|In this section I'll be posting AVIs and Flash files that show step by step how to execute various pen-testing tools. If you have any requests or comments please let me know. If you want to know how I make these video see the page titled: How I Make The Hacking Illustrated Videos|
|304||BSides Cleveland 2016 Videos||YouTube/Archive.org||06/25/2016|
|303||ShowMeCon 2016 Videos||YouTube/Archive.org||06/14/2016|
|302||Circle City Con 2016 Videos||YouTube/Archive.org||06/12/2016|
|300||AIDE 2016 Videos||YouTube/Archive.org||04/22/2016|
|299||BSides Nashville 2016 Videos||YouTube/Archive.org||04/17/2016|
|298||Central Ohio Infosec Summit 2016 Videos||YouTube/Archive.org||03/31/2016|
|297||CypherCon 2016 Videos||YouTube/Archive.org||03/12/2016|
|296||BSides Indy 2016 Videos||YouTube/Archive.org||03/05/2016|
|295||BSides San Francisco 2016 Videos||YouTube/Archive.org||03/01/2016|
|294||BSides Huntsville 2016 Videos||YouTube/Archive.org||02/07/2016|
|293||BSides Columbus 2016 Videos||YouTube/Archive.org||01/16/2019|
|292||Shmoocon Firetalks 2016||YouTube/Archive.org||01/16/2016|
|291||SecureWV 2015 Videos||YouTube/Archive.org||11/08/2015|
|290||HouSecCon v6 2015 Videos||YouTube/Archive.org||10/16/2015|
|289||GrrCON 2015 Videos||YouTube/Archive.org||10/11/2015|
|288||Louisville Infosec 2015 Videos||YouTube/Archive.org||09/30/2015|
|287||DerbyCon 5 Videos||YouTube/Archive.org||09/28/2015|
|286||BSides Augusta 2015 Videos||YouTube/Archive.org||09/13/2015|
|285||BSidesLV 2015 Videos||YouTube/Archive.org||08/06/2015|
|284||BSides Cincinnati 2015 Videos||YouTube/Archive.org||07/27/2015|
|283||BSides Detroit 2015 Videos||YouTube/Archive.org||07/18/2015|
|282||Converge 2015 Videos||YouTube/Archive.org||07/17/2015|
|281||OISF 2015 Videos||YouTube/Archive.org||07/11/2015|
|280||BSides Cleveland 2015 Videos||YouTube/Archive.org||06/20/2015|
|279||Circle City Con 2015 Videos||YouTube/Archive.org||06/14/2015|
|278||ShowMeCon 2015 Videos||YouTube/Archive.org||06/10/2015|
|277||Password Cracking Class for Hackers For Charity||YouTube/Archive.org||05/17/2015|
|276||BSides Knoxville 2015 Videos||YouTube/Archive.org||05/16/2015|
|275||BSides Boston 2015 Videos||YouTube/Archive.org||05/10/2015|
|274||AIDE 2015 Videos||YouTube/Archive.org||04/24/2015|
|273||BSides San Francisco 2015 Videos||YouTube/Archive.org||04/21/2015|
|272||BSides Nashville 2015 Videos||YouTube/Archive.org||04/12/2015|
|271||Central Ohio Infosec Summit 2015 Videos||YouTube/Archive.org||03/26/2015|
|270||Louisville Lock Picking And Bypass Class Hosted At LVL1||YouTube/Archive.org||02/28/2015|
|269||BSides Tampa 2015 Videos||YouTube/Archive.org||02/22/2015|
|268||BSides Huntsville 2015 Videos Posted||YouTube/Archive.org||02/08/2015|
|267||BSides Columbus Ohio 2015 Videos||YouTube/Archive.org||01/18/2015|
|266||Shmoocon Firetalks 2015 Videos||YouTube/Archive.org||01/18/2015|
|265||Hack3rcon 5 Videos||YouTube/Archive.org||11/17/2014|
|264||GrrCON 2014 Videos||YouTube/Archive.org||10/19/2014|
|263||Louisville Infosec 2014 Videos||YouTube/Archive.org||10/03/2014|
|261||BSides Augusta 2014 Videos||YouTube/Archive.org||09/13/2014|
|260||Passwordscon 2014 Videos||YouTube/Archive.org||08/21/2014|
|259||TakeDownCon Rocket City 2014 Videos||YouTube/Archive.org||08/20/2014|
|258||Defcon Wireless Village 2014 (Defcon 22) Videos||YouTube/Archive.org||08/12/2014|
|257||BSides Las Vegas 2014 Videos||YouTube/Archive.org||08/11/2014|
|256||BSides Cleveland 2014 Videos||YouTube/Archive.org||07/13/2014|
|255||OISF 2014 Videos||YouTube/Archive.org||07/13/2014|
|254||Circle City Con 2014 Videos||YouTube/Archive.org||06/15/2014|
|253||BSides Nashville 2014 Videos||YouTube/Archive.org||05/19/2014|
|252||Nmap Class for Hackers For Charity||YouTube/Archive.org||05/11/2014|
|251||ShowMeCon 2014 Videos||YouTube/Archive.org||05/07/2014|
|250||BSides Chicago 2014 Videos||YouTube/Archive.org||04/28/2014|
|249||Notacon 11 (2014) Videos||YouTube/Archive.org||04/13/2014|
|248||BSides Huntsville 2014 Videos||YouTube/Archive.org||02/10/2014|
Intro to Darknets: Tor and I2P Workshop|
This class introduces students to the I2P and Tor Darknets.
|246||ShmooCon Firetalks 2014||YouTube/Archive.org||01/21/2014|
Installing Nessus on Kali Linux and Doing a Credentialed Scan|
I recorded this video twice. First time, the sound was hideous when the fan came on. I decided to re-record it and post both versions. I cover installing Nessus on Kali Linux and doing Nessus credentialed scans using Windows passwords and Linux SSH keys.
|244||SkyDogCon 2013 Videos||YouTube||12/26/2013|
Intro to Metasploit Class at IU Southeast |
This is a class we did to introduce students to Metasploit at IU Southeast. Special guest lecturer Jeremy Druin (@webpwnize). To follow along, I recommend downloading Kali Linux.
|242||BSides Delaware 2013 Videos||YouTube/Archive.org||11/10/2013|
|241||ISSA Kentuckiana - RESTful Web Services - Jeremy Druin - @webpwnized||YouTube/Archive.org||11/01/2013|
|239||Derbycon 3.0 Videos||YouTube/Archive.org||09/29/2013|
|238||BSidesLV 2013 Videos||YouTube/Archive.org||08/06/2013|
|237||OISF 2013 Videos||YouTube/Archive.org||07/14/2013|
|236||NQSFW Free CISSP Study Guide||YouTube/Archive.org||07/04/2013|
|235||BSides Rhode Island Videos||YouTube/Archive.org||06/15/2013|
|234||Kali Linux Live Boot USB Flash Drive - Jeremy Druin||1:00:11||YouTube/Archive.org||06/07/2013|
|233||ISSA Kentuckiana Web Pen-Testing Workshop||YouTube/Archive.org||05/20/2013|
|232||Notacon 10 Videos||YouTube/Archive.org||04/21/2013|
|230||Outerz0ne 9 (2013) Videos||YouTube/Archive.org||04/08/2013|
Outerz0ne 8 (2012) Videos|
Somehow I forgot to post these to this page last year.
(should have been 2012)
|228||Introduction to HTML Injection (HTMLi) and Cross Site Scripting (XSS) Using Mutillidae||YouTube||03/03/2013|
|227||Introduction to Pen Testing Simple Network Management Protocol (SNMP)||YouTube||03/03/2013|
|226||Bro IDS/Network Programming Language Video Page||YouTube||02/24/2013|
|225||Shmoocon Firetalks 2013||YouTube/Archive.org||02/18/2013|
Basics of using sqlmap - ISSA Kentuckiana workshop 8 - Jeremy Druin|
This is the 8th in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae (or other tools) for the Kentuckiana ISSA. This one covers SQLMap.
SQL Server Hacking from ISSA Kentuckiana workshop 7 - Jeremy Druin|
This is the 7th in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae (or other tools) for the Kentuckiana ISSA. This one covers SQL Server Hacking.
|223||Introduction to buffer overflows from ISSA KY workshop 6||YouTube/Archive.org||11/24/2012|
|222||PhreakNIC 16 Videos||YouTube/Archive.org||11/10/2012|
The potential impact of Software Defined Networking on security - Brent
This is Brent Salisbury talk on SDN and security for the Kentuckiana ISSA November meeting. Sorry about the sound, I need to get a mic next time.
|220||SkyDogCon 2 Videos||YouTube/Archive.org||10/27/2012|
|218||Louisville Infosec 2012 Videos||YouTube/Archive.org||10/06/2012|
|217||Derbycon 2.0: The Reunion||YouTube/Archive.org||09/30/2012|
Into to Metasploit - Jeremy Druin
This is the 5th in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae for the Kentuckiana ISSA. This one covers Metasploit.
