Irongeek's Security Site

Intro to Scanning: Nmap, Hping, Amap, TCPDump, Metasploit, etc. Jeremy Druin

Sat, 12 May 2012 14:41:08 -0400

Link: http://www.irongeek.com/i.php?page=videos/intro-to-scanning-nmap-hping-amap-tcpdump-metasploit-jeremy-druin
This is the 2nd in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae for the Kentuckiana ISSA. This one covers scanning Nmap, Hping, Amap, TCPDump, Metasploit, etc.

Jeremy Druin did some more Mutillidae/Web Pen-testing videos

Sun, 6 May 2012 14:03:16 -0400

Jeremy Druin did some more Mutillidae/Web Pen-testing videos

At some point, I will start putting up some of my own content :) I have done some tricks that I hope will make the page load better, but I'm not sure about the browser compatibility. In the mean time, here is some more of Jeremy's work:

Using Metasploit Hashdump Post Exploit Module Creds Table And John
This video shows how to have the hashdump post exploitation module automatically populate the creds table in the metasploit database, then export the credentials to a file suitible to pass to the john the ripper tool in order to audit the passwords.

Using Metasploit Community Edition To Determine Exploit For Vulnerability
In previous versions of Metasploit it was possible to run "db_autopwn -t -x" in the msfcomsole in order to have metasploit guess the best exploits for a given vulnerability. This video looks at alternative functionality for the depreciated "db_autopwn -t -x" option in older versions of Metasploit's msfconsole. Metasploit Community Edition has similar exploit analysis functionality accessible via the web based GUI.

More Mutillidae/Web Pen-testing videos from Jeremy Druin

Fri, 4 May 2012 08:22:50 -0400

Link:http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae

Jeremy had two more videos for you. It's beginning to become a load problem with all the iframe embedded videos :). I'm willing to take suggestions.

Using Hydra To Brute Force Web Forms Based Authentication Over Http
This video covers using nmap to ping sweep network then discover ports on two machines to locate a web server on which Mutillidae is running. Once the web server is running, the site is loaded into Firefox and the login page is located. Using View-Source, Burp-Suite, and the sites registration, the login process is studied. Potential usernames are gathered from using Reconnoitter, CeWL, and the sites own blog page. A password file from john the ripper is used. With the potential usernames and passwords in hand, hydra is used in http-post-form mode to search for a username and password which can log into the site.

Connect To Unreachable Web Site Through Meterpreter Port Forwarding
This video covers accessing a web site that is normally unreachable from our Backtrack 5 box. However, after gaining a session on a third box, we forward our web browser through the compromised host in order to browse the website. The port forwarding is done via a meterpreter session on the compromised host. After setting up the port forward, the browser is able to use the compromised host as a relay (almost like a web proxy) in order to browse to the "internal" web application.

DerbyCon tickets go on sale this today! (Friday April 27th) – CFP OPEN!

Fri, 27 Apr 2012 08:57:39 -0400

Link: https://www.derbycon.com/news/
We will be opening up ticket sales on Friday at 1:00PM EST on April 27th 2012. Both training and normal conference tickets will be going on sale at this time. We feel we have a very stable ticketing system at this point from the tests last week and don’t anticipate any major issues! We look forward to seeing everyone at DerbyCon this year… It’s going to be amazing!!!

Call for papers are also open! Check out the CFP section on the DerbyCon here.

Some of the current speakers: Jeff Moss, Dan Kaminsky, Kevin Mitnick, Martin Bos, Adrian Crenshaw, HD Moore, Dave Kennedy, Ryan Elkins, Johnny Long, Chris Nickerson, Chris Gates, Eric Smith, Paul Asadoorian, Rob Fuller, Larry Pesce, Chris Hadnagy, John Strand, Peter Van Eeckhoutte, int0x80, Thomas d’Otreppe, Jack Daniel, Jason Scott, Deviant Ollam, Jayson E. Street, James Lee, Rafal Los, Kevin Johnson, Tom Eston, Rick Hayes, Georgia Weidman and Karthik Rangarajan

Check out videos of last year's Derbycon here.

