P services in my Black Hat DC 2011 talk.

     About a year ago Adrian Crenshaw, Martin Bos, and myself were sitting around in Louisville and talking about one day creating one amazing hackercon. We never imagined it would have came to light, but it did. We are happy to announce that we have done some pre-selection of some speakers which we think you'll be impressed by. Our goal is to create a hackercon that is unique, top notch, and a place where we all come together as one and share. If any of you know us personally, you know that we steer clear from a persona of an elitist. We are all in this world we call security together and none of us are better than one another. All of us are learning everyday... DerbyCon is a con where we are all in it together, where you can approach anyone, share with anyone, and have a ton of fun doing it. Our official website launch with all the relevant information about the conference will be posted January 10, 2011 (sometime during the morning/afternoon). This teaser video was released to show you a taste of some of the speakers we have. It's truly inspirational to us that we have such a great speaker list already even before CFP has officially opened.

A couple of important topics that we will leak ahead of time: The ticketing system will be straight forward, tickets will open officially to purchase April 29, 2011. The tickets will be $125.00 that weekend, and go up to $150.00 on that Monday until DerbyCon day. On the day itself tickets will be $175. I will admit there is limited spacing, we rented the entire second floor of the Hyatt and tickets will go fast.

The second leak: The con will run from 9:00am to 5:00pm Friday and Saturday and Sunday from 9:00am until 3:00pm. There will be training provided at night from 5:30pm to 10:30pm after conference hours. We will also have BSIDES KY going on at the same time from 5:30pm to 10:30pm, so regardless if your in training or BSIDES, your covered.

Sit back and relax and enjoy this 1 minute 47 second video of DerbyCon and some of the speakers and be sure to check out http://www.derbycon.com.

I've even done some work on detection:

Decaffeinatid: A Simple IDS/arpwatch for Windows
Finding promiscuous and ARP poisoners and sniffers on your network with Ettercap

This tool is for prevention. ARPFreezeNG lets you setup static ARP tables so that attackers (using Cain, Ettercap, Arpspoof or some other tool) can't pull off an ARP poisoning attack against you. It has the same core functionality as my older ARPFreeze script, but is easier to use since it utilizes a Treeview GUI.

DOJOCON 2010 Videos
First, thanks to Marcus Carey for inviting me out to DOJOCON. Be sure to check out the organizers http://www.dojocon.org/ and http://www.reversespace.com/ and donate to the cause if you like the event. Below are the videos from the conference, at least the ones I can show :), enjoy.

Index:

Tiffany Strauchs Rad, @tiffanyrad: International Cyber Jurisdiction: "Kill Switching" Cyberspace, Cyber Criminal Prosecution & Jurisdiction Hopping
John Strauchs, @strauchs: Security and IT Convergence
Richard Goldberg, @GoldbergLawDC: Rules of Engagment: Mitigating Risk in Information Security Work
Jon McCoy: Ninja Patching .NET
Marco Figueroa, @marcofigueroa & Kevin Figueroa: Detecting & Defending Your Network using Nepenthes/Shaolin Tools
Dave Marcus, @davemarcus: Using Social Networks To Profile, Find and 0wn Your Victims
Brian Baskin, @bbaskin: P2P Forensics
Jonathan Abolins, @jabolins: Internationalized Domain Names & Investigations in the Networked World
Deviant Ollam, @deviantollam: Don't Punch My Junk
Michael Shearer, @theprez98: How to 0wn an ISP in 10 Minutes
Christopher Witter, @mr_cwitter: Enterprise Packet Capture on Da'Cheap
Ben Smith: Printer Exploitation
Adrian Crenshaw, @irongeek_adc: Malicious USB Devices: Is that an attack vector in your pocket or are you just happy to see me?
Shyaam Sundhar, @EvilFingers and John Fulmer, @DaKahuna2007: Is the IDS Dead?
Chris Nickerson, @indi303: The State of (In)Security
Gal Shpantzer, @shpantzer: Security Outliers: Cultural Cues from High-Risk Professions
Michael Smith, @rybolov: DDoS

I think this is the fourth conference I've done videos like this for. I wonder if I should start offering a service where I help record/render videos for free if the conference can take care of travel and lodging for me? That would let me get to more hacker cons. :)

DOJOCon, Dec 11-12th
Thanks for the invite Marcus! More USB Maliciousness :)

Black Hat DC, Jan 18-19th
I2P Fun with identifying eepSites' real IPs

As I mention on the Fed Watch page, I'd love to get some FBI/CIA/NSA/ETC hats or challenge coins.

Hack3rcon 2010 Videos
Here are the videos of the presentations from Hack3rcon 2010. If you like them, please consider donating to Hackers For Charity:
http://Hackersforcharity.org
Or at least send a thank you note to the sponsors:
Platinum Sponsors: Tenacity Solutions
Gold Sponsors: Enterasys Networks, e-Forensic Services
Basic Sponsors: The304Geeks, CharCon, Trasher Engineering, Masters Lawfirm

Intro with Rob Dixon and Johnny Long
(in case you don't like the sync issue, there is just Johnny's part)

Dennis Boas
Distributed IPS - An in depth look
http://enterasys.com

Keith Pachulski & Brian Martin, Digital Trust, LLC.
Physical Penetration Testing
http://digitaltrustllc.com 
http://keithpachulski.securitytactics.com 
http://www.isdpodcast.com
 
Zate Berg aka "Zate / MrUrbanity"
Nessus Bridge for Metasploit

Kenneth Scott a.k.a. pwrcycle
tcpdump > wireshark
http://cafecode.com/
 
Martin Bos a.k.a. purehate
The Weakest Link: Defeating passwords in 2010
http://question-defense.com 

Carlos Perez a.k.a Darkoperator
Operating in the Shadows
http://darkoperator.com/ 
http://pauldotcom.com/ 
 
Adrian Crenshaw a.k.a. Irongeek
Taking a leak on the network: things intruders forget that could lead to their identity
 
Joshua Perrymon CEO, Packetfocus
Attacking outside the Box
http://packetfocus.com 

Dave Kennedy
Hacking your perimeter.../The Social-Engineer Toolkit (SET)
http://www.secmaniac.com/

Wi-Fi Basics for Geeks - How Wireless Really Works

Advice on Starting a Startup with the ever caffeinated Billy Hoffman

Economics of Security and Cybercrime with Beau Woods

Recent Threat Landscape with Ben Feinstein

Unfortunately, I've not been able to recover the live MP4 of Skydog's talk. I may post the file later to see if anyone else can figure a way to recover it. 