Host Vulnerability Assessment with Nessus, NeXpose and Metasploitable 2|
This is the 4th in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae for the Kentuckiana ISSA. This one covers Nessus, NeXpose and Metasploitable 2.
|214||BSides Las Vegas 2012 Videos||YouTube/Archive.org||07/31/2012|
|213||OISF 2012 Videos||YouTube/Archive.org||07/16/2012|
|212||Bsides Cleveland 2012 Videos||YouTube/Archive.org||07/16/2012|
Pilfering Local Data: Things an Attacker Would Want to Grab with Short Term
Here's my talk from the 2011 Nashville Infosec. This is more or less the description I sent them: "This talk will cover core items an attacker would want to locate and copy off of a Windows system, as well as what tools they would use to bypass weak security precautions like file system permissions and OS/BIOs passwords. Core date in this case would be things like stored passwords and wireless keys, but could also include network paths and the like. It will underscore the importance of physical security and hard drive encryption."
|This one is out of order. Somehow I put it on the front page, but forgot about adding it to this index.||09/16/2011|
Traceroute and Scapy Jeremy Druin @webpwnized|
This is the 3rd in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae for the Kentuckiana ISSA. This one covers Traceroute and Scapy.
|209||AIDE 2012 Videos||YouTube/Archive.org||05/26/2012|
Intro to Scanning: Nmap, Hping, Amap, TCPDump, Metasploit, etc. Jeremy Druin|
This is the 2nd in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae for the Kentuckiana ISSA. This one covers scanning Nmap, Hping, Amap, TCPDump, Metasploit, etc.
|207||Notacon 9 (2012) Videos||YouTube/Archive.org||04/16/2012|
Pen-testing practice in a box: How to assemble a virtual network|
This is the first in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae for the Kentuckiana ISSA. Topics: Virtual Box Installation, Installing virtual machines, Configuring virtual networks - bridged, nat, hostonly, USB devices in virtual machines, Wireless networks in virtual machines, Installing Guest Additions, How to install Mutillidae in Windows on XAMPP, How to install Mutillidae in Linux Samurai
Web Application Pen-testing Tutorials With Mutillidae|
When I started the Mutillidae project it was with the intention of using it as a teaching tool and making easy to understand video demos. Truth be told, I never did as much with it as I intended. However, after Jeremy Druin (@webpwnized) took over the development it really took off. I have since come to find out he has been doing A LOT of YouTube video tutorials with Mutillidae, which he said I could share here. I will be copying his descriptions with slight editing and embedding his videos in this page.
Crypto & Block Cipher Modes (OpenSSL, AES 128, ECB, CBC)|
Hopefully this will give a nice visual illustration of how Electronic codebook (ECB) and Cipher-block chaining (CBC) work using AES-128 and OpenSSL. You can learn a lot from a known plain text, and repeating patterns. Inspired by labs from Kevin Benton & "Crypto Lab 1" SEED.
ShmooCon Firetalks 2012 Videos|
“How Do You Know Your Colo Isn’t “Inside” Your Cabinet, A Simple Alarm Using Teensy” by David Zendzian
“Bending SAP Over & Extracting What You Need!” by Chris John Riley
“ROUTERPWN: A Mobile Router Exploitation Framework” by Pedro Joaquin
“Security Is Like An Onion, That’s Why it Makes You Cry” by Michele Chubirka
“Five Ways We’re Killing Our Own Privacy” by Michael Schearer
“Cracking WiFi Protected Setup For Fun and Profit” by Craig Heffner
“Passive Aggressive Pwnage: Sniffing the Net for Fun & Profit” by John Sawyer
“Ressurecting Ettercap” by Eric Milam
“Security Onion: Network Security Monitoring in Minutes” by Doug Burks
“Remotely Exploiting the PHY Layer” by Travis Goodspeed
ShmooCon Epilogue 2012 Talks|
Resurrection of Ettercap: easy-creds, Lazarus & Assimilation
Eric Milam - (Brav0Hax) &
Media Hype and Hacks that Never Happened
More than one way to skin a cat: identifying multiple paths to compromise a target through the use of Attach Graph Analysis
Proper Depth / Breadth testing for Vulnerability Analysis and fun with tailored risk reporting metrics.
Jason M Oliver
Extending Information Security Methodologies for Personal User in Protecting PII.
Stratfor Password Analysis
Intro To Bro
Unix File Permissions and Ownership (CHOWN, CHMOD, ETC) |
I'm taking a security class were we had a lab on Unix/Linux file system permissions. I decided I might as well record it, and the steps taken, along with explanations as to what I was doing to set the permissions such as read, write, execute, SetUID, SetGID and the Stickybit. Kevin Benton created the lab, so I'd like to give him credit for inspiring me to do this video.
Basic Setup of Security-Onion: Snort, Snorby, Barnyard, PulledPork, Daemonlogger
Thanks to Doug Burks for making building a Network Security Monitoring Server much easier. I mentioned Snort, Snorby, Barnyard, PulledPork and Daemonlogger in the title, but there is a lot more on the distro than that. This is a nice way to get an IDS up and running featuring pretty frontends without going into dependency hell.
Pen-Testing Web 2.0: Stealing HTML5 Storage & Injecting JSON Jeremy Druin|
This is Jeremy's talk from a recent ISSA meeting. In it he covers what the title says, showing off stealing of HTML 5 storage, injecting JSON, using Burp Suite, Muttillidae and some XSS attack fun. Sorry about the noise in the first bit, I had to set the camera up a ways off and it picked up my bag of chips better than it did Jeremy's talk. @webpwnized
NetworkMiner Professional for Network Forensics|
This video was made to show some of the extra features of NetworkMiner Professional, like Pcap-over-IP, running on OS X under Mono, Export results to CSV / Excel, Geo IP localization, Host coloring support, and Command line scripting support.
|196||SkyDogCon 2011 Videos||YouTube/Archive.org||11/06/2011|
|195||Hack3rcon II Videos||YouTube/Archive.org||10/24/2011|
|194||Derbycon 2011 Videos||YouTube/Archive.org||10/08/2011|
Security Tips For The Small Business From 70,000 Feet - Joseph Hollingsworth and
A little while back Joe Hollingsworth and I were interviewed for an article in the Southern Indiana Business Source. The local Kiwanis club asked for a 25 min talk on the subject of the article, so we came up with this mandate:
Given only 25 minutes, tell us what a small business could do to help their security posture.
Well, it ended up being almost 40min and we did not get through all of the slides. The live video camera failed, so the audio in this video is what the laptop recorded. It may not be something most of my readers will be interested in, but it may help you present on a similar topic.
Cipherspaces/Darknets An Overview Of Attack Strategies|
This is essentially the talk I gave at Defcon 19, but I had a little more time to cover the topic in this canned video:
Darknets/Cipherspaces such as Tor and I2P have been covered before in great detail. Sometimes it can be hard to follow attack strategies that have been used against them as the papers written on the topic have been academic and abstract. What this talk will attempt to do is step back and give an overview of the topic in a manner hopefully more conducive to the understanding of security practitioners, giving more concrete examples. While little to nothing in this talk will be "new and groundbreaking" it should lead to a better understanding of how encrypted anonymizing networks can be subverted to reveal identities.
Ohio Information Security Forum (OISF) Anniversary Event Videos
Endpoint Security Decisions - Kurt
Social Networks - Evan Patterson
Dual booting Winbuilder/Win7PE SE and Backtrack 5 on a USB flash drive with
This is a quick and dirty video to show how to make a multiboot thumbdrive with XBOOT. You can also create a multiboot CD/DVD by combining other ISOs. Operating Systems loaded on mine include: Backtrack 5, Winbuilder/Win7PE SE, DBAN, UBCD4Win, TAILS, Gparted, Ubuntu 11.04, etc.
Portable Boot Devices (USB/CD/DVD): Or in Canadian, what is this all aboot? |
This is a talk I did on making bootable USB drives/CDs/DVDs for my local ISSA. Think of it as a braindump and starting point for making your own.
OSInt, Cyberstalking, Footprinting and Recon: Getting to know you
Attacking and Defending Apple iOS Devices - Tom Eston|
Leveraging Social-Engineering in your INFOSEC Program - David Kennedy|
|184||Crude, Inconsistent Threat: Understanding Anonymous - Adrian Crenshaw||43:53||Vimeo/AVI||88.8MB||5/15/2011|
Funnypots and Skiddy Baiting: Screwing with those that screw with you - Notacon
This is the presentation I did for Notacon 2011. Honeypots might be ok for research, but they don’t allow you to have fun at an attacker’s expense the same way funnypot and skiddy baiting does. In this talk I’ll be covering techniques you can use to scar the psyche or to have fun at the expense of attackers or people invading your privacy. Sorry about the subpar sound, I had a bit of echo from where my camera was positioned.
Identifying the true IP/Network identity of I2P service hosts talk - Adrian
Crenshaw, Blackhat DC 2011|
This is the talk I did at Blackhat DC 2011 about de-anonymizing I2P darknet services.
Computer Forensics & Electronic Discovery - Andy Cobb, PhD|
Recorded at the April 2011 Louisville ISSA meeting.
