| 08/30/2010 |
Password Exploitation Class Videos Posted
This is a class we gave for the
Kentuckiana ISSA on the the subject of password exploitation. The Password
Exploitation Class was put on as a charity event for the Matthew Shoemaker
Memorial Fund ( http://www.shoecon.org/ ).
The speakers were Dakykilla, Purehate_ and myself. This is sort of the first
Question-Defense /
Irongeek joint video. Lots of password
finding and crack topics were covered: Hashcat, OCLHashcat, Cain, SAMDump2,
Nir's Password Recovery Tools, Password Renew, Backtrack 4 R1, UBCD4Win and much
more. About 4.5 hours of content. |
| 08/24/2010 |
Louisville Infosec, Discount code
information was wrong
I was sent the wrong blurb, the discount is for $30 off, not $50. Sorry. |
| 08/24/2010 |
Louisville Infosec, Oct 7th 2010
I posted yesterday about it, but Fritz asked me to point out the discount code
one more time:
You have one week left to take advantage of the
50% 29.30303031% discount for all IronGeek
Visitors! IronGeek visitors can purchase a ticket for
$49 $69 before September 1,
2010. After this date all tickets will be $99 until the conference is sold out.
We have an excellent technical track this year - Dave Kennedy, Adrian Crenshaw,
Nathan Hamiel, Jeremiah Grossman, Tom Cross from IBM X-Force. See more at
http://www.louisvilleinfosec.com/
Here are the terms:
Register before September 1, 2010 at
http://www.regonline.com/2010_lmic
Select the registration type - IronGeek Discount
Enter the code IGK-0726
Also, shout outs to LVL1, the Louisville
Hacker space. Brad and crew put on a great "Beyond Arduino" class, teaching
the basics of programming directly to an AVR. Fun stuff, which I plan to use in
the near future for some embedded device hacking projects. |
| 08/23/2010 |
Shoecon and other events
Looks like the next two months will be pretty busy for me.
Aug 28th 2010: I have the
Local Password Exploitation Class, 20 seats left last I checked. Details in
the post I made on the 14th of Aug.
Sept 18th 2010: Shoecon will be
happening. I will be speaking, along with Rick Hayes, Keith Pachulski, Karthik
Rangarajan, Brian Wilson, Stan Brooks, SkyDog, Scott Moulton, and Ben Feinstein.
This is a donation driven event where all the proceeds will go to the Shoemaker
Memorial Care Fund. Topic for me will be making a
Barcode Fuzzer, Bruteforcer, SQL/XSS Injector using a flashing LED.
Sept 24th 2010: I'll be speaking at the Bluegrass Chapter of the ISSA on my
favorite network scanners.
Oct 7th 2010: Louisville Infosec. My topic
will be Malicious USB devices. Be sure to check out my friends Nathan Hamiel,
Dave Kennedy, Deral Heiland and Matt Neely talks as well. I also plan to run a
"network king of the hill" event.
Oct 15th-17th: I'll be speaking at
Phreaknic in Nashville.
Oct 23rd-24th: I'll be at Hack3rcon in
Charleston WV, with my buddies
Purehate and Dave Kennedy. |
| 08/14/2010 |
Local Password Exploitation Class
The Kentuckiana ISSA will be putting on class on Aug
28th 2010 from 10am to 4:30pm at the Jeffersonville Public Library. The class
will cover the details of pulling passwords/hashes that are stored on a box
where the attacker has physical access to the system, or via network
vulnerabilities that can reveal the password/hash. Topics to be covered:
- Pulling stored passwords from web browsers/IM clients and other apps
- Hash cracking of Windows passwords, as well as other systems
- Sniffing plain text passwords off the network
- How passwords on one box can be used to worm though other hosts on a
network
Seating is limited to 50 people. The class is being
held as a charity event for the Matthew Shoemaker Memorial Care Fund. Matthew
was a fellow security professional and podcaster who left behind two children,
His colleagues have set up an account to help support his two children.