Shoecon Intro with Rick and Scott, then some SSL Cert Wildcards fun with Karthik
 
Hacking Green or Eco Conscious Stalking with Rick Hayes
 
Physical Penetration Testing with Keith Pachulski and Brian Martin
 
Building a barcode LED flasher, and why with Adrian Crenshaw
 
High Speed Data services over RF with Brian Wilson

Rest to come soon.

USB Mass Storage containing malware
U3 Thumb drives with "evil" autorun payloads
Hardware key loggers
Programmable HID USB Keyboard Dongle Devices

along with detection and mitigation techniques involving GPO (Windows) and UDEV (Linux) settings. It was presented at Phreaknic 14.

I've added my Defcon video to the bottom of the Videos and Pictures section of the PHUKD article.

Also checkout the "PowerShell OMFG Video" Dave Kennedy and Josh Kelley (winfang) did at Defcon 18

http://www.secmaniac.com/august-2010/powershell_omfg/

they used PHUKD devices for part of it.

I posted yesterday about it, but Fritz asked me to point out the discount code one more time:

You have one week left to take advantage of the 50% 29.30303031% discount for all IronGeek Visitors! IronGeek visitors can purchase a ticket for $49 $69 before September 1, 2010. After this date all tickets will be $99 until the conference is sold out.

We have an excellent technical track this year - Dave Kennedy, Adrian Crenshaw, Nathan Hamiel, Jeremiah Grossman, Tom Cross from IBM X-Force. See more at http://www.louisvilleinfosec.com/

Here are the terms:

Register before September 1, 2010 at http://www.regonline.com/2010_lmic
Select the registration type - IronGeek Discount
Enter the code IGK-0726

Also, shout outs to LVL1,  the Louisville Hacker space. Brad and crew put on a great "Beyond Arduino" class, teaching the basics of programming directly to an AVR. Fun stuff, which I plan to use in the near future for some embedded device hacking projects.

Aug 28th 2010: I have the Local Password Exploitation Class, 20 seats left last I checked. Details in the post I made on the 14th of Aug.

Sept 18th 2010: Shoecon will be happening. I will be speaking, along with Rick Hayes, Keith Pachulski, Karthik Rangarajan, Brian Wilson, Stan Brooks, SkyDog, Scott Moulton, and Ben Feinstein. This is a donation driven event where all the proceeds will go to the Shoemaker Memorial Care Fund. Topic for me will be making a Barcode Fuzzer, Bruteforcer, SQL/XSS Injector using a flashing LED.

Sept 24th 2010: I'll be speaking at the Bluegrass Chapter of the ISSA on my favorite network scanners.

Oct 7th 2010: Louisville Infosec. My topic will be Malicious USB devices. Be sure to check out my friends Nathan Hamiel, Dave Kennedy, Deral Heiland and Matt Neely talks as well. I also plan to run a "network king of the hill" event.

Oct 15th-17th: I'll be speaking at Phreaknic in Nashville.

Oct 23rd-24th: I'll be at Hack3rcon in Charleston WV, with my buddies Purehate and Dave Kennedy.

• Pulling stored passwords from web browsers/IM clients and other apps
• Hash cracking of Windows passwords, as well as other systems
• Sniffing plain text passwords off the network
• How passwords on one box can be used to worm though other hosts on a network

     Seating is limited to 50 people. The class is being held as a charity event for the Matthew Shoemaker Memorial Care Fund. Matthew was a fellow security professional and podcaster who left behind two children, His colleagues have set up an account to help support his two children. Donations can be made to the Shoemaker Memorial Care Fund at The Peoples Bank, P.O. Box 788, Winder, GA 30680. Checks can either be mailed directly or transfers via telephone (770) 867-9111. Please place the account 00133835 on the check. A PayPal account has been established and you can find on the right hand side of this ISD page (http://www.isdpodcast.com/goodbye-farewall-god-bless/). Please show your receipt for donation of at least $10 at the door.

You can must register at the following URL:
https://events.constantcontact.com/register/eventReg?oeidk=a07e2znbzbs77edf8b6&oseq=

Also, I'd like to mention Shoecon, a one day event in Atlanta on Sept 18th. I'll plan to make a larger posting about it later.

As a side note, I'm looking forward to Derbycon, even if it is more than a year away.

I'll be speaking there, running a "Network King of the Hill" and a Forensics challenge.

There are also plans to set up some charity classes.

I've added my Defcon Slides to the bottom of the Videos and Pictures section of the PHUKD article.

Monta Elkins gave a presentation as well using an RF transmitter to activate the Teensy.

Dave Kennedy and Josh Kelley also gave a Powershell talk that did some more advanced things with the PHUKD concept.

The Louisville Metro InfoSec Conference
Thursday October 7th, 2010
at Churchill Downs!
http://www.louisvilleinfosec.com/
Registrations between now and July 16th, 2010 receive a
50% DISCOUNT on the $99 ticket price!

After July 16th the ticket price will go back to normal.

Current speakers include: Marcus J. Ranum, Dave Kennedy, Rafal Los, Jeremiah Grossman and myself.

ShrinkCurWinGnome()
CommandAtRunBarGnome(char *SomeCommand)

you may also see something about OS X, but it does not work. Can anyone tell me a run bar equivalent that works in OS X?

I've also changed the library so that it goes in the normal libraries folder, and not the same folder as your sketch.

 Follow all the Ligatt fun on Twitter

 The Register has a good writeup on Ligatt / Gregory D. Evans

 This is probably the most concise writeup on Ligatt / Gregory D. Evans

 If you want to read the book "How To Become The Worlds No. 1 Hacker" for yourself, but you don't want to pay Ligatt for plagiarizing, grab the PDF at this link

In other news, I'll be speaking about Mutillidae at the following two events:
Kentuckiana ISSA July Meeting July 9th from 11:30 AM to 1:00 PM
Ohio Information Security Forum Anniversary Event July 10th, 2010 8:30AM-5:30PM

Both are free to the public, but you have to RSVP.