Outerz0ne 2011 Hacker Con|
The following are videos of the presentations from the Outerzone 2011 hacker conference. Thanks to Skydog, Robin, Scott, SomeNinjaMaster and the Hacker Consortium crew for the con. Also thanks to Seeblind and others for doing AV. I'm looking forward to Skydogcon and working with the guys again at Derbycon.
Network Sniffers Class for the Kentuckiana ISSA 2011|
Wireshark, TCPDump, Metasploit sniffing with Meterpreter, ARP Poisoning, Ettercap, Cain, NetworkMinor, Firesheep and Xplico.
the AIDE Winter Meeting 2011|
Opening Remarks & Security Enabler, Bill Gardner & Rob Dixon
Where we at? A look at Information Security, David Kennedy (ReL1K)
Radio Reconnaissance in Penetration Testing, Matt Neely
Social Engineering In-Depth, Chris Criswell & Wayne Porter
Penetration Testing - The Continuing Failures of an Industry, Keith Pachulski
Blue team is sexy - refocusing on defense, Mick Douglas
DDoS: Defending Against an Internet Mob, Kenneth Scott
Cipherspace/Darknets: anonymizing private networks, Adrian Crenshaw
Hackers Trail Mix, Elliott Cutright
FireTalks from Shmoocon 2011|
Grecs and the folks at Shmoo were kind enough to let me record the FireTalks from Shmoocon 2011.
Hosting Hidden Services in I2P: eepSites and SSH
|175||Installing the I2P darknet software in Linux||Vimeo/MP4/WMV||01/08/2011|
|174||DOJOCON 2010 Videos||Vimeo/AVI||12/16/2010|
|173||Hack3rcon 2010 Videos||Vimeo/MP4||10/27/2010|
Shoecon Intro with Rick and Scott, then some SSL Cert Wildcards fun with Karthik
Wi-Fi Basics for Geeks – How Wireless Really Works
Unfortunately, I've not been able to recover the live MP4 of Skydog's talk. I may post the file later to see if anyone else can figure a way to recover it.
Malicious USB Devices: Is that an attack vector in your pocket
or are you just happy to see me?|
In this presentation I talk about the categories of malicious USB devices:
USB Mass Storage containing malware
along with detection and mitigation techniques involving GPO (Windows) and UDEV (Linux) settings. It was presented at Phreaknic 14.
Locating I2P services via Leaks on the Application Layer
While at Phreaknic 14 I did a quick lightning talk on my project to test the anonymity provided by I2P. Mostly I'll be aiming at web server misconfigurations in eepSites. It starts getting fast at the end because I was running out of time (10 min is kind of short for the subject). Still, I hope it is a good intro to I2P, and my plans.
Beyond Nmap: Other network scanners|
This is a presentation I did for the Blugrass ISSA chapter. Tools covered, at least lightly, are: Nmap, Hping, UnicornScan,
AutoScan, Netscan, Metasploit, NetworkMiner and of course BackTrack 4 R1. A few minor flubs, and one spot where I deleted a demo fail. :)
Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device (Defcon 18)|
The Programmable HID USB Keystroke Dongle (PHUKD) is a small device based around the Teensy microcontroller development board. It allows users to program in keystrokes and mouse macros that can execute when the device is plugged in, after a set time, or when certain environmental conditions are met (light, noise, temperature, etc.) This device can be used as a replacement for a U3 hacksaw, as a device left behind to execute commands when someone with elevated privileges is likely to be logged in, or give as a Trojan device to unsuspecting targets. Much pwnage should ensue.
I've added my Defcon video to the bottom of the Videos and Pictures section of the PHUKD article.
Also checkout the "PowerShell OMFG Video" Dave Kennedy and Josh Kelley (winfang) did at Defcon 18
it used PHUKD devices for part of it.
Password Exploitation Class Videos Posted|
This is a class we gave for the Kentuckiana ISSA on the the subject of password exploitation. The Password Exploitation Class was put on as a charity event for the Matthew Shoemaker Memorial Fund ( http://www.shoecon.org/ ). The speakers were Dakykilla, Purehate_ and myself. This is sort of the first Question-Defense / Irongeek joint video. Lots of password finding and crack topics were covered: Hashcat, OCLHashcat, Cain, SAMDump2, Nir's Password Recovery Tools, Password Renew, Backtrack 4 R1, UBCD4Win and much more. About 4.5 hours of content.
Setting up the Teensy/Teensyduino Arduino Environment |
This video will show you the basics of setting up the Teensyduino environment in Windows so you can start developing PHUKD devices.
Mutillidae/Samurai WTF/OWASP Top 10 |
This is a presentation I did at the Kentuckiana ISSA and then again at the Ohio Security Forum on Mutillidae/Samurai WTF/OWASP Top 10. I chose to post the Ohio version of the video as I think it came out better, but the slides are the same. Plenty of information on XSS (Cross Site Scripting), CSRF (Cross Site Request Forgery) and SQL/Command Injection.
Ligatt / Gregory D. Evans Videos|
It should be noted, I did not create these videos, my buddy Rick from the ISDPodcast did (at least the first two). Still, they are worth sharing.
I have some links below if you want more info on the Ligatt / Gregory D. Evans controversy that has been going around. If nothing else, it will help with people researching the person/company:
Ligatt / Gregory D. Evans Fun Charlatan Entry at Attrition.org
Follow all the Ligatt fun on Twitter
The Register has a good writeup on Ligatt / Gregory D. Evans
This is probably the most concise writeup on Ligatt / Gregory D. Evans
If you want to read the book "How To Become The Worlds No. 1 Hacker" for yourself, but you don't want to pay Ligatt for plagiarizing, grab the PDF at this link
11 Webcam Exploit|
This is a segment I did an interview for. They took very little of what I said, and played up the voyeur aspect (I told them webcams were not that big a worry, but drive by bot installs were).
Outerz0ne 2010 Videos|
The following are videos of the presentations from the Outerzone 2010 hacker conference. Thanks to Skydog, Robin, Scott, SomeNinjaMaster and the Hacker Consortium crew for the con. Also thanks to Karlo, Keith, and Seeblind for doing AV. I'm looking forward to Skydogcon.
Attacking and Defending WPA Enterprise Networks - Matt Neely
Steganography: The art of hiding stuff in stuff so others don't find your stuff|
This is a presentation I was working on for the malware class I'm enrolled in. For some reason my voice was cracking while recording it, but I guess it was good practice for the live version I'll do tomorrow. Besides just an introduction to Steganography, I'll also talk a little about my SnarlBot project that will attempt to use stego in a command and control channel.
When Web 2.0 Attacks - Rafal Los|
Recorded at: Louisville OWASP Chapter - Fourth Meeting, Friday January 29th, 2010
Speaker: Rafal Los will be discussing Flash and Web 2.0 security
Botnets Presentation For Malware Class
I have to present two papers for my malware class, so I figure I'd share my practice video with my readers. Slides are available in PDF and PPTX forms.
Setting up the HoneyBOT HoneyPot|
HoneyPots are hosts meant to be attacked either to distract the attackers or to research their techniques. This video will cover setting up a simple HoneyPot in Windows using an application called HoneyBOT. I'll also talk a little about capturing a pcap file with dumpcap for later analysis.
Setting up an Ethernet bridge in Ubuntu Linux|
In a previous video, I showed how to set up an Ethernet bridge in Windows XP. This is very useful for sniffing traffic leaving your LAN for the purposes of IDS (Intrusion Detection System), network monitoring, statistics or just plain snooping. In this video, I cover setting up an Ethernet bridge in Linux. Other tools used in this video include Wireshark, TCPDump, Etherape and Driftnet.
According to RFC 793, if a closed port gets a TCP packet without the SYN, RST, or ACK flag being set, it is suppose to respond with a RST packet. If the port is open, the TCP stack is suppose to just drop the packet without giving a response. Not all Operating Systems follow the RFC to the letter however, and these discrepancies allow for OS fingerprinting. I've covered OS fingerprinting in other videos (which I will link off to later), this video will just illustrates the point by showing off Nmap's XMAS scan option which sets only the FIN, PSH, and URG flags and nothing else. I'll also be using Zenmap, Ndiff and Wireshark to help you get the idea.
IndySec Metasploit Class Videos
When Steve invited me up to Indianapolis to help with a Metasploit class I jumped at the opportunity. We had a good time and IndySec puts on a great event. They let me record the talks, unfortunately I was testing out a new video rig and the audio failed on the first three parts (Intro/Welcome, Network Setup, Getting started with Metasploit). The rig worked great for the Social Engineering, Meterpreter and SQL Pwnage/Fast Track sections. My presentation was just a rehash of the video I put up last week on msfpayload/msfencoder/metasploit 3.3 so I decided not to post it on this page.
Using msfpayload and msfencode from Metasploit 3.3 to bypass anti-virus
Using FOCA to collect Metadata about an organization|
Applications can add all sorts of data into the documents they create or edit. DOC, PDF, XLS and other file types can contain all sorts of extra data, like usernames, network paths, printers and application version numbers. This sort of information is great for doing initial research about an organization before doing a pen-test. This video with cover using FOCA, pointing it at a domain name, and grabbing metadata from doc, ppt, pps, xls, docx, pptx, ppsx, xlsx, sxw, sxc, sxi, odt, ods, odg, odp, pdf and wpd files.