Donations can be made to the Shoemaker Memorial Care Fund at The Peoples Bank,
P.O. Box 788, Winder, GA 30680. Checks can either be mailed directly or
transfers via telephone (770) 867-9111. Please place the account 00133835 on the
check. A PayPal account has been established and you can find on the right hand
side of this ISD page (http://www.isdpodcast.com/goodbye-farewall-god-bless/).
Please show your receipt for donation of at least $10 at the door.
You can must register at the following URL:
https://events.constantcontact.com/register/eventReg?oeidk=a07e2znbzbs77edf8b6&oseq=
Also, I'd like to mention Shoecon, a
one day event in Atlanta on Sept 18th. I'll plan to make a larger posting about
it later. |
| 08/09/2010 |
Barcode Fuzzer, Bruteforcer, SQL/XSS Injector using a flashing LED
It's not a full function app exactly, but it may be useful to some of my readers
as a framework when testing systems that use barcodes as input. This is a
hardware/software implementation of the ideas I mentioned in my article "XSS,
SQL Injection and Fuzzing Barcode Cheat Sheet". Essentially, this code lets
you flash an LED connected to a Teensy/Arduino in the right sequences for most
barcode readers to scan. Now we have an easier way to do some of the things Mick
and I had been talking about. I tried to make a video to show it off better, but
by myself the camera moved too much. :) When I can get an E-book reader (Nook or
Kindle) I plan to make a more reliable E-Ink display using version.As a side
note, I'm looking forward to Derbycon, even
if it is more than a year away. |
| 08/08/2010 |
The Louisville Metro InfoSec
Conference
Thursday, October 7th, 2010 at Churchill Downs (
http://www.louisvilleinfosec.com
).
Use the Discount Code: IGK-0726 when you register for $30 off the $99 ticket
price ($69), until Sept. 1st. This discount will expire on that date.I'll be
speaking there, running a "Network King of the Hill" and a Forensics challenge. |
| 08/04/2010 |
Shoemaker
Memorial Care Fund
Yesterday I mentioned the passing of Matthew Shoemaker. His friends have
set up an account to help support his two children. Donations can be made to the
Shoemaker Memorial Care Fund at The Peoples Bank, P.O. Box 788, Winder, GA
30680. Checks can either be mailed directly or transfers via telephone (770)
867-9111. Please place the account 00133835 on the check. Rick has set up a
PayPal link, which you can find on the
right hand side
of this ISD page.There are also plans to set up some charity classes.
|
| 08/03/2010 |
Post Defcon 18 Updates
First, I regret to inform you of the death of my friend and fellow ISDPodcaster
Matthew
Shoemaker. Rick has made a
post with
information on how donations can be made to help Matthew's children.I've
added my Defcon
Slides to the bottom of the
Videos and Pictures section of the PHUKD article.
Monta Elkins gave a presentation as well using an
RF transmitter to activate the
Teensy.
Dave Kennedy and Josh Kelley also gave a
Powershell talk that did some more advanced things with the PHUKD concept. |
| 07/14/2010 |
Setting up the Teensy/Teensyduino Arduino Environment
This video will show you the basics of setting up the Teensyduino environment in
Windows so you can start developing PHUKD devices. |
| 07/12/2010 |
Mutillidae/Samurai WTF/OWASP Top 10
This is a presentation I did at the
Kentuckiana ISSA and then again at the
Ohio Security Forum on Mutillidae/Samurai WTF/OWASP Top 10. I chose to post
the Ohio version of the video as I think it came out better, but the slides are
the same. Plenty of information on XSS (Cross Site Scripting), CSRF (Cross Site
Request Forgery) and SQL/Command Injection. |
| 07/02/2010 |
Locking down Windows Vista and Windows 7 against Malicious USB devices
In this article I go into a lot of details about blocking malicious USB
devices, like the
PHUKD. I plan to present such material at the upcoming Louisville Infosec.
Speaking of which:The Louisville Metro InfoSec Conference
Thursday October 7th, 2010
at Churchill Downs!
http://www.louisvilleinfosec.com/
Registrations between now and July 16th, 2010 receive a
50% DISCOUNT on the $99 ticket price!