More pics of newer units.
A video of the trojaned color changing mouse.
A PHUKD Arduino library to help developers.
I've also made a bunch of anchor tags to help in navigating to the part you want.

As a side note, I'll be speaking about the PHUKD project at Defcon! Thanks to Paul for the help with the hardware, the Kentuckian ISSA for helping to get me to Defcon, and Tenacity Solutions for their support on this project.

Instructors include:
David "ReL1K" Kennedy
Martin "PureHate" Bos
Elliott "Nullthreat" Cutright
pwrcycle
Adrian "Irongeek" Crenshaw

The class is being held for charity, so it's not quite free, but all we ask is that you donate $10 to the Hackers For Charity Kenya food for work program. More details are available at the link above.

Photos of a soldered, heat shrink packaged, thumbdrive sized unit.
Code example that demonstrates timer delays and using the light sensor.
Code for doing quick diagnostics on the PHUKED unit to see which pins are connected and what the analog pin reads.
Added a comment about being able to use the 8 position DIP switch to choose from 256 different options. 

Hope you find the updates useful.

In other news, Scott Moulton still has open seats for his Forensics & Data Recovery class in Washington DC class April 12-16th.

You may remember Scott from some of his presentations that I've posted to my site:

At Least TEN things you didn't know about your hard drive!
Reassembling RAID by SIGHT and SOUND!
Advanced Data Recovery Forensics

I've not taken his class yet, but I've heard great things and know that his talks at conferences are awesome. If you have money in your training budget, this class would be a good place to spend it.

Other items: I'll be at Outerz0ne 2010 in Atlanta. Also, tomorrow night I should be on the InfoSec Daily Podcast with an update to my ZipIt Z2 project.

Side note, tomorrow night I'll be on the ISD Podcast, episode 61. See you at Shmoocon.

I used the same rig I hope to use for recording the Fireside talks at Shmoocon.

Title: Funnypots and Skiddy Baiting
Desciption: Ever wanted to screw with those that screw with you? Honeypots might be ok for research, but they don’t allow you to have fun at an attacker’s expense the same way funnypot and skiddy baiting does. In this talk I’ll be covering techniques you can use to scar the psyche or to have fun at the expense of attackers or people invading your privacy. Some of the topics to be covered are: Fun with DNS and Loopback, SWATing for Packets, Lemonwipe your drive, Robots.txt trolling, And more…

I think there are still some slots open for Firetalks, so please submit something on the site linked to above if you have an idea. Grecs gave me the go ahead to record the short FireTalks at Shmoocon 2010. I've been messing around with AVISynth, and I plan to use it to make the Fireside talks look somewhat professional,  like the ones Defcon releases. I re-encoded my "Bulilding a Hacklab" video to test out how well the script would work, here are the results. Let me know what you think.

As a side thing, check out Webcam Studio For GNU/Linux (WS4GL). I'm hoping as it matures I'll be able to use it as a poorman's tri-caster when I record/stream presentations at hacker cons. The live picture in picture or split screen is an awesome feature. Toss Patrick Balleux some cash to encourage further development.

As a side note, a friend from the Pauldotcom mailing list says he will let me crash with him for Shmoocon, but it's about 40min away from the con. If anyone will let me crash in their hotel room for cheap please let me know. :)

As a side note, looks like I'm going to Shmoocon, though unfortunately my talk was not accepted (Skiddy Baiting and Funny Pots). For the record, I'll speak at pretty much any conference that's willing to give me a space to stay and pay for my way there (I'm like a security hobo). If anyone feels like helping me with the travel expenses to Shmoocon, please donate using the link at the top of my site :).

IndySec Metasploit Class Videos
When Steve invited me up to Indianapolis to help with a Metasploit class I jumped at the opportunity.   We had a good time and IndySec puts on a great event. They let me record the talks, unfortunately I was testing out a new video rig and the audio failed on the first three parts (Intro/Welcome, Network Setup, Getting started with Metasploit). The rig worked great for the Social Engineering, Meterpreter and SQL Pwnage/Fast Track sections. My presentation was just a rehash of the video I put up last week on msfpayload/msfencoder/metasploit 3.3 so I decided not to post it on this page.

If you find these videos useful, consider going to the Metasploit Unleashed page and donating to the Hackers For Charity Kenya food for work program, or come to the next IndySec event. For best viewing, I recommend downloading the MP4 files below.

Building a Hacklab, and a little about the Louisville CTF event
This is a presentation I gave for the local Louisville ISSA. I took this as an opportunity to learn a bit about AVISynth and do a split screen video. Thanks to Gary for being my camera man.

Insider Attacks: The How's, Why's, and What to Do's Dr. Eugene Schultz Louisville Infosec Conference Video

The Internet is Evil John Strand Louisville Infosec Conference Video

The Seven Habits of a Successful Information Security Career Manager Lee Kushner Louisville Infosec Conference Video

Attacking SSL PKI Mike Zusman Louisville Infosec Conference Video

Blocking the Covert Channels Used for Malicious Data Theft Alex Lanstein Louisville Infosec Conference Video

Darknets: Fun and games with anonymizing private networks Adrian Crenshaw Louisville Infosec Conference Video

Compliance Strategy and Planning - Building an Effective Application Security Program John Pavone Louisville Infosec Conference Video

SAS 70 Compliance Auditing Rick Taylor Louisville Infosec Conference Video

Virtualizing the Security Architecture: Defending Virtual Servers and Applications Jason Wessel Louisville Infosec Conference Video 

Bob's Great Adventure: Attacking & Defending Web Applications Paul Asadoorian Louisville Infosec Conference Video 

Advanced Data Recovery Forensic Scott Moulton Louisville Infosec Conference Video 

Blending business and technical benefits together to achieve an effective and streamlined compliance assessment. Jim Czerwonka and Jimmy Noll Louisville Infosec Conference Video 

Thanks to Lee Pfeiffer and the student volunteers for handling the video the day of the conference, and Brian Blankenship for editing the videos.