Building a Hacklab, and a little about the Louisville CTF event|
This is a presentation I gave for the local Louisville ISSA. I took this as an opportunity to learn a bit about AVISynth and do a split screen video. Thanks to Gary for being my camera man.
Darknets: anonymizing private networks talk from Phreaknic (Networks covered
include Tor, Freenet, AnoNet/DarkNET Conglomeration and I2P)|
This is a quick and dirty version of my Darknets talk from Phreaknic 2009, I hope to have a better version up soon. It covers the the basics of semi-anonymous networks, their use (political dissidence, file sharing, gaming and pr0n), how they were developed and what they mean to organizations. The main focus will be on the Tor, I2P, Freenet and anoNet Darknets, their uses and weaknesses.
|148||Louisville Infosec 2009 Videos||var||Blip.tv||10/29/2009|
Getting started with the I2P Darknet|
I2P (originally standing for Invisible Internet Project) can be seen as a networking layer sitting on top of IP that uses cryptography to keep messages confidential, and multiple peer to peer network tunnels for anonymity and plausible deniability. While Tor is focused more for hiding your identity while surfing the public Internet, I2P is geared more toward networking multiple I2P users together. While you can surf to the public Internet using one of the I2P out proxies, it's meant more for hiding the identity of the providers of services (for example eepSites), sort of like Tor's concept of Hidden Services, but much faster. Another advantage I2P has is NetDB, a distributed way to let peers know about each other once initial seeding has occurred. Tor on the other hand uses it's own directory to identify servers, which in theory could be more easily blocked. Both networks have their advantages and trade offs. This video won't cover the details of I2P's peering or encryption systems, and may seem kind of rambling, but it should be enough to get you up and running on the darknet.
Please note, this video came out way larger than I intended.
Louisville InfoSec CTF 2009
File Carving and File Recovery with DiskDigger|
DiskDigger is a tool that allows you to recover deleted files off of a FAT or NTFS drive. It has two modes of operation: In the first it merely looks in the FAT/MFT to find files marked as deleted, in much the same way that the tool called Restoration does. In the 2nd mode it does a file carve down the drive looking at the raw bits and finding the know headers and footers of various file types, much like PhotoRec. While PhotoRec seems a little more powerful, DiskDigger is easier to use and its preview functionality is quite nice. This video will cover the basics of recovering deleted files with DiskDigger.
Pin-hole Spy Video Camera Disguised as a Pen|
I thought some of you might find this an interesting gadget, so I decide to review it. It might be useful for reconnaissance before a pen-test, or as a covert place to store files.
Rohyt Belani - Bad Cocktail: Application Hacks + Spear
Mr. Rohyt Belani was kind enough to do a presentation on combining web application attacks with spear phishing at the Sept 2009 Louisville OWASP meeting (our chapter's LinkedIn page can be found here). If you are interested in finding out more about some of the topics Rohyt mentions in his presentation, check out these other videos on Footprinting/Network Recon and Exploiting Common Web App Vulnerabilities.
Anti-Forensics: Occult Computing Class|
This is a class I gave for the Kentuckiana ISSA on the the subject of Anti-forensics. It's about 3 hours long, and sort of meandering, but I hope you find it handy. For the record, Podge was operating the camera :) Apparently it was not on me during the opening joke, but so be it, no one seemed to get it. I spend way to much time on the Internet it seems. Also, I'm in need of finding video host to take these large files. This class video is 3 hours, 7 min and 1.2GB as captured.
|141||Phreaknic 12 Videos||Blip.tv||07/25/2009|
Irongeek - Hardware Keyloggers: Use, Review, and Stealth (Phreaknic 12)|
This talk will cover hardware keyloggers and their use. About six will be presented in person for folks to try hands on, with a few others referenced in the slide show (mini-pci ones for example) . I'll cover the advantages and disadvantages of the current crop on the market and how they work. Also covered will be possible ways to detect hardware keyloggers via physical inspection an software.
Tutorial: A modern Netcat from the Nmap team|
For those not in the know, Netcat is a utility who's goal is to be like the Unix cat command, but for network connections. It has been referred to as a "Swiss-army knife for TCP/IP" for good reason, since it can do so many things.
Nmap form source on Ubuntu|
Along the way to making a video on Ncat I needed to compile Nmap 5 from source, so I figured I might as well do a video on that as well. There are many reasons why you might want to compile Nmap from source instead of just using the package manager, so enjoy.
Comparing two Nmap 5 scans to find changes in your network|
Fyodor gave me a heads up that Nmap 5 was coming out, so I figured I'd do a couple of videos on useful new features that come with Nmap 5 and later. For a better understanding of Nmap in general, check out my older videos which I will link to after the presentation. In this video I will cover the basics of using NDiff to compare two seperate Nmap scans. This is really useful for change management, where you want to know what new devices have appeared on your network or about ones that have disappeared for some reason. You could easily schedule Nmap to run on your network weekly, and then compare the differences with NDiff to see what has changed.
Incident Response U3 Switchblade From TCSTool|
In Russell's own words: "The U3 incident response switchblade is a tool designed to gather forensic data from a machine in an automated, self-contained fashion without user intervention for use in an investigation. The switchblade is designed to be very modular, allowing the investigator/IR team to add their own tools and modify the evidence collection process quickly." This video shows you how to setup u3ir, and modify it.
Top 5 and Mutillidae: Intro to common web vulnerabilities like Cross Site
Scripting (XSS), SQL/Command Injection Flaws, Malicious File Execution/RFI,
Insecure Direct Object Reference and Cross Site Request Forgery (CSRF/XSRF)|
This is a recording of the presentation I gave to the Louisville Chapter of OWASP about the Mutillidae project. A while back I wanted to start covering more web application pen-testing tools and concepts in some of my videos and live classes. Of course, I needed vulnerable web apps to illustrate common web security problems. I like the WebGoat project, but sometimes it's a little hard to figure out exactly what they want you to do to exploit a given web application, and it's written in J2EE (not a layman friendly language). In an attempt to have something simple to use as a demo in my videos and in class, I started the Mutillidae project. This is a video covering the first 5 of the OWASP Top 10.
802.11 Wireless Security Class for the Louisville ISSA Part 1|
Originally, this was going to be one 4hr class, but Jeff had something come up so he could not cover WEP/WPA cracking, and my section took so long that Brian never got a chance to present his material on DD-WRT. I'm hoping to get them back to do a part 2 of this video. In this section I cover the basics of WiFi, good chipsets, open file shares, monitor mode, war driving tools, testing injection, deauth attacks and the evil twin attack. Some of this comes out as kind of a stream of consciousness, but hopefully you can find some useful nuggets from my brain dump of what I've learned about 802.11a/b/g/n hacking. As far as classes goes this is the mostly complicated one I've set up, and for a wireless class Brian and I had to run a lot of wires. :)
Outerz0ne and Notacon 2009 Hacker Cons Report
I did some recording of the goings on at the Notacon and Outerz0ne 2009 hacker cons. If you want to get a feel for these cons, check out the video.
Hacker Con WiFi Hijinx
Video: Protecting Yourself On Potentially Hostile Networks |
This is a presentation I gave for the Kentuckiana ISSA on May 8th, 2009. It covers the basics of protecting yourself when using open WiFi on a potentially hostile networks, most notable Hacker cons, but also coffee shops, libraries, airports and so forth. Topics include: open file shares, unneeded services, sniffing and evil twin attacks. The talk is based on the Hacker Con HiJinx tri-fold I wrote awhile back.
Mutillidae 1: Setup|
Mutillidae is a deliberately vulnerable set of PHP scripts I wrote to implement the OWASP Top 10 web vulnerabilities. I plan to use these scripts to illustrate common web app attacks in a series of future videos. The easiest way to get up and running with Mutillidae is to use XAMPP, an easy to install Apache distribution containing MySQL, PHP and Perl. This first video covers setting up Mutillidae, which can be downloaded from:
Making Hacking Videos: Irongeek's Presentation from Notacon 2009
Over the years I've done a lot of video tutorials using screencasting software to teach folks new to hacking how various security tools work. I'd like to share the tips and tricks I've learned so that others can start to teach people about technology in the same way. Covered topics will include: Screencasting software, free tools, getting the best video for the least bandwidth, audio work, free hosting, animations and more. This is a presentation I did for Notacon 2009. Thanks to Ted and crew for recording it.
:Using SSLStrip to proxy an SSL connection and sniff it
John Strand of Pauldotcom allowed me to post this video that shows how to use SSLStrip to proxy an SSL connection and sniff it, without those annoying warning messages about the cert that other tools give. From John's description:
With SSLStrip we have the ability to strip SSL from a sessions. Using this tool we have the capability to capture in clear text user IDs and passwords.
Presentation Recording Rig Setup|
I've been wanting to record some of my live classes, as well as the talks at the upcoming Louisville Infosec. This is the rig I plan to use to capture both the Power Point/computer screen and live video of the presenter at the same time. Let me know if you have any ideas for improvement.
