Irongeek's Security Site

Building a Hacklab, and a little about the Louisville CTF event

Sat, 7 Nov 2009 21:02:26 -0500

Link: Building a Hacklab, and a little about the Louisville CTF event
This is a presentation I gave for the local Louisville ISSA. I took this as an opportunity to learn a bit about AVISynth and do a split screen video. Thanks to Gary for being my camera man.

DoJoCon Live Stream 2009

Fri, 6 Nov 2009 10:15:37 -0500

DoJoCon Live Stream 2009
This is pretty neat. They are streaming the talks. Check it out today (Nov 6th) and tomorrow.

Darknets: anonymizing private networks talk from Phreaknic (Networks covered include Tor, Freenet, AnoNet/DarkNET Conglomeration and I2P)

Mon, 2 Nov 2009 20:59:33 -0500

Link:Darknets: anonymizing private networks talk from Phreaknic (Networks covered include Tor, Freenet, AnoNet/DarkNET Conglomeration and I2P)
This is a quick and dirty version of my Darknets talk from Phreaknic 2009, I hope to have a better version up soon. It covers the the basics of semi-anonymous networks, their use (political dissidence, file sharing, gaming and pr0n), how they were developed and what they mean to organizations. The main focus will be on the Tor, I2P, Freenet and anoNet Darknets, their uses and weaknesses.

Louisville Infosec 2009 Videos

Thu, 29 Oct 2009 22:59:19 -0500

Louisville Infosec 2009 Videos
The videos are up, the title link takes you to the index but here are the individual videos:

Insider Attacks: The How’s, Why’s, and What to Do’s Dr. Eugene Schultz Louisville Infosec Conference Video

The Internet is Evil John Strand Louisville Infosec Conference Video

The Seven Habits of a Successful Information Security Career Manager Lee Kushner Louisville Infosec Conference Video

Attacking SSL PKI Mike Zusman Louisville Infosec Conference Video

Blocking the Covert Channels Used for Malicious Data Theft Alex Lanstein Louisville Infosec Conference Video

Darknets: Fun and games with anonymizing private networks Adrian Crenshaw Louisville Infosec Conference Video

Compliance Strategy and Planning – Building an Effective Application Security Program John Pavone Louisville Infosec Conference Video

SAS 70 Compliance Auditing Rick Taylor Louisville Infosec Conference Video

Virtualizing the Security Architecture: Defending Virtual Servers and Applications Jason Wessel Louisville Infosec Conference Video

Bob’s Great Adventure: Attacking & Defending Web Applications Paul Asadoorian Louisville Infosec Conference Video

Advanced Data Recovery Forensic Scott Moulton Louisville Infosec Conference Video

Current Threats and Countermeasures Mark Maxey Louisville Infosec Conference Video

Blending business and technical benefits together to achieve an effective and streamlined compliance assessment. Jim Czerwonka and Jimmy Noll Louisville Infosec Conference Video

Thanks to Lee Pfeiffer and the student volunteers for handling the video the day of the conference, and Brian Blankenship for editing the videos.

Speaking at the November Louisville ISSA meeting on setting up a "hack lab"

Wed, 28 Oct 2009 16:08:32 -0400

Link: Speaking at the November Louisville ISSA meeting on setting up a "hack lab"

From the invite email:
Our next meeting will be Friday, November 6th from 11:30 AM to 1:00 PM at IPI. As always, we will have free lunch, raffle prizes, and CPE credits! We continue to execute our primary mission at each function - to continue learning, network with other Security Professionals, and have FUN!

Please RSVP no later than Tuesday, November 3rd - 5 PM to programs -at- issa-kentuckiana.org.

The topic is "Setting up a "hack lab" for learning security concepts." Adrian Crenshaw - Irongeek.com

Our speaker is Adrian Crenshaw, the geek behind Irongeek.com and the guy who set up and ran our very successful Capture the Flag event at the Louisville Metro InfoSec Conference!

Adrian will show how to set up tools and systems to best test and learn security techniques. This knowledge is vital for any Information Security professional who wants to stay on top of the latest risks.

Getting started with the I2P Darknet

Mon, 26 Oct 2009 00:49:13 -0400

Link:Getting started with the I2P Darknet
I2P (originally standing for Invisible Internet Project) can be seen as a networking layer sitting on top of IP that uses cryptography to keep messages confidential, and multiple peer to peer network tunnels for anonymity and plausible deniability. While Tor is focused more for hiding your identity while surfing the public Internet, I2P is geared more toward networking multiple I2P users together. While you can surf to the public Internet using one of the I2P out proxies, it's meant more for hiding the identity of the providers of services (for example eepSites), sort of like Tor's concept of Hidden Services, but much faster. Another advantage I2P has is NetDB, a distributed way to let peers know about each other once initial seeding has occurred. Tor on the other hand uses it's own directory to identify servers, which in theory could be more easily blocked. Both networks have their advantages and trade offs. This video won't cover the details of I2P's peering or encryption systems, and may seem kind of rambling, but it should be enough to get you up and running on the darknet.
Please note, this video came out way larger than I intended.

Phreaknic 13, Oct 30th to Nov 1st

Wed, 21 Oct 2009 20:12:17 -0400

Phreaknic 13, Oct 30^th to Nov 1^st

It's that time of the year again, and that means it's time for my favorite con: Phreaknic!!! This year I will be presenting a hopefully more refined version of my Darknets talk. Check out their site for more speakers. Some of the other speakers include Acidus (Billy Hoffman), Morgellon, Droops, Tyler "Trip" Pitchford, Esq., Scott Moulton, DOSMan and SlimJim. Skydog has posted some videos about the conference on the front page of Phreaknic.info, like this one:

but if you want to get a better feel for what the conference is like, check out my documentary video from the Phreaknic 12 hacker con.