From the invite email:

Our next meeting will be Friday, November 6th from 11:30 AM to 1:00 PM at IPI. As always, we will have free lunch, raffle prizes, and CPE credits! We continue to execute our primary mission at each function - to continue learning, network with other Security Professionals, and have FUN!

Please RSVP no later than Tuesday, November 3rd - 5 PM to programs -at- issa-kentuckiana.org.

The topic is "Setting up a "hack lab" for learning security concepts." Adrian Crenshaw - Irongeek.com

Our speaker is Adrian Crenshaw, the geek behind Irongeek.com and the guy who set up and ran our very successful Capture the Flag event at the Louisville Metro InfoSec Conference!

Adrian will show how to set up tools and systems to best test and learn security techniques. This knowledge is vital for any Information Security professional who wants to stay on top of the latest risks.

It's that time of the year again, and that means it's time for my favorite con: Phreaknic!!! This year I will be presenting a hopefully more refined version of my Darknets talk. Check out their site for more speakers. Some of the other speakers include Acidus (Billy Hoffman), Morgellon, Droops, Tyler "Trip" Pitchford, Esq., Scott Moulton, DOSMan and SlimJim. Skydog has posted some videos about the conference on the front page of Phreaknic.info, like this one:

but if you want to get a better feel for what the conference is like, check out my documentary video from the Phreaknic 12 hacker con.

The winning team was comprised of Rel1k (Dave Kennedy), Pure-Hate, Archangel, and Titan. Yes, Dave did compromise my personal laptop during the event, teaches me for not mitigating 0 days before the conference. :) When Archangel told me he was bringing Dave in for his team, I knew which way thing were going to go down. Rel1k and Purehate are Backtrack 4 developers, and Archangel and Titan are no slouches either. Congrats guys.

Darknets: Fun and Games with Anonymizing Private Networks
Here are the slides from my Darknets talk. It was first delivered at the 2009 Louisville Infosec, and I will be doing a more polished version at Phreaknic 2009. Networks covered include Tor, Freenet, AnoNet/DarkNET Conglomeration and I2P. I hope to have video up soon.

I worked on formatting and added entries for "Temp folder for Outlook attachments", "Flash Cookies Location" and "Printer spool folder". I also added a menu so you can quickly find the entry you are looking for:

Windows Explorer
Recently opened files from Windows Explorer
Network Shortcuts
Items recently ran from the "Run" bar
ComDlg32 recently opened/saved files
ComDlg32 recently opened/saved folders
Recent Docs
EXE to main window title cache
User Assist

Windows General
Temp folder
Recycle Bin
Last logged on user   
Event logs
Last key edited by RegEdit
List of Installed USB devices, both connected and unconnected
List of installed USB storage devices
SetupAPI Device Log
Windows Prefetch Internet Explorer
Internet Explorer Temp Folder (IE Cache)
IE Cookies
Internet Explorer History
IE Typed URLs
Internet Explorer Forms AutoComplete
Internet Explorer Password AutoComplete
Printer spool folder

Firefox
Firefox Cached Pages
Firefox Form History File
Firefox Passwords File
Firefox Cookies

Other Apps
Recently Opened Office Docs
Files recently accessed by Windows Media Player
Offline Outlook Mailbox
Temp folder for Outlook attachments
Flash Cookies Location

What are the prizes?

First prize is a Wi-Spy 2.4x Wireless Scanner!
The second prize is a WD 320GB USB Hard Drive
Third Prize is a Pico Mini USB 4GB (small enough to carry in your wallet)

Scenario (subject to some change):

The admins try to run their network as a tight ship, but you have been brought in to do a pentest. You know the admins have a Truecrypt volume out there with Personally Identifiable Information (PII). Your goal is to find it, and decrypt its contents till you get a list of names and Social Security Numbers. Little hints will be given via a comment wall on one of the web servers. To win points bring proof to the judge that the particular flag task has be completed.These are the "flags", and their point values:

0. Attach to the Wireless network (hint:CTF is in the name) and show the judge how you got the SSID. 15 points
(Name will be given if you can't find it, but you won't be able to get points for it.)
1. Find the IP of the of the Windows box named WinCTF owned by IronGCorp, and list 3 or more open ports. 5 points
2. Find the IP of the x86 based Linux box ran by IronGCorp, and list 3 or more open ports. 5 points
3. What box are the admins running their Intranet site on, and what is the web server type/version? 5 point
4. What is the Windows box's (WinCTF) Administrator password? 10 points
5. What is the x86 Linux box's Root password? 5 points
6. Copy PII.tc (a true crypt volume) to your box. 10 points
7. Password to the PII.tc file. 10 points
8. Password to a non x86 based Linux box. 10 points
9. Password to a 7zip archive. 10 points
10 The decrypted PII.csv file. 25 points

Highest point score at the end of the game wins. If two contestants have the same points at the end of the game, the first to accumulate their point total wins. Obviously, if you play as part of a team you have to figure out amongst yourselves how to split the prize. The winner will get up on stage and explain what he did when he picks up his prize.
 

Side Note: I still have about 7 free passes to the Louisville InfoSec to give away. If you want a free pass, just email me at irongeek at irongeek.com and agree to be in the CTF event. If you don't want to be in the CTF, you could instead use the code "irongeek" when you register and you will get $20 off the cost ($79 instead of $99).

Companies that want to know how to clear boxes before donating them
Law/policy enforcement agents who want to know how folks hide computer activities
Users who want to know how to hide their activities from invasive law/policy enforcement

Things to bring if you want to be hands on, but not absolutely required:
1. A Windows XP/Vista/7 laptop. Having an extra laptop to wipe may also be educationa.
2. An external drive/thumb drive you don't mind wiping.
3. Some software I'll be emailing a link to a few days before the class.
4. Energy drinks for the teacher.

As always, the class is free, even to non ISSA members. Please reserve a spot by RSVPing to programs -at- issa-kentuckiana.org.