Footprinting, scoping and recon with DNS, Google Hacking and Metadata|
This class covers recon work, showing the student how a pen-tester/attacker can use public information to learn more about an organization before they compromise it's security. Covered topics will include DNS tools (like Whois, NSlookup/Dig, Nmap -sL), Google Hacking using advanced search terms and Metadata in images and documents. Recorded for the Kentuckiana ISSA on March 21, 2009.
more or less
Joe McCray "Advanced SQL Injection"|
Joe McCray of Learn Security Online sent me a video of a presentation he gave on Advanced SQL Injection. It's a great primer, and I love his presentation style. Someone buy the man a VGA to composite converter, or a HD camcorder so he can keep making these vids.
Outerz0ne 5 Closing|
Prepare your liver for the apocalypse.
Acidus (Billy Hoffman) - Offline Apps: The Future of The Web is the Client?|
Traditional web apps used the browser as a mere terminal to talk with the application running on the web server. Ajax and Web 2.0 shifted the application so that some was running on the client and some of the web server. Now, so-called offline application are web application that work when they aren't connected to the web! Confused? This talk will explore how to attack offline apps with live demos of new attack techniques like client-side SQL Injection and resource manifest hijacking.
BIO: Acidus is a Atlanta hacker who is not really sure why you keep listening to him.
Rob Ragan - Filter Evasion - Houdini on the Wire|
Today security filters can be found on our network perimeter, on our servers, in our frameworks and applications. As our network perimeter becomes more secure, applications become more of a target. Security filters such as IDS and WAF are relied upon to protect applications. Intrusion detection evasion techniques were pioneered over a decade ago. How are today's filters withstanding ever evolving evasion tactics? The presentation will examine how evasion techniques worked in the past and provide insight into how these techniques can still work today; with a focus on HTTP attacks. A practical new way to bypass Snort will be demonstrated. A tool to test other IDS for the vulnerability in Snort will be demonstrated.
Bio: Background: While performing a pentest on a fortune 50 company I got caught. My IP address was subsequently blocked. It was apparent that I was causing way too much noise and they had triggered a network security filter that blocked me. I came up with this presentation idea after implementing the evasion techniques found here in a proxy application. I quickly realized none of them work anymore on modern IDS. After some experimentation I eventually found something that would let me sneak nearly any type of web attack past Snort. More details on the attack can be found in my outline. I'm currently working on a tool that will allow anyone to test their IDS/IPS for this vulnerability.
Scott Moulton - Reassembling RAID by SIGHT and SOUND!|
RAID is a great technology and in many cases is suppose to keep our data safe. What happens when it fails? RAID Arrays are one of the most painful things to reassemble. RAID 0 and RAID 5 software reassemblies have problems with Slice Sizes, and Drive Orders and in many cases, the user has no idea what the settings are. What do you do when you don’t know the Slice Size and Drive Orders and you need the data from damaged drives? Well here is a demonstration of a way to determine this using Sight and Sound. I crammed as much on the subject as I can into a 50 minute presentation with Demos.
Makers Local 256 - A primer on hackerspaces|
What they are, why they're important, where they are, and how you can start one yourself. You may already have one close by. The talk will illustrate how hackers are taking back the moniker and bringing the community back into the light.
Presmike & Sippy - RETRI:Rapid Enterprise Triaging|
The first part of this presentation presents a new paradigm for the Incident Response process called Rapid Enterprise Triaging (RETRI), where the primary objective is to isolate the infected network segment for analysis without disrupting its availability. Part two of this presentation will introduce a new Enterprise Incident Response tool that complements the RETRI paradigm. The tool is a free, possibly open source, agent-based tool that is deployed to the compromised segment to perform the traditional incident response tasks (detect, diagnose, collect evidence, mitigate, prevent and report back). The tool will be released at Blackhat 2009 / Defcon 2009 if all goes well.For now you get screen shots.
Bio: My name is Nick Chapman. I'm a security researcher with the SecureWorks Counter-Threat Unit. Prior to focusing on security issues full time, I worked as both a System Administrator and Network Engineer in the ISP world.
SlimJim100 - Live Demo of Cain & Able and the Man-in-the-middle-attack|
This talk will present a live demo of a man-in-the-middle-attack, using Cain & Able.
SlimJim100, also known as Brian Wilson, has presented at ChicagoCon 3 times in the past. His resume is filled with 3, 4, and 5 letter certifications, and his reputation reflects his skills.SlimJim100 - Live Demo of Cain & Able and the Man-in-the-middle-attack.
SkyDog - Screen Printing Primer - Make your own Con Shirt!|
A primer on silkscreening t-shirts and garments. This talk goes thru the process of single color silkscreening, showing the steps necessary to produce the artwork, burning a screen, and then screening a shirt. We'll be producing shirts on stage, showing the techniques learned from much trial and error. Want to make your own Outerz0ne 5 Con shirt? C'mon up and do it yourself. Want to see yours made? We can do that too! Meant to be an interactive talk, to also raise interest in graphic arts and a to try and bring back a bit of the old school stuff.
Skydog currently works for a major university, while also holding down positions as President for two non-profits. One is Nashville 2600, which is the group responsible for Phreaknic, and the Hacker Consortium, a large non-profit hackerspace in Nashville, TN. When he isn't doing all of that happiness, he's trying to keep his son from cutting a finger off, and making sure he's not surfing pron.
Tyler Pitchford - They took my laptop! - U.S. Search and Seizure Explained|
An overview of recent developments impacting the Fourth Amendment and privacy conscious computer professionals: including discussions on the United States Constitution, Federal Statutes, Administrative decisions, and, most importantly, the case laws that interpret and define the Fourth Amendment. Special attention is given to topics affecting computer professionals, including border crossings, foreign nationals, forced disclosures, and the October 2008, Crist decision.
Tyler holds degrees in Software Architecture from New College of Florida and a Juris Doctor from the Stetson University College of Law. He co-founded the Azureus Bittorrent client in 2003 and currently works as CTO for Digome, LLC in Nashville, TN. His work experience includes Florida State Attorney's, Federal Magistrate Richardson, and Justice Anstead of the Florida Supreme Court. Tyler presented at PhreakNic 12 and has taught several courses on computer programming and security.
Morgellon - *Duino-Punk! Manifesting Open Source in Physical Space from Outerz0ne 5|
The goal is to promote the idea of open source hardware, and expand the community. We will begin with an intro into what an "arduino micro controller" is, how they work, and what you can do with them. You will see that you don't need to be an electronics wizard to create amazing projects that enhance your life! Whether a code ninja, hardware guru, enthusiast, a pro or total n00b, the arduino offers amazing potential, community, and empowerment to any who wish to grasp it.
Website: http://dailyduino.com (blog for arduino projects and related electronics news.)
WiFiFoFum: Wardriving convenience in your pocket and uploading to Wigle|
As regular Irongeek readers know, I’ve covered wardriving (the act of physically moving around in meatspace looking for WiFi access point) before. In this video, I want to cover another tool for wardriving: WiFiFoFum for the Windows Mobile platform.
Bluetooth Wireless Hardware Keylogger Review|
The folks over at Wirelesskeylogger.com were kind enough to send me a review unit. For more info on hardware keyloggers in general, check out some of my other articles and videos on the topic which I will link to at the end of this presentation. The core idea of a wireless hardwarekeylogger is that you only have to get physical access to the computer once to install it. From then on you just have to get close enough to the box with a bluetooth device to grab the logs, at least in theory.
Setting Up Tor Hidden Services
In a previous video I covered using the Tor anonymity network to browse the web anonymously. In this one I'll cover the basics of setting up a Tor hidden service. With a Tor hidden service, the true host IP of the service is hidden by the Tor network. Instead of having to hand out the true IP of the server, a service creator can hand out a *.onion hostname that's not linked directly to them. By setting up a Tor hidden service it becomes much harder for an adversary to figure out where the service is really being hosted from, and thus much harder to shutdown. This is a great thing for people like whistle blowers and political dissidents that want to share information anonymously, unfortunately it's also useful to pedos so be careful what links you choose to click on the onion network.
NetworkMiner for Network Forensics|
NetworkMiner is a cool little sniffer app by Erik Hjelmvik. Described as a Network Forensic Analysis Tool (NFAT), it allows you to parse libpcap files or to do a live capture of the network and find out various things passively. The main uses I like it for are file reconstruction of FTP, SMB, HTTP and TFTP streams as well as passive OS fingerprinting, but it can do a lot more. NetworkMinor uses the Satori, p0f and Ettercap OS fingerprints, and can be run from a thumb drive without having to install it. It's designed to run under Windows, but you can also use it under Linux with Wine.
Wireshark is an awesome open source general purpose network analyzer (AKA: a Sniffer). Before you continue on with this video, I recommend that you check out my article A Quick Intro to Sniffers so you understand the background information. In this video I'll cover the following topics: Running Wireshark, starting a capture with options, drilling down the OSI model, capture filter options, popping out a single packet, sorting by columns, following TCP streams, exporting HTTP objects, simple display filters, the filter builder, applying filters from different panes , saving filters, opening a Wiki page, Edit-> Find packet, sniffing an HTTP Basic Authentication password, Analyzers ->Expert Info, Analyzers ->Firewall ACLs, stats, editing color rules and saving the capture.