2 more Mutillidae/Web Pen-testing videos from Jeremy Druin

Mon, 23 Apr 2012 10:34:21 -0400

Link: http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae

Three more great videos from Jeremy Druin (@webpwnized ):

Creating Syn Port Scan Manually With Scapy
Contrast Nmap And Amap Service Version Detection Scanning

Outerz0ne 8 (2012) Videos

Mon, 23 Apr 2012 10:18:29 -0400

Link: http://www.irongeek.com/i.php?page=videos/outerz0ne8/mainlist

Here is the list:
Kickin' it off for year number 8! Outerz0ne: The History, The Legend SkyDog
Bare Metal Install of Linux from a Network Server Halfjack
How To Cyberstalk Potential Employers IronGeek
Complex Litigation in America Tyler Pitchford
Hook, Line and Syncer: Outerz0ne Remix Chris Silvers
IPv4 -to- IPv6 Service Providers Challenges Jeremy Schmeichel & SlimJim
Your Camera is Worth $300,000 to Microsoft Scott Moulton
Outerz0ne Closing and Awards Skydog and Crew

Notacon 9 (2012) Videos

Mon, 16 Apr 2012 12:42:17 -0400

Link:http://www.irongeek.com/i.php?page=videos/notacon9/mainlist
These are the videos from the 9th Notacon conference held April 12th-15th, 2012. Not all of them are security related, but I hope my viewers will enjoy them anyway. Thanks to Froggy and Tyger for having me up, and to the video team: SatNights, Widget, Securi-D, Purge, Bunsen, Fry Steve and myself. Sorry about the sound issues, but there is only so much pain I want to go through in post. Also for some videos we only have the slides or the live video, but not both.
List:

Track 1
Day 1

Game Maker: Crash Course
Chris Sanyk

Minute Man: All I Need is 60 Seconds
Rick Deacon

Get your kicks on route IPv6
Mike Andrews

We lit IPv6. This is what happened.
Jeff Goeke-Smith

Civic Hacking
Jeff Schuler, Beth Sebian

Vulnerabilities of Control Systems in Drinking Water Utilities
John McNabb

Hacking for Freedom
Peter Fein

Building a Game for the Ages (well, the young ages anyway)
Bill Sempf

Day 2

Mo data? Mo problems!
Mick Douglas

What if Max Zoran Succeeded? Living without Silicon Valley
movax

How to totally suck at Information Security
Christopher Payne, Doug Nibbelink

(Just About) Everything you think you know about Wilderness Survival is Wrong
Mark Lenigan

Baking in Security
Jeff “ghostnomad” Kirsch

Your Hacker Class is Bullsh1t
Christopher Payne

REFACTORING THE REVOLUTION (Occupy as an Agile project)
Some Guy On Bridge

Custom Distributions Via Package Aliasing: release of The Pentest Repository
Ryan Holeman

Numbers, From Merely Big to Unimaginable
Brian Makin

Whose Slide Is It Anyway?
nicolle “rogueclown” neulist
(Sorry, I can't post this one since we did not get permission from everyone)

Track 2
Day 1

I’m a Hacker…and I’m a QSA (Hacking PCI Requirement 6.6. Why Your Web Applications are Still Not Secure)
David Sopata, Gary McCully

Neurohacking: from the bottom up
meecie

Code That Sounds Good: Music Theory and Algorithmic Composition
nicolle “rogueclown” neulist

Collaboration. You keep using that word…
Angela Harms

Kinetic Security
Knuckles, Jeff “ghostnomad” Kirsch, Ghostnomadjr

Milkymist: video synthesizers at the cutting edge of open source hardware
Sébastien Bourdeauducq

Development Operations: Take Back Your Infrastructure
Mark Stanislav

Exercise Your Mind and Body
Suellen Walker, Joe Walker

Day 2

How to Market the Morally Broken and Sociologically Depraved: A Guide to Selling Your Local Hacker Conference to the Public
Jaime Payne

Geocaching 101
Jon Peer

Notacon 9 Network

1984 2012 Legal Privacy Trends
Nick Merker

The Sword is Mightier than the Pen(test): an Introduction to Fencing
Brian Stone, Amy Clausen

What Locksport Can Teach Us About Security
Bill Sempf

Octodad: Building a Better Tentacle Ragdoll
Devon Scott-Tunkin

More Mutillidae/Web Pen-testing videos from Jeremy Druin

Sun, 15 Apr 2012 19:30:58 -0400

Link:http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#detailed-look-at-linux-traceroute