John Strand
Paul Asadoorian
Scott Moulton
Alex Lanstein
Adrian Crenshaw
Dr. Eugene Schultz
John Pavone
Rick Taylor
Brian Long
John Maynor
Lee Kushner
Jason Wessel
Mark Maxey

If you want to see videos from the 2008 conference check out these links:
Adrian Crenshaw - "Intro to Sniffers" from Louisville Infosec 2008
Kevin Beaver - "Staying Ahead of the Security Curve" from Louisville Infosec 2008
Rohyt Belani - "State of the Hack" from Louisville Infosec 2008
John Strand - "Advanced Hacking Techniques and Defenses" (and demos of evilgrade/passing the hash/msfpayload) from Louisville Infosec 2008

and here is my write up from the even two years ago: http://www.irongeek.com/i.php?page=security/louisville-infosec-conference

Also, the complimentary lunch is good. :)

This is the biggest Flash tutorial I've done in awhile at 41.2MB, so I plan to relax some. See you at Defcon.

As a side note, looks like I'm going to Defcon. Thanks to Haxorthematrix, Sereyna, Minoad, Mr. Bradshaw, George and anyone else who donated to my Paypal so I could go.

As a sidenote, I may be going to Defcon after all but nothing is confirmed yet. I'll need to find someone's floor to crash on Wednesday night as I think I'll be arriving a day before the person I'm staying with the rest of the con.

As a side note, GFI was kind enough to sponsor my site for two months, show our appreciation by trying out some of their log and vulnerability scanning software.

Also, Mubix recently did a presentation for Dojo Sec on getting a job in information security. In it he mentions my article on how to cyber stalk potential employers. Thank much Rob!

The second OWASP meeting will feature a presentation from Adrian Crenshaw of Irongeek. Adrian is a Louisville based Security professional that has worked in the IT industry for the last twelve years.

Adrian runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He's currently working on an MBA, but is interested in getting a network security/research/teaching job in academia. Please see the description from Adrian on his presentation on the 19th.

Title: Mutillidae: Using a deliberately vulnerable set of PHP scripts to illustrate the OWASP Top 10 Description: A while back I wanted to start covering more web application pen-testing tools and concepts in some of my videos and live classes. Of course, I needed vulnerable web apps to illustrate common web security problems. I like the WebGoat project, but sometimes it's a little hard to figure out exactly what they want you to do to exploit a given web application, and it's written in J2EE (not a layman friendly language). In an attempt to have something simple to use as a demo in my videos and in class, I started the Mutillidae project.

Mutillidae is a deliberately vulnerable set of PHP scripts meant to illustrate the OWASP Top 10. This talk will cover installing Mutillidae in a test environment, and how to use it to illustrate the OWASP Top 10 web vulnerabilities in easy to understand terms.

Our meeting location will be at Memorial Auditorium, located at 970 S. 4th Street (Corner of 4th Street and Kentucky Street).

I've even done some work on detection:

Decaffeinatid: A Simple IDS/arpwatch for Windows
Finding promiscuous and ARP poisoners and sniffers on your network with Ettercap

This tool is for prevention. ARPFreeze lets you setup static ARP tables so that attackers (using Cain, Ettercap, Arpspoof or some other tool) can't pull off an ARP poisoning attack against you.

In other news, Irongeek.com was a nominee for "Best Technical Blog' at the recent RSA Conference. Congratulations to PaulDotCom for winning the best security podcast award. And while I'm on the subject of great podcasts for infosec folks to listen to, check these out:
http://securabit.com/
http://securityjustice.com/
http://www.exoticliability.com/

 Please RSVP to programs (at) issa-kentuckiana.org no later than 5:00 PM May 20, 2009.  Please note that seating is limited!

Class Information:

Title: WiFi Security Class

Place: Jeffersonville Library Small Conference Room (Seating for 27)
Date: May 23rd
Time: 10am to 2pm.

Detailed Information:
Session 1: "Basics of WiFi"
Instructor: Adrian Crenshaw

Abstract: Scanning for networks, and sniffing. Tools we will be discussing include: Kismet, NetStumbler, IgIgle, Wireshark and others.

About Adrian:  Adrian Crenshaw has worked in the IT industry for the last twelve years. He runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert paper chase for awhile (MCSE NT 4, CNE, A+, Network+. i-Net+) but stopped once he had to start paying for it himself. He's currently working on an MBA, but is interested in getting a network security/research/teaching job in academia.

 Session 2: "Cracking WEP and WPA"
Instructor: Jeff Jarecki

Abstract: What specific equipment do you need?  What software tools do you need?  What strategies exist to defend your own networks from these types of attacks?  How many attorneys and how much money you'll need for the legal defense team needed to defend you if you try this on a network other than your own.

About Jeff:  Jeff Jarecki has worked in the IT field for over 12 years.  His previous positions include working as a Software Developer and Programming Analyst.  He is currently employed at a major healthcare corporation as an Information Security Analyst. His focus is in software automation. His hobbies include writing bio's and writing about his hobbies. 

Session 3: "Making a cheap WiFi router better with DD-WRT"
Instructor: Brian Blankenship

Abstract: What is DD-WRT?  What hardware will it run on, and why would you want to use it?   Learn how to convert an inexpensive WiFi router into a full-featured wireless access point.  An overview of configuration options and security will be covered, as well as how to configure VPN access.

About Brian:  Brian has worked in Information security for 9 years, is currently an internal security consultant for a major healthcare corporation, and is a founding member of the local ISSA and OWASP chapters.

Warmest regards,
 
Rod Kahl
Director of Member Relations
ISSA * Kentuckiana Chapter
www.issa-kentuckiana.org
www.issa.org

Speaking at the Louisville ISSA May 8th 2009
I'm giving a presentation for the ISSA on May 8th, based on my Hacker Con HiJinx tri-fold. Details on location and how to RSVP can be found below:

ISSA Kentuckiana Members,
The next meeting will be Friday, May 8, 2009, from 11:30 am to 1:00 pm @  Innovative Productivity / McConnell Technology, 401 Industry Rd, Louisville, KY 40208
Please RSVP to programs (-at-) issa-kentuckiana.org  no later than 5:00 PM May 5.

Our speaker will be our own Adrian Crenshaw.  Adrian's topic will be "Hacker Con WiFi Hijinx: Protecting Yourself On Potentially Hostile Networks."