Hacking Your SOX Off: Sarbanes-Oxley, Fraud, and Fraudulent Financial Reporting|
I had to do a presentation for one of my MBA courses, and one of the topic choices was the Sarbanes-Oxley act. I chose it because I thought I could relate it to computer security, but as it turns out the connection is somewhat tenuous as you will see if you watch the presentation.
Bypassing Anti-Virus with Metasploit|
This video from John Strand shows how to bypass anti virus tools utilizing the new tricks in Metasploit 3.2
Deploying Metasploit's Meterpreter with MITM and an Ettercap filter|
In this video, Bigmac shows how to redirect web traffic and trick users into downloading Meterpreter and running it on their box.
Sniffers Class for the Louisville ISSA|
The video quality of this lecture is not very good, but it should give you an idea of what my ISSA classes are like. Covered topics include Wireshark, Ettercap, Cain and the slightest bit of NetworkMiner before the camera cut out. Pardon the blue tint, it was the projectors fault and not the Aiptek Action HD's. I shrunk it down from the original 720p, so the screen is not all that readable. I also experimented in cleaning up the audio in Audacity. I hope to cover Wireshark and NetworkMiner again shortly in higher quality videos.
This is Morgellon and Droop's talks about hacking the Arduino micro controller platform from Phreaknic 12. Droops and Morgellon will take you from basic electronics to building embedded systems. Learn how to build a standalone RFID tag reader with a fancy LCD display or your own oscilloscope or children's toys that speak to you or how to solar power a geothermal heat pump. There may even be some giveaways and contests. Magical Potions will be consumed but not provided.
I've done a little work to pull some noise out of the audio, but I may have made it worse in some spots. Thanks go out to the Phreaknic 12 A/V team SomeNinjaMaster, Night Carnage, Greg, Brimstone, Poiu Poiu, Mudflap, and Drunken Pirate for setting up the rigs and capturing the video.
This is a quick and dirty video documentary of the things that when on around the talks and event at Phreaknic 12 (2008). Don't watch if you get sick at shaky cam movies like Blair Witch or Cloverfield. A rough timeline of the content in the video is as follows:
Intro and leaving Louisville with Brian. Morgellon talks about hacking the Arduino micro controller platform. Sorteal talks about the LiVes Open Source video editor. AT&T Batman building by night. Mojo-JoJo soldering some stuff for the shooting range. The patron gods of hackerdom. Registration. Con swag overview. Morgellon gets his discreet logic on. AK-47 building with HandGrip and Buttstock. Froggy talks up Notacon, which I plan to go to next year. Skydog explains the Jware chair toss event, and then we compete. Rootwars hacker wargames. I ask Int80 about using his nerdcore music in some of my videos. NotLarry explains rootwars. Some iPhone hacking with Lee Baird and John Skinner. I do a little Bluecaseing/Warnibbling with the Bluetooth on my Nokia n810. John, Lee, Brian and I go to the German restaurant. I blind DOSman with the light from my camera and check out what folks are doing with the Arduinos Droops brought for folks to play with. I check back in on R00tW4rz. I blind Droops. I talk Ettercap filters with operat0r. USB door key fun with the Arduino. More breadboard fun. Nokia n810 + Ettercap Filter + Lemon-part = win. Int80 gets down with his own bad self, and the rest of Phreaknic. I find an energy drink with protein. Folks play with the hardware keyloggers I brought, and we have some epic fail with the IBM Model M + USB adapter + Mac OS 10.5. Winn Schwartau joins in on the keylogger fun. DOSman and Zack use a directional antenna from the 9th floor to search downtown Nashville for WiFi access points. Zoom in on Al. John and Lee eat jerky. Daren and Shannon from Hak5 blind me this time. :) Then they do a quick interview. I interview TRiP about the legalities of wardriving, sniffing and leaving your access point open so you have plausible deniability of copyright infringement (most likely it won't hold water in court if you are a computer geek). I give Hak5 Daren beef jerky. Ziplock had more con badges than God. I meet up with Iridium. I talk with Nightcarnage about the audio/video setup at Phreaknic. As I predicted, the Potters won the WiFi Race. I say why this was the best Phreaknic ever. Using green lasers on crack dealers. Techno in the dark, the Aiptek action HD does not do well in low light. Nicodemius shows off his Minority Report like multi-touch table. Hula hoop contest. I check back in with Jeff Cotton and his USB keyed door. I strap on my gear to leave the con. Brian and I do a wrap up of our thoughts on Phreaknic 2008.
Using Cain to sniff RDP/Remote Desktop/Terminal Server traffic via "Man in the Middle"
In this video I'll be showing how Cain can pull off a "Man in the Middle" attack against the Remote Desktop Protocol. While RDP versions 6.0 and later are less susceptible to these attacks because of the verification schemes added, there is still a risk since so many users just click yes to all warning messages.
BeEF: Browser Exploitation Framework XSS Fun
John Strand of Black Hills Security sent me another awesome video on using BeEF, cross site scripting and other fun.
Using Metasploit to create a reverse Meterpreter payload EXE
by John Strand
John Strand of Black Hills Security sent me an awesome video on using Metasploit to create an EXE with the Meterpreter payload that creates a reverse TCP connection outbound, blowing through many NAT boxes and firewalls. This goes great with a previous video I did on EXE Binders/Joiners.
Using Cain to do a "Man in the Middle" attack by ARP poisoning
I'm creating this video for three reasons: 1. While I've done a lot of videos on Cain, most of them are more advanced and assume you know the basics. 2. The last video I did on ARP poisoning with Cain was more than four years ago, Cain looks quite a bit different now. 3. I wanted a reference for the classes I'll be teaching for the Kentuckiana ISSA. Before you watch this video, read my article "The Basics of Arp spoofing/Arp poisoning" so you will have a better grasp of the concept.
John Strand - "Advanced Hacking Techniques and Defenses" (and demos
of evilgrade/passing the hash/msfpayload) from
Louisville Infosec 2008
John Strand gave this presentation for the Kentuckiana ISSA at the Louisville Infosec 2008 conference. He gives a fascinating talk about why "security in depth" is dead, and lives again. John then goes on to demo Evilgrade, using msfpayload and obscuring it against signature based malware detection, dumping SAM hashes with the Metasploit Meterpreter and using a patched Samba client to pass the hash and compromise a system. I'd like to thank John for letting me record his talk.
Rohyt Belani - "State of the Hack" from
Louisville Infosec 2008
Rohyt Belani gave this presentation for the Kentuckiana ISSA at the Louisville Infosec 2008 conference. Rohyt shows new ways to think about hacking, going into how and why simple things work on the people element. Why hack a system when a quick Google search can reveal so much? Rohyt's talk was humorous and informative, and I'd like to thank him for letting me record his it.
Adrian Crenshaw - "Intro to Sniffers" from
Louisville Infosec 2008
I gave this presentation for the Kentuckiana ISSA at the Louisville Infosec 2008 conference. I cover the basics of how network sniffers work, and specifically talk about Wireshark, Cain, Ettercap and NetworkMiner. I came up with the presentation on short order, so please be forgiving of the stumbles. :) You can download the slides from here.
Kevin Beaver - "Staying Ahead of the Security Curve" from
Louisville Infosec 2008
Kevin Beaver gave this presentation for the Kentuckiana ISSA at the Louisville Infosec 2008 conference. There's a lot of great advice in this video on how to approach an infosec career in the right way. Kevin endorses being a security "renaissance man", expanding your knowledge outside of the tech side to understand the business, people and legal sides as well. At the same time he also points out that sometimes specialization is good, so focus on your strengths. I'd like to thank Kevin for letting me record his talk.
Finding listening ports on your Windows box using Netstat, Fport, Tcpview, IceSword and Current Ports
Host based firewalls are fine and dandy, but I'd rather turn off services I don't need than to just block them. Host based firewalls are sort of a bandage, and while they can be useful for knowing what is connecting out (see egress filtering), it's better just not to have unneeded network services running in the first place. This video can be seen as a supplement to my article "What can you find out from an IP?"
Weak Hashing Algorithms: Outlook PST file CRC32 password cracking example
In a previous video I explained the basics of cryptographic hashes. Go watch "A Brief Intro To Cryptographic Hashes/MD5" before this video. In this tutorial, I'll be giving an example of why weak hashes are bad. The example I'll be using is the CRC32 hash that Outlook uses to store a PST archive's password with. The CRC32 algorithm as implemented by Microsoft Outlook is easy to generate hash collisions for, so even if you can't find the original password you can find an alternate one that works just as well.
Irongeek's Hacking Lab and a review of the Aiptek Action HD 1080p
An overview of how may lab is set up, as well as a review of the Aiptek Action HD 1080p
Teaching Hacking at College by Sam Bowne
This was a DefCon 15 presentation (August 3-5, 2007) by Sam Bowne. Sam does a great job explaining how to teach ethical hacking at a university, and since he gave me a shout out in the video I figured I'd post it up here. Definitely a must watch if you are trying to convince your college's administration that it's a good idea to teach such a course. Check out Sam's site at http://www.samsclass.info/ if you want to use his teaching curriculum.