After July 16th the ticket price will go back to normal.
Current speakers include: Marcus J. Ranum, Dave Kennedy, Rafal Los, Jeremiah
Grossman and myself. |
| 06/29/2010 |
Update to the programmable HID project
I've updated the
PHUKD Library to 0.2.
The main changes are that I've added two functions for the Gnome desktop under
Linux:ShrinkCurWinGnome()
CommandAtRunBarGnome(char *SomeCommand)
you may also see something about OS X, but it does not work. Can anyone tell
me a run bar equivalent that works in OS X?
I've also changed the library so that it goes in the normal libraries folder,
and not the same folder as your sketch. |
| 06/24/2010 |
Ligatt / Gregory D. Evans Videos
It should be noted, I did not create these videos, my buddy Rick from the
ISDPodcast did (at least the first
two). Still, they are worth sharing.
I have some links below if you want more info on the Ligatt / Gregory D. Evans
controversy that has been going around. If nothing else, it will help with
people researching the person/company:
Ligatt / Gregory
D. Evans Fun Charlatan Entry at Attrition.org Follow all the Ligatt fun on
Twitter
The
Register has a good writeup on Ligatt / Gregory D. Evans
This
is probably the most concise writeup on Ligatt / Gregory D. Evans
If
you want to read the book "How To Become The Worlds No. 1 Hacker" for yourself,
but you don't want to pay Ligatt for plagiarizing, grab the PDF at this link |
| 06/16/2010 |
Mutillidae Vulnerable Web App Updated, ver 1.5
I changed it so that now, by default, Mutillidae only allows access from
localhost (127.*.*.*), assuming the .htaccess file I've written is honored.
Thanks for the suggestion Kevin.
I've also made the install instructions somewhat better.In other news, I'll
be speaking about Mutillidae at the following two events:
Kentuckiana ISSA July Meeting
July 9th from 11:30 AM to 1:00 PM
Ohio Information Security
Forum Anniversary Event July 10th, 2010 8:30AM-5:30PM
Both are free to the public, but you have to RSVP. |
| 06/03/2010 |
PHUKD Project Page Updated
I've updated the Programmable HID USB Keyboard Dongle project page with:
More pics of newer units.
A video of the
trojaned color changing mouse.
A
PHUKD Arduino library to help developers.
I've also made a bunch of anchor tags to help in navigating to the part you
want.
As a side note, I'll be speaking about the PHUKD project at Defcon! Thanks to
Paul for the help with the hardware, the
Kentuckian ISSA for helping to
get me to Defcon, and Tenacity Solutions
for their support on this project. |
| 05/13/2010 |
Metasploit
Class Videos
On May 8th 2010 the
Kentuckiana ISSA held a 7 hour Metasploit class at the Brown hotel in
Louisville Ky. Proceeds from the class went to the Hackers For Charity Food for
Work program. The instructors were David "ReL1K" Kennedy, Martin "PureHate" Bos,
Elliott "Nullthreat" Cutright, Pwrcycle and Adrian "Irongeek" Crenshaw. Below
are the videos of the event. I hope you enjoy them, and if you do please
consider donating to Johnny Longs' organization. This should be more Metasploit
than you can stand! |
| 05/09/2010 |
Steganographic Command and Control: Building a communication channel that
withstands hostile scrutiny
This is the final report I wrote for the Malware class I'm in. |
| 05/06/2010 |
WHAS
11 Webcam Exploit
This is a segment I did an interview for. They took very little of what I said,
and played up the voyeur aspect (I told them webcams were not that big a worry,
but drive by bot installs were). |
| 04/29/2010 |
Mutillidae Updated for OWASP Top 10 of 2010
I made some changes to Mutillidae (version 1.4) to make it compliant with the
2010 version of the OWASP Top 10. I also added some modules, and fixed a bug I
must have introduced at some point that keeps the user from inserting a single
quote into their blog. |
| 04/19/2010 |
Notacon Anti-Forensics Slides Posted
I put up the slides from my Notacon talk on the same page as the longer version