Three more great videos from Jeremy Druin (@webpwnized ):

Detailed Look At Linux Traceroute

This video takes a detailed look at the traceroute program in Linux. The newer traceroute is used (version 2.0.18). The later versions have the ability to send packets of different protocols (i.e. TCP) to the target. This feature was previously found in the LFT (Layer Four Traceroute) tool but not found in the Linux traceroute. While LFT still is more feature-rich than the traceroute built into Linux, the new features in Linux traceroute make the tool very useful and quite capible. It helps to understand how the traceroute tool forms the packets, to what ports the packets are sent, and what protocols can be used to send the packets. This information can be used to get traceroute commands to work through firewalls and HIPS systems when ICMP and/or UDP and/or most TCP ports are blocked.

Introduction To TCPDump Network Sniffer

This video is an introduction to the tcpdump network packet sniffer/capture tool. The video is relatively long because of the demo used required "building up" to the HTTP capture. The video only covers the basics but is meant to be a good introduction to practical use of tcpdump.

Basics Of Using The Maltego Reconnaissance Graphing Tool

This video looks at using Maltego to both gather and organize information in a customer pen-test. Maltego is a GUI-based tool for Linux which is included in the Backtrack 5 R2 release. The tool is able to gather information from public sources on entities. The Community Edition (used in this video) is free. There is a paid-version with more features. The site used in this video is irongeek.com and was used with written permission from the owner. If following along, please use a domain for which you have permission.

Finding Comments And File Metadata Using Multiple Techniques

Sun, 8 Apr 2012 15:40:34 -0400

Link: http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#finding-comments-and-file-metadata-using-multiple-techniques
Jeremy Druin has made a new video:
This video has two related parts. The first part discusses finding the comments in Mutillidae related to the "comments challenge". This is an easy challenge in Mutillidae but the techniques can be extended to search entire sites for comments. The second part of the video looks at finding metadata in general using a variety of tools.

The tools used are Firefox "View Source", W3AF, grep, wget, Burp Suite, exiftool and strings. The demo site used is Mutillidae, which is a free open-source fully functional PHP site with a MySQL database. The site runs on localhost or it can be run in a virtual network as a practice target or capture the flag target. It is not a good idea to run Mutillidae publically because it will get hacked. Mutillidae is available at Sourceforge and Irongeek.com. Along with the project is several documents and an installation guide for Windows 7.

Also, I updated the Pen-testing practice in a box: How to assemble a virtual network post to fix an audio issue (it was cutting out after a certain amount of time).

Pen-testing practice in a box: How to assemble a virtual network

Sat, 7 Apr 2012 12:55:44 -0400

Link: http://www.irongeek.com/i.php?page=videos/pen-testing-practice-in-a-box-how-to-assemble-a-virtual-network
This is the first in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae for the Kentuckiana ISSA. Topics: Virtual Box Installation, Installing virtual machines, Configuring virtual networks - bridged, nat, hostonly, USB devices in virtual machines, Wireless networks in virtual machines, Installing Guest Additions, How to install Mutillidae in Windows on XAMPP, How to install Mutillidae in Linux Samurai

Mutillidae How To Use Dradis To Organize Nmap And Nessus Scan Results

Thu, 5 Apr 2012 08:37:50 -0400

Link:http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-use-dradis-to-organize-nmap-and-nessus-scan-results
New video from Jeremy Druin:
The latest version of Dradis (2.9) has excellent import speed compared to version 2.7. This video looks at using the import features of Dradis to organize the scan results from an nmap scan and a Nessus 5 scan. Dradis is a tool that allows pen testers, auditors, and vulnerability assessors to organize their work by server or other categories. The Dradis starts a web server which other team members can share information as well.

Homoglyph Attack Generator Updated

Tue, 3 Apr 2012 15:30:32 -0400

Link:http://www.irongeek.com/homoglyph-attack-generator.php
I found a list of IDN blacklisted characters on Mozilla's site and added them. I also added a table of the homoglyphs I'm using.