How Sarah Palin's Email got "Hacked"
This is a quick video reconstruction I did of how Sarah Palin's Yahoo account got "hacked". You will see it's more about insecure design and easy to find information than anything really technical. I made a test account at Yahoo and this video traces the steps the attacker took. I'm hoping it will be useful to journalists who don't really seem to have a grasp on the story. Feel free to link it anyplace you like.
Intro to DD-WRT: Mod your wireless router to do more
DD-WRT is a Linux firmware available for many Linksys, NetGear, Belkin, D-Link, Fon, Dell, Asus and other vendor's wireless routers. DD-WRT is far more feature rich than the stock firmware that comes with most routers. This video covers the basics of installing and configuring DD-WRT.
presentation for the ISSA in Louisville Kentucky
This is a presentation I gave for the Kentuckiana ISSA on the security tool Nmap. I've also posted the slides and other media so you can follow along if you like. Topics covered include: port scanning concepts, TCP three way handshake, stealth scans, idle scans, bounce scans, version detection, OS detection, NSE/LUA scripting and firewall logs. Hope some of you can make it to the free class we will be holding at Ivy Tech Sellersburg on Sept 20th, 2008 at 1pm. Contact me to RSVP. The video is about an hour long. Enjoy.
High Security Flash Drive: Use and Review
The Ironkey is a high security thumb drive designed to provide strong AES encryption, tamper resistance and other security services.
Setting up a Tarpit (Teergrube) to slow worms and network scanners using LaBrea
(The "Sticky" Honeypot and IDS)
A network Tarpit, sometimes know by the German word Teergrube, is a service or set of hosts that deliberately try to slow malicious network connections down to a crawl. The idea is to put up unused hosts or services on the network that respond to an attacker, but do things to waste their time and greatly slow their scanning (or spreading in the case of Worms). For this video I'll be using a package called LaBrea by Tom Liston and tarpitting unused IP addresses on my home LAN.
Compiling and Configuring DHCPD from Source
Devil2005 has created a video on compiling and configuring dhcpd from source. He's using the Fedora 9 distro of Linux for the video, but the lessons learned should be applicable to other distros. For that matter, even if you are not interested in installing dhcp in this way it's still a good lesson on how to download and compile various applications from source.
Using Data Execution Prevention (DEP) in Windows XP and Vista:
Fighting back against buffer overflows and memory corruption
I've recently become interested in measures that modern CPUs can take to prevent various types of memory corruption attacks. One such feature is the NX bit (as AMD calls it, XD is Intel's term), which allows for memory pages to me marked as not executable. Microsoft Windows started using this ability with XP SP2 as part of their Data Execution Prevention (DEP) feature. Unfortunately, to get most out of DEP you have to configure it. This video will show how to configure DEP protection in Windows XP and Vista.
DNS Spoofing with Ettercap
In my previous two videos I showed how to use Ettercap plugins for various pen-testing and security evaluation functions. In this video I'll show how to use the Ettercap plugin dns_spoof to set up DNS spoofing on the local area network.
More Useful Ettercap Plugins For Pen-testing
In my previous video I showed how to use Ettercap plugins to find sniffers on the network. In this video I'll show three more useful Ettercap plugins: find_ip, gw_discover and isolate.
Finding Promiscuous Sniffers and ARP Poisoners on your Network with Ettercap
Most of you are familiar with using Ettercap for attacking systems, but what about using it to find attackers? This tutorial will cover using Ettercap to find people sniffing on your network. The plug-ins we will be using are search_promisc, arp_cop and scan_poisoner.
Intro To Cryptographic Hashes/MD5
A cryptographic hash function takes an input and returns a fixed size string that corresponds to it, called a hash. Cryptographic hashes have a lot of uses, some of which are: detecting data changes, storing or generating passwords, making unique keys in databases and ensuring message integrity. This video will mostly cover detecting file changes, but I hope it gets your mind going in the right direction for how hashes can be used. Specifically covered will be tools for creating MD5 hashes in Windows and Linux.
Text to Speech to MP3 with the freeware program DSpeech
This video is on Dspeech, a freeware tool that uses Microsoft's SAPI (Speech Application Programming Interface) to convert text to spoken word. What's special about it is it lets you make an MP3 of the text, so you can listen to it on your computer, in you car or on your MP3 player. It's great for listening to notes.
Keyloggers In Action 2: The KeyLlama 2GB USB Keylogger
This video will demonstrate one of the USB KeyLlama brand of hardware keyloggers in action.
Encrypting The Windows System Partition With Truecrypt 5.0
Truecrypt 5.0 adds many new features, most importantly Windows system partition encryption. To put it in slightly inaccurate layman's terms, this means encrypting your entire C: drive. Even if you already write your sensitive data to an encrypted space, files are sometimes squirreled away in unencrypted temp space or in the page file where they may be recovered. Using Truecrypt to encrypt your Windows XP system partition will help eliminate this problem.
Hardware Keyloggers In Action 1: The KeyLlama 2MB PS/2 Keylogger
This video will demonstrate one of the KeyLlama brand of hardware keyloggers in action, specifically the 2MB PS/2 model. I hope this video will give the viewer a better grasp of how these hardware keyloggers work.
Encrypting VoIP Traffic With Zfone To Protect Against Wiretapping
Some people worry about the easy with which their voice communications may be spied upon. Laws like CALEA have made this simpler in some ways, and with roaming wiretaps even those not under direct investigation may lose their privacy. Phil Zimmermann , creator of PGP, has come up with a project called Zfone which aims to do for VoIP what PGP did for email.
Using GPG/PGP/FireGPG to Encrypt and Sign Email from Gmail
This tutorial will show how to use GPG and the FireGPG plug-in to encrypt and decrypt messages in Gmail. GPG is an open source implementation of OpenPGP (Pretty Good Privacy) , a public-key-encryption system. With public key encryption you don't have to give away the secret key that decrypts data for people to be able to send you messages. All senders need is the public key which can only be used to encrypt, this way the secret key never has to be sent across unsecured channels.
SQL Injection Demonstration
SQL injection is a common web application attack that focuses on the database backend. WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. I plan to use WebGoat for a few future videos. This first WebGoat video will show the basics of installing WebGoat and doing two of its SQL injection lessons.
|73||XAMPP: an easy to install Apache daemon containing MySQL, PHP and Perl By devil2005||var||9.87MB||SWF||10/25/2007|
Show and Tell with Kn1ghtl0rd and lowtek mystik
While at PhreakNIC I got a chance to interview Kn1ghtl0rd and lowtek mystik about their research into RFID, its hackabilty and other information. If you want to lean more information about RFID check out their video from last year at http://phreaknic.wilpig.org/ . Video for their new talk this year should be up in the coming months.
Using Metagoofil to extract metadata from public documents found via Google
As many of my viewers know, I have an interest in metadata and how it can be used in a pen-test. Thanks to PaulDotCom I found out about a tool called Metagoofil that makes it easy to search for metadata related to a domain name.
Creating An Auto Hack USB Drive Using Autorun and Batch Files. By Dosk3n
During 2005 Sony BMG was discovered to be including Extended Copy Protection (XPC) and MediaMax CD-3 software on music CDs. The software was automatically installed in the background onto users computers systems that used the autorun function to start running the CD. The software could hide itself from the computers process list in the same way a rootkit would. There was over 100 titles in total that included this "rootkit". Using similar techniques we are going to use the autorun feature with a USB drive to run multiple hacking tools.
How To Burn An ISO Image To A Bootable CD
Fans of my site will think this is a silly video, but I've seen the question asked so many times in forums that I feel I should make a video. Now I'll have something on hand to point people to when they email me, feel free to link to this video if you get the same question. I'll be burning BackTrack with the freeware tool CDBurnerXP, but it would work the same way with Ubuntu, Knoppix or Helix.
Wardrive Mapping With IGiGLE And WiGLE
Map out your WiFi finds with IGiGLE and WiGLE. It's great for users of Netstumbler and Kismet.
Nokia 770/800 Pen-Testing Setup (Nmap, Kismet, Dsniff and other fun stuff)
This video introduces the viewer to using a Nokia Internet Tablet as a pen-testing device.
Forensic Metadata in Word Docs and Jpegs supporting Exif
Metadata is data about data. Different file formats store extra data about themselves in different ways. This video will cover metadata that can be used during a forensic investigation, namely MS Word doc metadata and the metadata stored in a Jpeg's Exif data.
Remote Password Auditing Using THC-Hydra
THC-Hydra is a remote dictionary attack tool from The Hacker's Choice group. It's a well made tool that supports a lot of protocols and options. The following protocols are supported: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, LDAP2, Cisco AAA.
Using Darik's Boot and Nuke (DBAN) to totally wipe a drive
Another continuation of my file carving video and selective file shredding (DOD 5220.22-M) to thwart forensics tools video, this video shows how to use Darik's Boot and Nuke (DBAN) to totally wipe a drive. DBAN is a great tool to add to your anti-forensics tool box.