Adrian's Bio:
Adrian Crenshaw has worked in the IT industry for the last twelve years. He runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert paper chase for awhile (MCSE NT 4, CNE, A+, Network+. i-Net+) but stopped once he had to start paying for it himself. He's currently working on an MBA, but is interested in getting a network security/research/teaching job in academia.

Please take time from your busy schedule to join us in hearing Adrian's perspective and for a networking opportunity with many of the area's dedicated security professionals.

As always, lunch will be FREE and we will give away a few raffle prizes!  Hope to see you there!
 
Warmest regards,
 
Rod Kahl
Director of Member Relations
ISSA * Kentuckiana Chapter
 relations (-at-) issa-kentuckiana.org
www.issa-kentuckiana.org

As a side note, I hope to see some of you at Notacon this year.

Also, I've been prepping up for mine and Brian's recon class this Saturday, which is one of the reasons I put up my new about page (EXIF data and all).

As a final note, I'd like to thank Seth Misenar and the Pauldotcom guys for giving me the new tagline for my Mutillidae Project: "Ate up with suck".

ISSA Member,

I write to inform you that Adrian Crenshaw is offering a security class on March 21st. Please take advantage of this opportunity for free training, CPE Hours and a terrific learning opportunity. The class will be held from 9:00a until 12:00p in the training room of Mountjoy & Bressler, LLP.

Class Information:
Footprinting, scoping and recon with DNS, Google and Metadata
This class will cover recon work, showing the student how a pen-tester/attacker can use public information to learn more about an organization before they compromise it's security. Covered topics will include DNS tools (like Whois, NSlookup/Dig, Nmap -sL), Google Hacking using advanced search terms and Metadata in images and documents.

Bio:
Adrian Crenshaw has worked in the IT industry for the last twelve years. He runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert paper chase for awhile (MCSE NT 4, CNE, A+, Network+. i-Net+) but stopped once he had to start paying for it himself. He's currently working on an MBA, but is interested in getting a network security/research/teaching job in acedamia.

This is a hands on class; students need to bring their own laptops!

Please find directions to Mountjoy & Bressler attached. The training room is on the 22nd floor and free street parking is available on the weekend.

Let me know if any questions.

Rod Kahl
Director of Member Relations
ISSA * Kentuckiana Chapter
relations(at)issa-kentuckiana.org
www.issa-kentuckiana.org
www.issa.org

Directions to Mountjoy & Bressler

"FYODOR YAROCHKIN, the former developer of SNORT IDS is coming to India.

From March 16th - 21st 2009, Fyodor will be discussing/offering courses on the following topics at Fortune Katriya in Hyderabad, India:

* Advanced techniques of Computer Digital Crime scene Analysis and Forensics

* Advanced Hands-On Hacking techniques for a Penetration Tester

* Web and Application Security Advanced Training: looking at your applications wearing the black and white hat. Looking at Application Security when the color of your hat matters.

* Breaking networks with no wires: Attacking and securing WiFi networks, RFID and Bluetooth implementations and more.

It's a great opportunity for beginners as well as advanced students to learn from these courses and also to meet other corporate clients

he might be signing a MOU with E2-labs"

Just so you know, this is the Fyodor from the snort project, not Nmap. Two different guys.

Bio: My name is Nick Chapman. I'm a security researcher with the SecureWorks Counter-Threat Unit. Prior to focusing on security issues full time, I worked as both a System Administrator and Network Engineer in the ISP world.

Video from Outerz0ne 5: Morgellon - *Duino-Punk! Manifesting Open Source in Physical Space from Outerz0ne 5
The goal is to promote the idea of open source hardware, and expand the community. We will begin with an intro into what an "arduino micro controller" is, how they work, and what you can do with them. You will see that you don't need to be an electronics wizard to create amazing projects that enhance your life! Whether a code ninja, hardware guru, enthusiast, a pro or total n00b, the arduino offers amazing potential, community, and empowerment to any who wish to grasp it.

Website: http://dailyduino.com (blog for arduino projects and related electronics news.)

Also, as a side note: I hope to see some of you at Outerz0ne this week, remember it's a free conference (with donations gladly accepted) so if you live within a couple of hours of Atlanta GA you really should come by. Tell them Irongeek sent you. :)

Louisville OWASP Chapter – First Meeting Friday March 6, 2009

Hello all,

I am proud to announce that we will be starting an OWASP chapter in Louisville, with our first meeting coming on Friday March 6!

For those not familiar with OWASP (or the Open Web Application Security Project), it is a worldwide free and open community focused on improving the security of application software. The OWASP mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of the OWASP materials are available under a free and open software license.

Around the world, OWASP sponsors local chapters that are FREE and OPEN to anyone interested in learning more about application security. The chapter groups encourage individuals to provide knowledge transfer via hands-on training and presentations of specific OWASP projects and research topics and sharing SDLC knowledge. The chapters encourage vendor-agnostic presentations from both local and national application security professionals on various topics, pertaining to application security and more specifically the OWASP Top 10.

The first Louisville OWASP meeting will coincide with the Kentuckiana ISSA March meeting, on Friday March 6, 2009.

The Louisville OWASP chapter is closely associated with the Kentuckiana ISSA chapter and our first meeting will coincide with the ISSA March meeting on Friday March 6, 2009. This first meeting will provide a presentation that describes the OWASP community, as well as a technical presentation showing what SQL injection is and how it easily it can be accomplished. This demo will strive to serve as a reference and overview of the major vulnerability that can exist in a web application.  If you have never seen SQL injection in person this is a great chance to learn about it and come ask any questions you have.

Curtis Koenig and Mitch Greenfield, both from Humana, will be our presenters.

 Following March's meeting, we will meet quarterly on a different day and time. The information on future meetings will be following soon. Please provide feedback to the board.

• When: Friday, March 6, 2009, from 11:30 am to 1:00 pm @ Innovative Productivity / McConnell Technology, 401 Industry Rd, Louisville, KY 40208

Our initial sponsor is Accuvant, and we are very interested in other interested parties that would be interested in sponsoring the chapter.

If you plan to attend the meeting please RSVP by email to Kristen Sullivan.

Everyone is welcome to join us at our chapter meetings. Please check out our website at http://www.owasp.org/index.php/Louisville

Thanks and we hope to see you on March 6^th!  