of the Anti-forensics/Occult Computing talk. Hope to have the video up later. |
| 04/15/2010 |
Office XML Steganography Tool
This is some relatively crappy code I wrote to hide files inside of Microsoft
Office 2007 (and I hope 2010, though I have yet to test) docs (DOCX, XLSX, PPTX,
etc). Since the newer Office docs are basically just zip files containing XML
and resources, it's fairly easy. |
| 04/07/2010 |
Louisville Metro Metasploit Class - May 8th 2010
The Kentuckiana ISSA will be putting on a 6.5 hour Metasploit class on May 8th
2010 from 10am to 4:30pm at the Jeffersonville Public Library.Instructors
include:
David "ReL1K" Kennedy
Martin "PureHate" Bos
Elliott "Nullthreat" Cutright
pwrcycle
Adrian "Irongeek" Crenshaw
The class is being held for charity, so it's not quite free, but all we ask is
that you donate $10 to the Hackers For Charity Kenya food for work program. More
details are available at the link above. |
| 04/01/2010 |
P.H.U.K.D. Device Project Page Updated
I've updated my Programmable HID USB Keyboard Dongle project page with:
Photos of a soldered, heat shrink packaged, thumbdrive sized unit.
Code example that demonstrates timer delays and using the light sensor.
Code for doing quick diagnostics on the PHUKED unit to see which pins are
connected and what the analog pin reads.
Added a comment about being able to use the 8 position DIP switch to choose
from 256 different options.
Hope you find the updates useful.
In other news, Scott Moulton still has open seats for his
Forensics & Data
Recovery class in Washington DC class April 12-16th.
You may remember Scott from some of his presentations that I've posted to my
site:
At Least TEN things you didn't know about your hard drive!
Reassembling RAID by SIGHT and SOUND!
Advanced Data Recovery Forensics
I've not taken his class yet, but I've heard great things and know that his
talks at conferences are awesome. If you have money in your training budget,
this class would be a good place to spend it. |
| 03/28/2010 |
Outerz0ne 2010 Videos
The following are videos of the presentations from the
Outerzone 2010 hacker conference. Thanks
to Skydog, Robin, Scott, SomeNinjaMaster and the
Hacker Consortium crew for the con.
Also thanks to Karlo, Keith, and Seeblind for doing AV. I'm looking forward to
Skydogcon. |
| 03/23/2010 |
Programmable HID USB Keystroke Dongle: Using the Teensy as a pen-testing device
The Programmable HID USB Keystroke Dongle (PHUKD for short) is kind of like a U3
thumbdrive alternative, but with sensor and timer abilities. Read the article,
and I think you will see the potential of the project. |
| 03/08/2010 |
Security Podcasts Page
Updated
I've updated my security podcast page to include the
Social-Engineer.org
Podcast. Also, there's real info up on the
Outerz0ne conference website now. It's
March 19th-20th 2010 in Atlanta, GA. Hope to see some of you there. |
| 03/06/2010 |
Attacking and Defending WPA Enterprise Networks - Matt Neely
Matt Neely of
SecureState came to the March
Kentuckiana ISSA meeting and gave
a great presentation on securing and hacking WPA Enterprise networks. If you are
confused by the acronym soup of "EAP-TLS, EAP-TTLS/MSCHAPv2,
PEAPv0/EAP-MSCHAPv2, PEAPv1/EAP-GTC, PEAP-TLS" and which are the better options,
this may be the video for you. Also, go check out the podcast Matt's on,
Security Justice, it's one of the
security/hacking
podcasts I regularly listen to. |
| 03/04/2010 |
InfoSec
Daily Podcast Episode 80
Episode 80 of the ISD Podcast is up. Besides current vulnerabilities of interest
and news topics, Rick, Matthew and I discussed
text based steganography. Which reminds me, I need to update the code a
little to fix some typos. :) |
| 03/01/2010 |
Steganography: The art of hiding stuff in stuff so others don't find your stuff
This is a presentation I was working on for the malware class I'm enrolled in.