Two More Web Security Videos From Jeremy Druin

Sun, 1 Apr 2012 20:03:22 -0400

Link:http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-upgrade-to-nessus-5-on-backtrack-5-r2

Jeremy Druin has made two more videos:
How To Upgrade To Nessus 5 On Backtrack 5 R2

This video looks at upgrading Nessus 4 to Nessus 5. The operating system used in the video is Backtrack 5 R2. Nessus 4 was successfully registered and running on this OS prior to attempting to upgrade to Nessus 5. If a fresh Nessus install is needed, the process is different.

Creating Reports And Metasploit Db Importable Reports With Nmap Xml Output

Nmap reporting is excellent with the XML option but this is not used in a lot of cases. The XML output from nmap can be imported into other tools such as the Metasploit Community Edition (Import button), metasploit DB, and other tools. Also, the XML format can be opened in a web browser to produce a well-formatted report suitable for attachment to a pen-test.

Outerz0ne Video Move

Thu, 29 Mar 2012 11:02:31 -0400

Outerz0ne Video Move
Still working on moving videos to YouTube to support more devices. Since Outerz0ne is coming up I decided to move their videos next:

Outerz0ne 2011:

SkyDog - Opening Ceremonies/etc.
SkyDog - The Modern Day Hacker
IronGeek - Rendering Hacker Con Videos with AviSynth
MadMex - Windows Command Line Incident Response
HalfJack -Building your Own Green Home
Beau Woods - What Companies and Vendors must know about securing mobile devices, mobile applications, access and data.
Rick Hayes - Assessing and Pen-Testing IPv6 Networks
Pure Hate - Why your password policy sucks
Billy Hoffman - Advice on starting a start-up
Contest Prize Giveaway, Awards, Closing Ceremonies

Outerz0ne 2010:

Intro to Outerzone and Talk 1 - Security People Suck - Gene Bransfield
IronGeek - Turning the Zipit 2 into a mobile hacking device
Freeside
PBR90X - Social Networking #FAIL
Scott Moulton - Hard Drive Kung Fu Magic
Brian Wilson -Docsis Coolness
BobTalks
Billy Hoffman - Web Performance Talk Craziness
Closing Ceremonies

Outerz0ne 2009

Morgellon - *Duino-Punk! Manifesting Open Source in Physical Space from Outerz0ne 5
Tyler Pitchford - They took my laptop! - U.S. Search and Seizure Explained
SkyDog - Screen Printing Primer - Make your own Con Shirt!
SlimJim100 - Live Demo of Cain & Able and the Man-in-the-middle-attack
Nick Chapman - Embedded Malicious Javascript
Makers Local 256 - A primer on hackerspaces
Scott Moulton - Reassembling RAID by SIGHT and SOUND!
Rob Ragan - Filter Evasion - Houdini on the Wire
Acidus (Billy Hoffman) - Offline Apps: The Future of The Web is the Client?
Closing

Also, a video I did about Outerz0ne and Notacon 2009:

Outerz0ne and Notacon 2009 Hacker Cons Report

Manual Directory Browsing To Reveal Mutillidae Easter Egg File

Wed, 28 Mar 2012 10:13:42 -0400

Link: http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#manual-directory-browsing-to-reveal-mutillidae-easter-egg-file
Jeremy has made another video:
This video looks at manual testing for directory browsing misconfiguration vulnerabilities in Mutillidae. For directory browsing brute forcing, OWASP DiRBuster or Burp-Suite Intruder are great tools. However, Mutillidae gives away some of its directory paths when serving PDF and other files. These can be tested manually to reveal the Mutillidae Easter egg file. Also common directory names like "include" and "includes" can be tried quickly just using a browser before firing up the tools.

OSInt, Cyberstalking, Footprinting and Recon: Getting to know you (YouTube Migration)

Mon, 26 Mar 2012 11:46:30 -0400

Link: http://www.irongeek.com/i.php?page=videos/osint-cyberstalking-footprinting-recon
I've migrated the "OSInt, Cyberstalking, Footprinting and Recon: Getting to know you" to YouTube. This should allow it to be viewed on more devices.

The following are videos from the Footprinting/OSInt/Recon/Cyberstalking class I did up in Fort Wayne Indiana for the Northeast Indiana Chapter of ISSA. I've split the class into three videos by subtopic, and included the text from the presentation for quick linking.