Chris Parker
Named Account Manager

In other news, I'm playing with using the robots.txt file for trolling/honey-potting people who recon my site (and damaging their psyche in the process). More details on what robots.txt is can be found at Wikipedia, I maw write an article about it later. Also, I've added a store section where folks can order Irongeek.com t-shirts if they want (with Bushibyte's buff penguin logo) , I only make a $2 commission but it's better than nothing and Printfection's stuff comes out pretty good. Also, ISSA Louisville is having their monthly meeting Feb 6th, don't forget to RSVP.

Also, I got Fed Watch to work again and added to the menu system. To all of the United State Goverment folks that use my site: I'm honored you use my resources, please let me know if there are any training videos you would like for me to create. And send me a NSA/FBI/DHS hat or t-shirt. :)

Complete source code for my Sig is included. I also updated my "What is my IP and user agent" page to use the new Whois function so you can find out who owns the IP range you are coming from. Now if I can just figure out why my FedWatch page is taking so long to load.

As a side note, sorry I'm not posting as much as I use to. I'm taking one MBA class and two SANS @Home courses right now, which takes up a far bit of my time. I may also be prepping up some more live talks for the Tech Exchange and Louisville ISSA events. Hope to see some of you at the Louisville Geek Dinner, Jan 26th 2009.

ISSA Kentuckiana Members,
The next meeting will be THIS FRIDAY, January 9th, 2009, from 11:30 am to 1:00 pm. Please RSVP to me no later than tomorrow 5 PM if you haven't already.
At the meeting we will vote on the 2009 ISSA Kentuckiana Officers and our speaker will be Lee Booth from the US Mint Police. Lee will be speaking on "IT and Life". Lee will do a few minutes on current internet scams, a few minutes on new technologies and a few on "Deep Life Subjects".
Here is Lee's Bio:
Lee Booth currently serves as a Police Lieutenant with the U.S. Mint Police at Fort Knox. He retired from the U.S. Army in 1998 and joined the Department of the Treasury's Police unit. In his current position he serves as the Chief of Operations, responsible for Patrol, Investigations, Intelligence, Special Operations, Training and Administration Divisions. He serves as the principal agent for strategic planning, anti-terrorism operations, vulnerability assessment, threat mitigation, policy development, police operations, and staffing. Lee also serves on several Anti-Terrorism Advisory Councils for DoD and other agencies. Lee holds a Master's Degree in Criminology from the University of Louisville, and is currently pursuing a doctoral degree in Organizational Leadership. He is a graduate of the Southern Police Institute.
As always, lunch will be FREE and we will give away a few raffle prizes! Hope to see you there!!
Warmest regards,
Randall Frietzsche
 

If you are interested is showing up as a guest, RSVP via http://www.issa-kentuckiana.org/contactus.html
 

I'm actually planning on sitting in on this one. It should be fun.

Also, check out the Securabit podcast I was a part of.

Should be fun, and I hope not to embarrass myself live.

This is Morgellon and Droop's talks about hacking the Arduino micro controller platform from Phreaknic 12. Droops and Morgellon will take you from basic electronics to building embedded systems. Learn how to build a standalone RFID tag reader with a fancy LCD display or your own oscilloscope or children's toys that speak to you or how to solar power a geothermal heat pump. There may even be some giveaways and contests. Magical Potions will be consumed but not provided.

Check out the following sites by Droops and Morgellon:
http://dailyduino.com/
http://www.hackermedia.org/

I've done a little work to pull some noise out of the audio, but I may have made it worse in some spots. Thanks go out to the Phreaknic 12 A/V team SomeNinjaMaster, Night Carnage, Greg, Brimstone, Poiu Poiu, Mudflap, and Drunken Pirate for setting up the rigs and capturing the video.

This is a quick and dirty video documentary of the things that when on around the talks and event at Phreaknic 12 (2008). Don't watch if you get sick at shaky cam movies like Blair Witch or Cloverfield. A rough timeline of the content in the video is as follows:

        Intro and leaving Louisville with Brian. Morgellon talks about hacking the Arduino micro controller platform. Sorteal talks about the LiVes Open Source video editor. AT&T Batman building by night. Mojo-JoJo soldering some stuff for the shooting range. The patron gods of hackerdom. Registration. Con swag overview. Morgellon  gets his discreet logic on. AK-47 building with HandGrip and Buttstock. Froggy talks up Notacon, which I plan to go to next year. Skydog explains the Jware chair toss event, and then we compete. Rootwars hacker wargames. I ask Int80 about using his nerdcore music in some of my videos. NotLarry explains rootwars. Some iPhone hacking with Lee Baird and John Skinner. I do a little Bluecaseing/Warnibbling with the Bluetooth on my Nokia n810. John, Lee, Brian and I go to the German restaurant. I blind DOSman with the light from my camera and check out what folks are doing with the Arduinos Droops brought for folks to play with. I check back in on R00tW4rz. I blind Droops. I talk Ettercap filters with operat0r. USB door key fun with the Arduino. More breadboard fun. Nokia n810 + Ettercap Filter + Lemon-part = win. Int80 gets down with his own bad self, and the rest of Phreaknic. I find an energy drink with protein. Folks play with the hardware keyloggers I brought, and we have some epic fail with the IBM Model M + USB adapter + Mac OS 10.5. Winn Schwartau joins in on the keylogger fun. DOSman and Zack use a directional antenna from the 9th floor to search downtown Nashville for WiFi access points. Zoom in on Al. John and Lee eat jerky. Daren and Shannon from Hak5 blind me this time. :) Then they do a quick interview. I interview TRiP about the legalities of wardriving, sniffing and leaving your access point open so you have plausible deniability of copyright infringement (most likely it won't hold water in court if you are a computer geek). I give Hak5 Daren beef jerky. Ziplock had more con badges than God. I meet up with Iridium. I talk with Nightcarnage about the audio/video setup at Phreaknic. As I predicted, the Potters won the WiFi Race. I say why this was the best Phreaknic ever. Using green lasers on crack dealers. Techno in the dark, the Aiptek action HD does not do well in low light. Nicodemius shows off his Minority Report like multi-touch table. Hula hoop contest. I check back in with Jeff Cotton and his USB keyed door. I strap on my gear to leave the con. Brian and I do a wrap up of our thoughts on Phreaknic 2008.