For some reason my voice was cracking while recording it, but I guess it was
good practice for the live version I'll do tomorrow. Besides just an
introduction to Steganography, I'll also talk a little about my SnarlBot project
that will attempt to use stego in a command and control channel. |
| 02/24/2010 |
Unicode and LSB Steganography program examples
I wrote these Autoit3 code examples to illustrate some of the ways that
steganography (hiding data in other data, or as I like to call it "hiding your
stuff in other stuff so people can't find your stuff") can be done. These sorts
of techniques can be of great use in passing messages without others knowing, in
anti-forensics activities, or as covert command and control channels for botnets
(as I plan to study for my final project in the malware class I'm enrolled in).
Other items: I'll be at Outerz0ne 2010
in Atlanta. Also, tomorrow night I should be on the
InfoSec Daily Podcast with an update to
my
ZipIt Z2 project. |
| 02/22/2010 |
Side-Track: Security/Pen-testing distribution of Linux for the ZipIt Z2
Ok, I've got it working, and for those who have a ZipIt Z2 I'd love for you to
test it. It's based on the RootnNxus userland, and includes the following
additional packages: cron curl driftnet dsniff etherape ettercap hping3 locate
man netcat netdiscover netwox ngrep nikto nmap ntp openssh-server perl ptunnel
python rdesktop ruby samba-tools samba4-clients secure-delete socat sqlmap
tcpdump tcpreplay tcpxtract traceroute w3af w3af-console wget whois zenmap. I've
also tweaked some of the scripts, and put a newer wireless firmware on it.
|
| 02/10/2010 |
FireTalks from Shmoocon 2010
Grecs and the folks at
Shmoo were kind enough to let me
record the FireTalks from Shmoocon 2010. Here you will find the
presentations of David “ReL1K” Kennedy, Michael “theprez98″ Schearer, Marcus J. Carey, Adrian “IronGeek” Crenshaw, Nicholas “aricon” Berthaume, Zero Chaos, Benny
"security4all"
and Christian “cmlh” Heinrich.
|
| 02/04/2010 |
I'll be at Shmoocon tomorrow, may have a live
stream up some of the time
Don't know if I'll be able to manage it, but I may be streaming some of my
activities from Shmoocon using WebCamStudio for
Linux. If I can, you will see it below (or on the
Irongeek.com site if you read this via
RSS):
Stream no longer active |
| 02/03/2010 |
XSS, SQL Injection and Fuzzing Barcode Cheat Sheet Updated
I've added the ability to use any lower ASCII character you wish, you just have
to know its decimal equivalent. I've also constructed and
ASCII
barcode chart that should help. Let me know if you figure out how to type
Ctrl-Alt-Del with your keyboard wedge. :)Side note, tomorrow night I'll be on
the ISD Podcast, episode 61. See you at
Shmoocon. |
| 01/30/2010 |
Video:When
Web 2.0 Attacks - Rafal Los
Recorded at: Louisville OWASP Chapter - Fourth Meeting, Friday January 29th,
2010
Speaker: Rafal Los will be discussing Flash and Web 2.0 security
I used the same rig I hope to use for recording the Fireside talks at
Shmoocon. |
| 01/28/2010 |
Infosec Daily Podcast Episode
56
We are recording tonight, so it should be up by the morning. This time the tech
segment will be on the recent bar code hacking project, which at Mick's
suggestion now has
XSS/SQL Injection for QR 2d bar codes. |
| 01/28/2010 |
XSS, SQL Injection and Fuzzing Barcode Cheat Sheet
I was listening to an episode of
Pauldotcom, and Mick mentioned something about attacks on systems via
barcode. Because of the nature of barcodes, developers may not be expecting
attacks from that vector and thus don’t sanitize their inputs properly. I had
previously written "XSS,
Command and SQL Injection vectors: Beyond the Form" so this was right up my
alley. I constructed this page that lets you make barcodes in Code 93, Code 39,
Code 39ext and Code 128A, B and C. |
| 01/25/2010 |
Botnets Presentation For Malware Class
I have to present two papers for my malware class, so I figure I'd share my