Selective file shredding (DOD 5220.22-M) with Eraser and CCleaner to thwart forensics tools
A continuation of my file carving video, this video shows how to use Eraser and CCleaner to help thwart forensics tools.
up a simple web proxy with CGIProxy
A quick guide to setting up James Marshall's CGIProxy Perl script and how proxies are used to get around web content restrictions and stay anonymous. This video also shows how to quickly find an open CGI proxy with a search engine.
Carving with PhotoRec to retrieve deleted files from formatted drives for
forensics and disaster recovery
This video introduces the concept of data carving/file carving for recovering deleted files, even after a drive has been formatted.
Using Cain and the AirPcap USB adapter to crack WPA/WPA2
This video introduces the viewer to the AirPcap USB adapter, and auditing WiFi networks with it.
Intro to the AirPcap USB adapter, Wireshark, and using Cain to crack WEP
This video introduces the viewer to the AirPcap USB adapter, and auditing WiFi networks with it.
UPnP Port Forwarding and Security
This video introduces the viewer to port forwarding with Universal Plug In Play, and some of the associated security problems.
Just some video Irongeek took while at Notacon 2007. Plenty of stuff for those with an interest in Hacking and digital arts. Radar, full motion video on an 8088, a great Bluetooth discussion, shock sites, stun guns, Everclear, IPTV show hosts, Demoparty/Demoscene, hacker condoms, Ethernet alternatives, fire staffs, laser data links and more.
|32:55||79.5MB||FLV & AVI||05/03/2007|
Remote Access And Configuration: Setting Up SSH and VNC On Ubuntu Linux (SOHO
Server Series 3)
Just what the title says. In this first video I'll cover how to get SSH can VNC up an running.
WEP Cracking with VMplayer, BackTrack, Aircrack and the DLink DWL-G122 USB
Yes, yet another video on cracking WEP. :)
An Introduction to Tor
This video serves as a brief introduction to the use of the Tor anonymizing network in Windows.
Cracking Windows Vista Passwords With Ophcrack And Cain
Due to the lack of LM hashes, Vista passwords stored in the SAM file are harder to crack. However, the NTLM hash is the same as always and can be cracked if the password is weak.
Updates And New Software In Ubuntu Linux (SOHO Server Series 2)
In this video I'll cover installing updates and new packages in Ubuntu Linux.
Linux (SOHO Server Series 1)
Just what the title says. In this first video I'll cover a bit about partitioning, dual booting with Windows and the basic steps you need to do to get Ubuntu Linux up and running.
Using SysInternals' Process Monitor to
Analyze Apps and Malware
Process Monitor is a useful tool to see what registry, file system and thread changes processes are making on your Windows system.
Dual Booting BackTack Linux And BartPE From A Thumbdrive
Run all of your Windows and Linux security tools from one dual boot UFD.
Creating a Windows Live CD
for System Recovery and Pen-Testing with Bart's PE Builder
Pretty much what the title says, building a BartPE CD for Hacking and system recovery. Some of the tools I will show off are Sala's Password Renew, Cain, RunScanner and XPE.
|47||Making Windows Trojans with EXE Binders (AKA:Joiners), Splice and IExpress||var||6.12MB||SWF||09/12/2006|
A Collection Of Hacking Videos By
Some of the sites that originally hosted them are gone. I'm just putting these up so they are not lost forever.
Hosts File and Ad Blocking
How to use the hosts file to block ads, and a little on how the hosts file works.
Passive OS Fingerprinting With P0f And Ettercap
Cracking MD5 Password Hashes
A little about cracking MD5 password hashes. In this tutorial we take the hashes from a phpbb2 database and crack them using online tools and Cain.
Setting Firefox's User
Agent To Googlebot
Access sites that allow indexing by Google but require you to subscribe to view the content.
Using TrueCrypt With NTFS Alternate
Using TrueCrypt with Alternate Data Streams to hide encrypted data.
Intro To TrueCrypt
Using TrueCrypt to create standard and hidden volumes for "plausible deniability" encryption.
Intro To DD and Autopsy By Williamc and
This video gives the basics of using DD to make an image of a drive over the network and Autopsy to look for data, both from the Auditor Boot CD.
Intro To Bluesnarfing By Williamc and
This video covers Bluesnarfing, serepticiously grabbing data off of Bluetooth devices.
|37||Network Printer Hacking: Irongeek's Presentation at Notacon 2006||44:03||125MB||AVI
|36||Irongeek's Guide to Buying a Used Laptop||16:37||34MB||AVI
Cracking Windows Passwords with
BackTrack and the Online Rainbow Tables at Plain-Text.info
The title says it all pretty much. Audit that SAM file fast!
Adding Modules to a Slax or Backtrack Live CD
In this video I show how to add patches and extra modules to the Back|track Hacking Live CD using MySlax.
Anonym.OS: LiveCD with build in Tor Onion
routing and Privoxy
Just showing off this cool live CD recently released at ShmooCon 2006. Great for surfing anonymously.
Make your own VMs with hard drive for
free: VMware Player + VMX Builder
In my last video I showed how to use the free VMware Player to boot a Live CD ISOs. This time I'm going to show how to use Robert D. Petruska's VMX Builder to make your own VMs with hard drives (vmdk file) and pretty much any virtual hardware you want.
Using VMware Player to run Live
CDs (Bootable ISOs)
In this video I show how to use the free VMware Player to run Live CDs like Knoppix, Auditor or Bart's PE Builder from an ISO.
Dynamic Port Forwarding
I set up a quick video tutorial to show how to set up an encrypted tunnel using SSH's dynamic port forwarding (sort of a poor man's VPN) in both Linux and Windows. The tools used are OpenSSH, PuTTY and Firefox, but it should be enough info to allow you to figure out how to set up other clients.
WMF File Code Execution Vulnerability
This video covers the use of the recent (Jan 2006) WMF file code execution vulnerability with Metasploit. It shows how to shovel a shell back to the attacker with the WMF vulnerability. See Microsoft Security Advisory 912840. Thanks to kn1ghtl0rd, AcidTonic, Electroman and livinded for their help.
Using VirtualDub and a cheap webcam
as a camcorder
I thought this might be of use to those that would like to submit something to Infonomicon TV or Hack TV but lack the cash for a proper MiniDV camcorder.
Firewalls with Sarah: Campus
Computer Security Series Episode 2
Sarah will tell you a bit about Firewalls and walk you though enabling the built-in firewalls that come with Windows XP and Mac OS X.
Updates and Patches with Anna: Campus
Computer Security Series Episode 1
Anna will walk you though updating your Windows XP or Mac OS X computer.
|25||Infonomicon TV Ep 7: HP printer hacking, building an old school phone handset for your cell phone, collecting data in RF monitor mode and making cat5 cables||24:41||127MB||AVI||10/18/2005|
|24||Metasploit Flash Tutorial||var||3.23MB||SWF||10/12/2005|
|23||Nmap Video Tutorial 2: Port Scan Boogaloo||var||13.3MB||SWF||10/06/2005|
|22||Finding Rogue SMB File Shares On Your Network||var||5.46MB||SWF||09/02/2005|
|21||WiGLE, JiGLE and Google Earth: Mapping out your wardrive||var||7.38MB||SWF||08/02/2005|
|20||Droop's Box: Simple Pen-test Using Nmap, Nikto, Bugtraq, Nslookup and Other Tools||var||6.55MB||SWF||07/17/2005|
|19||Fun with Ettercap Filters: The Movie||var||2.43MB||SWF||06/16/2005|
|18||MAC Bridging with Windows XP and Sniffing (very useful with my Cain/VoIP tutorial below)||var||1.44MB||SWF||06/15/2005|
|17||Sniffing VoIP Using Cain||var||1.74MB||SWF||05/26/2005|
|16||Installing Knoppix 3.8 to Your Hard Drive||var||3.75MB||SWF||05/25/2005|
|15||A Quick and Dirty Intro to Nessus using the Auditor Boot CD||var||2.81MB||SWF||05/24/2005|
Local Password Cracking
Presentation for the
Indiana Higher Education Cybersecurity Summit 2005
(It covers cracking the SAM/Syskey, Cached ADS/Domain Credentials, VNC stored passwords and Windows Protected Storage)
|13||Basic Nmap Usage||var||8.47MB||SWF||03/31/2005|
|12||Cracking Syskey and the SAM on Windows Using Samdump2 and John||var||2.48MB||SWF||03/22/2005|
|10||Making The Default XP Interface Look More Like Windows 2000||1:11||1.56MB||SWF||09/17/2004|
|9||Look for deleted data on the slack space of a disk||1:20||3.40MB||SWF||03/31/2004|
|8||Recover deleted cookies or other files using Restoration||1:15||2.12MB||SWF||03/18/2004|
|6||Using NetworkActiv to sniff webpages on a Wi-Fi network||2:00||1.34MB||SWF||03/16/2004|
|5||Boot from Phlak and run Chkrootkit to detect a compromise||2:25||1.45MB||SWF||03/04/2004|
|4||Use Brutus to crack a box running telnet||1:23||1.7MB||AVI||03/03/2004|
|2||Install VNC Remotely||4:14||2.90MB||AVI||09/26/2002|
|1||Start a session and get interactive commandline access to a remote Windows box||4:20||5.00MB||AVI||09/18/2002|