Sky Dog and crew for making it happen.
Droops/Morgellon for their presentation on Arduino, time for some hardware hacking.
Sorteal for showing me the LiVes Open Source video editor.
Marie for the dance and conversation.
TRiP for an excellent talk on the legalities of wardriving.
HandGrip/Buttstock for the Open Source AK-47 talk.
All the folks who let me interview them.
DOSman and Zack form being DOSman and Zack.
Lee Baird and John Skinner for comparing mobile hacking notes with me (Yippy hacking with the iPhone / iPwn).
Ziplock for the encouragement.
Int 80 for the Nerdcore entertainment.
Scott Moulton for the talk "At Least TEN things you didn't know about your hard drive!" Go check out his forensics and hard drive recovery videos.
Nathan Hamiel/Shawn Moyer for "Satan is on my Friends List: Attacking Social Networks", looks like I need to get into some CSRF.
Darren, Shannon and Mubix of Hak5 for the interview.
operat0r for the Ettercap ideas.
Brian for driving me down.

And everyone else I'm forgetting. It was a great weekend.

Network Printer Hacking: Irongeek's Presentation at Notacon 2006 now on Vimeo
This is a presentation I did for Notacon 2006 based on my Network Printer Hacking Article. I decided to make it an embedded Vimeo page since that's a lot easier to view than to have to download the AVI.

I've got a presentation coming up for Phreaknic next weekend on "Hardware Keyloggers: Use, detection and mitigation". If you are in Nashville TN, come on by and play with the keyloggers I'm bringing. For more info on the subject check out these articles/videos of mine:

Hardware Key Logging Part 1: An Overview Of USB Hardware Keyloggers, And A Review Of The KeyCarbon USB Home Mini

Hardware Key Logging Part 2:A Review Of Products From KeeLog and KeyGhost

Hardware Key Logging Part 3: A Review Of The KeyLlama USB and PS/2 Keyloggers

Hardware Keyloggers In Action 1: The KeyLlama 2MB PS/2 Keylogger

Hardware Keyloggers In Action 2: The KeyLlama 2GB USB Keylogger
 

Two side notes: My Nmap class will be held at Ivy Tech in Sellersburg Indiana at 1PM on Sat Sept 20th 2008 in room P5. If this one goes well the next presentation will be on sniffers. Also, thanks to all of the folks who have signed up for Dreamhost using my discount code, it's really helped support the site with extra revenue.

Also, on other security topics check out my buddy Lee's page on hacking apps for the iPhone / iPod Touch.

Also, this month's Louisville 2600 meeting is coming up on Thursday, Sept 24th. More details can be found here: http://louisville2600.org/

Contact me if you think you can attend.

By the way, you may notice that I'm making fewer posts over the next month or so. I'll be busy studying for the GRE, wish me luck.

Also, DecaffeinatID Intrusion Detection System ver. 0.07 is out.

Enjoy.

Irongeek's Infosec Wargame Servers
I'd like to announce the launch of my own wargame servers for testing out your computer security skills. The host names are:

hackme1.irongeek.com
hackme2.irongeek.com
dosme1.irongeek.com

Try out Nmap, Nessus, Metasploit and other tools on these boxes. Please let me know your findings. Thanks to my hosting provider Dreamhost. If you want to know more about Dreamhost check out my review (and coupon codes), they have been pretty good to me.

As a side note, if anyone else is using LinkedIn please feel free to add me and give me a recommendation for the work I've done on this site. Who knows, it may help me find a good career opportunity in my area.

Check out the inscription:

It looks like there's going to be an information security conference in my neck of the woods next month. The  ISSA-Kentuckiana is holding the Fifth Annual Metro Louisville Information Security Conference Oct 18th at Churchill Downs. Considering the location, maybe they should have called it "Hackers and Horses". From the event site:

The ISSA-Kentuckiana board of directors is proud to announce the 5th Annual Metro Louisville Information Security Conference. It is a full day event on October 18th, 2007 that will be held at Churchill Downs. Our keynote speaker is Marcus Ranum, a world-renowned expert on security system design and implementation. In addition to the keynote, multiple technical, business/compliance, and demonstration-oriented breakout sessions will be held. Up to 6-CPE credits may be earned by attendance.

I'll be attending, hope to see some of you there.

Last year's presentation was high level functionality and basic knowledge of what RFID is. The year they will present the low level technical specs on different communication types, the physics behind RFID reading and transmitting, and the actual circuitry of an RFID tag and what it takes to make them operate more consistently. The presentation will also cover actual tag data and coding schemes with standardization including EPC Gen 2 and other ISO standards such as PayPass RFID enabled credit cards. There will be reader/writer demonstrations as well as other proof of concept demonstrations.

Watch last years presentation

I hope that some of you will be able to make it as well. It's a fun little hacker/digital arts convention. We had a great time last year, and intend to do the same this year.

 I've got nothing directly to do with this IPTV show, but I watch it and feel that not enough people know about the show. Shouts to Linlin, keep the show going.

Hello,
Unfortunately, I was forced to temporarily disable your irongeek.com/videos folder by renaming it to videos_disabledByDH. The connections to the files inside were monopolizing the apache webservice, and other sites couldn't be loaded.

Please don't re-enable it until you make check your code and restrict the connections to your files.

Sorry about having to go this route, but we can't have this happen on our shared machines. Please note, that repeated temporary disablement may result in disabling your domain and your account, for violating our Terms of Service (dreamhost.com/tos.html).

Let us know if you have any questions.

Thanks!
Andrea

Need another video host: Droops has been kind enough to let me use his bandwidth for a few months now, but it's getting to the point where my videos are sucking up too much of his bandwidth. I'm looking for a new place to host the videos. Ideas? I'm more than willing to let the host put a small ad at the bottom of each video page.  I think it's too the point where the videos are taking a few 100 gigs of transfer per month (not sure of the exacts, but Droops will let me know soon).  Thanks to Droop for letting me host my videos for so long on his dime.