practice video with my readers. Slides are available in
PDF and
PPTX
forms. |
| 01/21/2010 |
Infosec Daily Podcast Episode
51
We are recording tonight, so it should be up by the morning. This time the tech
segment will be on
Tracking users, malware and data leaks via the USB serial numbers on flash
drives, smart phones and MP3 players. |
| 01/19/2010 |
Setting up the HoneyBOT HoneyPot
HoneyPots are hosts meant to be attacked either to distract the attackers or to
research their techniques. This video will cover setting up a simple HoneyPot in
Windows using an application called HoneyBOT. I'll also talk a little about
capturing a pcap file with dumpcap for later analysis. |
| 01/12/2010 |
Sitting in on Infosec Daily Podcast Episode
44
We are recording tonight, so it should be up by the morning. They are letting me
do a tech segment on setting up an
Ethernet bridge in Linux and
network bridging
in Windows. Also, I hope we will cover a bit about Google's
reaction to China's attacks on human rights activist's Google accounts. |
| 01/09/2010 |
Speaking at the Shmoocon FireTalks
My presentation was not accepted for the normal Shmoocon talks, but I will be
doing a much shortened version for the
FireTalks at Shmoo. For those wondering what I'll be talking about:Title:
Funnypots and Skiddy Baiting
Desciption: Ever wanted to screw with those that screw with you? Honeypots might
be ok for research, but they don’t allow you to have fun at an attacker’s
expense the same way funnypot and skiddy baiting does. In this talk I’ll be
covering techniques you can use to scar the psyche or to have fun at the expense
of attackers or people invading your privacy. Some of the topics to be covered
are: Fun with DNS and Loopback, SWATing for Packets, Lemonwipe your drive,
Robots.txt trolling, And more…
I think there are still some slots open for Firetalks, so please submit
something on the site linked to above if you have an idea.
Grecs gave me the go ahead to record the
short FireTalks at Shmoocon 2010. I've been messing around with AVISynth, and I
plan to use it to make the Fireside talks look somewhat professional, like the
ones Defcon releases. I re-encoded my "Bulilding a Hacklab" video to test out
how well the script would work,
here are the results. Let me know what you think. |
| 01/05/2010 |
New Text Article:
Tracking users, malware and data leaks via the USB serial numbers on flash
drives, smart phones and MP3 players
In this article I talk about using the USB serial number some devices have for
security and forensics purposes. By the way, I'm starting to use Twitter more,
so feel free to follow me: @Irongeek_ADC |
| 01/01/2010 |
WiGLE WiFi Database to Google Earth Client for Wardrive Mapping Tool Updated
Uploaded version 0.90. Once again, Wigle.net changed the way I had to query
their database, so I had to fix IGiGLE so it worked again. I also changed how I
got the zip code to lat/long to work. It may also now work with NAC, UTM
or a Great Britain telephone area code, but this needs more testing so please
let me know. |
| 12/29/2009 |
Ethernet bridge in Ubuntu Linux video updated
I fixed the sound and frame size in the video I posted this morning.
As a side thing, check out Webcam Studio For
GNU/Linux (WS4GL). I'm hoping as it matures I'll be able to use it as a
poorman's tri-caster when I record/stream presentations at hacker cons. The live
picture in picture or split screen is an awesome feature. Toss Patrick Balleux
some cash to encourage further development. |
| 12/29/2009 |
Setting up an Ethernet bridge in Ubuntu Linux
In a previous video, I showed how to set up an
Ethernet bridge
in Windows XP. This is very useful for sniffing traffic leaving your LAN for
the purposes of IDS (Intrusion Detection System), network monitoring, statistics
or just plain snooping. In this video, I cover setting up an Ethernet bridge in
Linux. Other tools used in this video include Wireshark, TCPDump, Etherape and
Driftnet. |
|
More......... |
RSS