Password Exploitation Class (YouTube Migration)

Mon, 26 Mar 2012 11:45:20 -0400

Link: http://www.irongeek.com/i.php?page=videos/password-exploitation-class
I've migrated the "Password Exploitation Class" to YouTube. This should allow it to be viewed on more devices.

This is a class we gave for the Kentuckiana ISSA on the the subject of password exploitation. The Password Exploitation Class was put on as a charity event for the Matthew Shoemaker Memorial Fund. The speakers were Dakykilla, Purehate_ and Irongeek.

Anti-Forensics: Occult Computing Class (YouTube Migration)

Mon, 26 Mar 2012 11:44:46 -0400

Link: http://www.irongeek.com/i.php?page=videos/anti-forensics-occult-computing
I've migrated the "Anti-Forensics: Occult Computing Class" to YouTube. This should allow it to be viewed on more devices.

This is a class I gave for the Kentuckiana ISSA on the the subject of Anti-forensics. It's about 3 hours long, and sort of meandering, but I hope you find it handy. For the record, Podge was operating the camera :) Apparently it was not on me during the opening joke, but so be it, no one seemed to get it. I spend way to much time on the Internet it seems. Also, I'm in need of finding video host to take these large files. This class video is 3 hours, 7 min and 1.2GB as captured.

Mutillidae Injecting Cross Site Script Into Logging Pages Via Cookie Injection

Sat, 24 Mar 2012 13:20:50 -0400

Link:http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#injecting-cross-site-script-into-logging-pages-via-cookie-injection
Jeremy has made another video (I can't keep up):
By setting the values of browser cookies, then purposely browsing to a web page that logs the value of user cookies, it may be possible to inject cross site scripts into the log files or the log data table of the web site. Later when the logs are reviewed by Administrators, the cross site scripts may execute in the administrators browser. The video uses the Mutillidae capture data pages as an example. In Mutillidae one of the capture the flag events is to poison the attackers browser by purposely exposes the attacker to a cross site script. This can be done by infecting a cookie then "letting" the attacker trick you into visiting the capture data page.

Mutillidae Generate Cross Site Scripts With SQL Injection

Sat, 24 Mar 2012 12:32:15 -0400

Link:http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#generate-cross-site-scripts-with-sql-injection
Jeremy has made another video:
This video discusses an advanced SQL injection technique. The SQL injection is used to generate cross site scripting. This is useful when cross site scripts cannot be injected into a webpage from a client because web application firewalls or other scanners are in place. When an SQL injection can be snuck past the WAF, it is possible to have the SQL injection generate the Cross Site Script dynamically.

DOJOCON 2010 Videos Migrated To YouTube

Thu, 22 Mar 2012 09:45:25 -0400

Link: http://www.irongeek.com/i.php?page=videos/dojocon-2010-videos
I've started to migrate the con videos I record and embed on this site to YouTube. I'm doing this for a few reasons:

1. Vimeo took down Dave Marcus' talk because they said it was in violation of their TOS, and when I tried to explain to them what it was about they would not email me back (and I was a paying customer to their service at the time).
2. I'm now allowed longer videos on YouTube, so why not.
3. This should support more devices.

I've started with DOJOCON 2010 to get Dave's talk back up. Below are the videos from the conference, at least the ones I can show :), enjoy.

Index:

Tiffany Strauchs Rad, @tiffanyrad: International Cyber Jurisdiction: "Kill Switching" Cyberspace, Cyber Criminal Prosecution & Jurisdiction Hopping
John Strauchs, @strauchs: Security and IT Convergence
Richard Goldberg, @GoldbergLawDC: Rules of Engagment: Mitigating Risk in Information Security Work
Jon McCoy: Ninja Patching .NET
Marco Figueroa, @marcofigueroa & Kevin Figueroa: Detecting & Defending Your Network using Nepenthes/Shaolin Tools
Dave Marcus, @davemarcus: Using Social Networks To Profile, Find and 0wn Your Victims
Brian Baskin, @bbaskin: P2P Forensics
Jonathan Abolins, @jabolins: Internationalized Domain Names & Investigations in the Networked World
Deviant Ollam, @deviantollam: Don't Punch My Junk
Michael Shearer, @theprez98: How to 0wn an ISP in 10 Minutes
Christopher Witter, @mr_cwitter: Enterprise Packet Capture on Da'Cheap
Ben Smith: Printer Exploitation
Adrian Crenshaw, @irongeek_adc: Malicious USB Devices: Is that an attack vector in your pocket or are you just happy to see me?
Shyaam Sundhar, @EvilFingers and John Fulmer, @DaKahuna2007: Is the IDS Dead?
Chris Nickerson, @indi303: The State of (In)Security
Gal Shpantzer, @shpantzer: Security Outliers: Cultural Cues from High-Risk Professions
Michael Smith, @rybolov: DDoS

Web Application Pen-testing Tutorials With Mutillidae

Thu, 15 Mar 2012 00:00:24 -0400

Link: http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae
When I started the Mutillidae project it was with the intention of using it as a teaching tool and making easy to understand video demos. Truth be told, I never did as much with it as I intended. However, after Jeremy Druin (@webpwnized) took over the development it really took off. I have since come to find out he has been doing A LOT of YouTube video tutorials with Mutillidae, which he said I could share here. I will be copying his descriptions with slight editing and embedding his videos in this page. Videos include:

Determine Http Methods Using Netcat

Determine Server Banners Using Netcat Nikto And W3af

Bypass Authentication Using SQL Injection

Using Menus

Bypass Authentication Via Authentication Token Manipulation

Explanation Of HTTPonly Cookies In Presense Of Cross Site Scripting

Closer Look At Cache Control And Pragma No Cache Headers

Demonstration Of Frame Busting Javascript And X-Frame Options Header

How To Install And Configure Burp Suite With Firefox

Basics Of Web Request And Response Interception Using Burp Suite

Brute Force Authentication Using Burp Intruder

Automate SQL Injection Using SQLMap To Dump Credit Cards Table

Command Injection To Dump Files Start Services Disable Firewall

How To Exploit Local File Inclusion Vulnerability Using Burp Suite

HTML Injection To Popup Fake Login Form And Capture Credentials

Two Methods To Steal Session Tokens Using Cross Site Scripting

How To Bypass Maxlength Restrictions On HTML Input Fields

Two Methods To Bypass Javascript Validation

Three Methods For Viewing Http Request And Response Headers

Basics Of SQL Injection Timing Attacks

Basics Of SQL Injection Using Union

Basics Of Inserting Data With SQL Injection

Inject Root Web Shell Backdoor Via SQL Injection

Basics Of Using SQL Injection To Read Files From Operating System

How To Locate The Easter Egg File Using Command Injection

Injecting Cross Site Script Into Stylesheet Context

Introduction To Http Parameter Pollution

Basics Of Injecting Cross Site Script Into HTML Onclick Event

Basics Of Finding Reflected Cross Site Scripting

Analyze Session Token Randomness Using Burp Suite Sequencer

Using Nmap To Fingerprint Http Servers And Web Applications

Spidering Web Applications With Burp Suite

Basics Of Burp Suite Targets Tab And Scope Settings

Brute Force Page Names Using Burp Intruder Sniper

Using Burp Intruder Sniper To Fuzz Parameters

Comparing Burp Intruder Modes Sniper Battering RAM Pitchfork Cluster Bomb

Demo Usage Of Burp Suite Comparer Tool

Import Custom Nmap Scans Into Metasploit Community Edition

Using Metasploit Community Edition To Locate Web Servers

XSS DNS Lookup Page Bypassing Javascript Validation

Use Burp Suite Sequencer To Compare Csrf Token Strengths

How To Remove PHP Errors After Installing On Windows Xampp

Quickstart Guide To Installing On Windows With Xampp

Basics Of Running Nessus Scan On Backtrack 5 R1

How To Import Nessus Scans Into Metasploit Community Edition

Basics Of Exploiting Vulnerabilities With Metasploit Community Edition

Sending Persistent Cross Site Scripts Into Web Logs To Snag Web Admin

Quick Start Overview Of Useful Pen-Testing Addons For Firefox

Three Methods For Viewing Javascript Include Files

Reading Hidden Values From HTML5 Dom Storage

How To Execute Javascript On The Urlbar In Modern Browsers

Adding Values To Dom Storage Using Cross Site Scripting

Alter Values In Html5 Web Storage Using Cross Site Script

Altering Html 5 Web Storage Values Using Persistent XSS

Altering HTML 5 Web Storage With A Reflected XSS

Crypto & Block Cipher Modes (OpenSSL, AES 128, ECB, CBC)

Tue, 13 Mar 2012 00:40:48 -0400

Link: http://www.irongeek.com/i.php?page=videos/crypto-block-cipher-modes-openssl-aes-128-ecb-cbc
Hopefully this will give a nice visual illustration of how Electronic codebook (ECB) and Cipher-block chaining (CBC) work using AES-128 and OpenSSL. You can learn a lot from a known plain text, and repeating patterns. Inspired by labs from Kevin Benton & "Crypto Lab 1" SEED.

Shared Hosting MD5 Change Detection Script Updated

Mon, 12 Mar 2012 16:36:17 -0400

Link: http://www.irongeek.com/i.php?page=security/shared-hosting-md5-change-detection-script
Fixed an issue with permlog.txt not being put in the $ScriptDir directory.

Derbycon 2.0: The Reunion Promo Video Posted

Mon, 12 Mar 2012 11:47:34 -0400

Video:ttps://www.derbycon.com/2012/03/12/derbycon-2-0-the-reunion-it-begins/
Dave Kennedy has posted a promo video form Derbycon 2012. A few prominent speakers have been announced. Hope you all can make it this year. To see what you missed from Derbycon 2011, go visit the video page.

Proposal for "Out of Character: Use of Punycode and Homoglyph Attacks to Obfuscate URLs for Phishing"

Sat, 3 Mar 2012 03:26:08 -0400

Link:"http://www.irongeek.com/i.php?page=security/homoglyph-attack-project
Below is a project I'm doing for class. If you want to make suggestions and tell me about weird Unicode/Homoglyph security issues, please email me. If you want to play with making homographs, look at my Homoglyph Attack Generator.

Shared Hosting MD5 Change Detection Script

Tue, 28 Feb 2012 00:07:01 -0500

Link: http://www.irongeek.com/i.php?page=security/shared-hosting-md5-change-detection-script
I was wanting a simple shell script that would monitor the files on a site, and report any changed via email. Dave Kennedy's Artillery was close to what I needed (and does a lot more), but I wanted something I could run on my shared hosting account. This is what I came up with, for better or worse. If nothing else, it was a good exercise in BASH scripting, and may come in handy for those that want to make something similar.

Malicious USB Devices Page Updated With Videos

Wed, 22 Feb 2012 09:04:23 -0500

Link: http://www.irongeek.com/i.php?page=security/plug-and-prey-malicious-usb-devices#video
I recently found out that the CACR at Indiana University posted a video of a talk I did for them awhile back, so I decided to update my Malicious USB Devices page to embed it and the other versions of the talk I have.

InfoSec Daily Podcast 600 Tonight

Tue, 21 Feb 2012 08:35:42 -0500

Link:http://www.isdpodcast.com/
The ISD Podcast is having its 600th episode tonight, Feb 21st 2012. Come join us on the live stream and IRC (#isdpodcast on Freenode) at 8PM EST.

How I Got Pwned: Lessons in Ghetto Incident Response

Mon, 20 Feb 2012 09:45:59 -0500

Link:http://www.irongeek.com/i.php?page=security/how-i-got-pwned-lessons-in-ghetto-incident-response
For those wondering about the details of my recent defacement.

ShmooCon Firetalks 2012 Videos

Sun, 5 Feb 2012 16:50:53 -0500

Link:http://www.irongeek.com/i.php?page=videos/shmoocon-firetalks-2012

Night 1
“How Do You Know Your Colo Isn’t “Inside” Your Cabinet, A Simple Alarm Using Teensy” by David Zendzian
“Bending SAP Over & Extracting What You Need!” by Chris John Riley
“ROUTERPWN: A Mobile Router Exploitation Framework” by Pedro Joaquin
“Security Is Like An Onion, That’s Why it Makes You Cry” by Michele Chubirka
“Five Ways We’re Killing Our Own Privacy” by Michael Schearer

Night 2

“Cracking WiFi Protected Setup For Fun and Profit” by Craig Heffner
“Passive Aggressive Pwnage: Sniffing the Net for Fun & Profit” by John Sawyer
“Ressurecting Ettercap” by Eric Milam
“Security Onion: Network Security Monitoring in Minutes” by Doug Burks
“Remotely Exploiting the PHY Layer” by Travis Goodspeed

ShmooCon Epilogue 2012 Talks

Sun, 5 Feb 2012 16:25:11 -0500

Link: http://www.irongeek.com/i.php?page=videos/shmoocon-epilogue-2012
Includes:
Resurrection of Ettercap: easy-creds, Lazarus & Assimilation
Eric Milam - (Brav0Hax) &
Emilio Escobar

Media Hype and Hacks that Never Happened
Space Rouge

More than one way to skin a cat: identifying multiple paths to compromise a target through the use of Attach Graph Analysis
Joe Klein

Proper Depth / Breadth testing for Vulnerability Analysis and fun with tailored risk reporting metrics.
Jason M Oliver

Extending Information Security Methodologies for Personal User in Protecting PII.
John Willis

Stratfor Password Analysis
Chris Truncer

Intro To Bro
Richard Bejtlich

Javascript obfuscation
Brandon Dixon

Unix File Permissions and Ownership (CHOWN, CHMOD, ETC)

Sat, 21 Jan 2012 12:39:01 -0500

Link:http://www.irongeek.com/i.php?page=videos/unix-file-permissions-and-ownership-chown-chmod-etc
I'm taking a security class were we had a lab on Unix/Linux file system permissions. I decided I might as well record it, and the steps taken, along with explanations as to what I was doing to set the permissions such as read, write, execute, SetUID, SetGID and the Stickybit. Kevin Benton created the lab, so I'd like to give him credit for inspiring me to do this video.

Basic Setup of Security-Onion: Snort, Snorby, Barnyard, PulledPork, Daemonlogger

Sun, 15 Jan 2012 22:23:18 -0500

Link: http://www.irongeek.com/i.php?page=videos/basic-setup-of-security-onion-snort-snorby-barnyard-pulledpork-daemonlogger
Thanks to Doug Burks for making building a Network Security Monitoring Server much easier. I mentioned Snort, Snorby, Barnyard, PulledPork and Daemonlogger in the title, but there is a lot more on the distro than that. This is a nice way to get an IDS up and running featuring pretty frontends without going into dependency hell.

Pen-Testing Web 2.0: Stealing HTML5 Storage & Injecting JSON Jeremy Druin

Sat, 7 Jan 2012 11:02:02 -0500

Link:Pen-Testing Web 2.0: Stealing HTML5 Storage & Injecting JSON Jeremy Druin
This is Jeremy's talk from a recent ISSA meeting. In it he covers what the title says, showing off stealing of HTML 5 storage, injecting JSON, using Burp Suite, Muttillidae and some XSS attack fun. Sorry about the noise in the first bit, I had to set the camera up a ways off and it picked up my bag of chips better than it did Jeremy's talk. @webpwnized

Video Posted and Code Updated for Homemade Hardware Keylogger

Mon, 2 Jan 2012 00:29:07 -0500

Link:http://www.irongeek.com/i.php?page=security/homemade-hardware-keylogger-phukd
My video from NeoISF is now posted: PHUKD/Keylogger Hybrid.

The code has been updated in the following ways:

On the PIC side: Updated Firmware for the USB Host Module - PIC24FJ256GB106 to work with more keyboards.

On the Teensy side:

0.04:
* If a keyboard was plugged in after the keylogger was already powered on, it would type "i7-". I added code
to fix this problem.
* Fixed RAW serial debug mode not to print key
* Changed name of variable "lasttenletters" to "lastfewletters" and expanded it to 60.
* Ctrl+Alt+Y is now used for typing more debugging details.
* Implemented likely to fail code for unlocking workstation using captured password.
* I had some problems with running out of SRAM because of all of my static strings. I started using the F()
function to pull these strings from flash memory to solve this issue.
* Fixed a case issue with lastfewletters. I did not know the method changed it in place.
* Fixed a bug in HIDtoASCII that made it top row of number keys not work right.