How to Cyberstalk Potential Employers Article Updated

Mon, 12 Oct 2009 20:25:12 -0400

Link: How to Cyberstalk Potential Employers Article Updated
I've added some sections at the end with useful links, tools and further research. I also fixed some minor typos. If you have any ideas for additions please email me.

Louisville InfoSec CTF 2009

Sun, 11 Oct 2009 14:10:32 -0400

Link: Louisville InfoSec CTF 2009
This video summarizes one possible way contestants could have completed the Capture The Flag event at the 2009 Louisville Infosec. Tools and concepts used in the video include: Backtrack 4, Kismet Newcore, Nmap, Metasploit, Meterpreter, Firefox, SQL Injection, Cain, Truecrypt and 7zip.

The winning team was comprised of Rel1k (Dave Kennedy), Pure-Hate, Archangel, and Titan. Yes, Dave did compromise my personal laptop during the event, teaches me for not mitigating 0 days before the conference. :) When Archangel told me he was bringing Dave in for his team, I knew which way thing were going to go down. Rel1k and Purehate are Backtrack 4 developers, and Archangel and Titan are no slouches either. Congrats guys.

Darknets: Fun and Games with Anonymizing Private Networks

Sat, 10 Oct 2009 03:55:42 -0400

Link: Darknets: Fun and Games with Anonymizing Private Networks
Here are the slides from my Darknets talk. It was first delivered at the 2009 Louisville Infosec, and I will be doing a more polished version at Phreaknic 2009. Networks covered include Tor, Freenet, AnoNet/DarkNET Conglomeration and I2P. I hope to have video up soon.

File Carving and File Recovery with DiskDigger

Tue, 29 Sep 2009 20:46:50 -0400

Link: File Carving and File Recovery with DiskDigger
DiskDigger is a tool that allows you to recover deleted files off of a FAT or NTFS drive. It has two modes of operation: In the first it merely looks in the FAT/MFT to find files marked as deleted, in much the same way that the tool called Restoration does. In the 2nd mode it does a file carve down the drive looking at the raw bits and finding the know headers and footers of various file types, much like PhotoRec. While PhotoRec seems a little more powerful, DiskDigger is easier to use and its preview functionality is quite nice. This video will cover the basics of recovering deleted files with DiskDigger.

Pin-hole Spy Video Camera Disguised as a Pen

Sun, 27 Sep 2009 21:27:57 -0400

Review: Pin-hole Spy Video Camera Disguised as a Pen
I thought some of you might find this an interesting gadget, so I decide to review it. It might be useful for reconnaissance before a pen-test, or as a covert place to store files.

Phreaknic needs speakers

Fri, 25 Sep 2009 18:42:51 -0400

Phreaknic needs speakers
As many of you know, I'm a regular at the Phreaknic conference in Nashville Tennessee. It's an awesome hacker con, my personal favorite. It's happening Oct 30rd through Nov 1st. They still have some speaker slots open, so please, if you have an interesting topic email phreaknic13@gmail.com and toss your name in the pot to be a speaker. More information about the conference can be found at http://www.phreaknic.info/

Forensically interesting spots in the Windows 7, Vista and XP file system and registry updated

Thu, 24 Sep 2009 20:05:55 -0400

Forensically interesting spots in the Windows 7, Vista and XP file system and registry updated

I worked on formatting and added entries for "Temp folder for Outlook attachments", "Flash Cookies Location" and "Printer spool folder". I also added a menu so you can quickly find the entry you are looking for:

Windows Explorer
Recently opened files from Windows Explorer
Network Shortcuts
Items recently ran from the "Run" bar
ComDlg32 recently opened/saved files
ComDlg32 recently opened/saved folders
Recent Docs
EXE to main window title cache
User Assist

Windows General
Temp folder
Recycle Bin
Last logged on user
Event logs
Last key edited by RegEdit
List of Installed USB devices, both connected and unconnected
List of installed USB storage devices
SetupAPI Device Log
Windows Prefetch Internet Explorer
Internet Explorer Temp Folder (IE Cache)
IE Cookies
Internet Explorer History
IE Typed URLs
Internet Explorer Forms AutoComplete
Internet Explorer Password AutoComplete
Printer spool folder

Firefox
Firefox Cached Pages
Firefox Form History File
Firefox Passwords File
Firefox Cookies

Other Apps
Recently Opened Office Docs
Files recently accessed by Windows Media Player
Offline Outlook Mailbox
Temp folder for Outlook attachments
Flash Cookies Location

Deliberately Insecure Web Applications Page Updated

Wed, 23 Sep 2009 20:52:09 -0400

Link: Deliberately Insecure Web Applications Page Update
Added information on Vicnum and oldapps.com. More good stuff for setting up your hacklab.

Rohyt Belani - Bad Cocktail: Application Hacks + Spear Phishing

Sat, 19 Sep 2009 00:00:18 -0400

Link: Rohyt Belani - Bad Cocktail: Application Hacks + Spear Phishing
Mr. Rohyt Belani was kind enough to do a presentation on combining web application attacks with spear phishing at the Sept 2009 Louisville OWASP meeting (our chapter's LinkedIn page can be found here). If you are interested in finding out more about some of the topics Rohyt mentions in his presentation, check out these other videos on Footprinting/Network Recon and Exploiting Common Web App Vulnerabilities.

Capture The Flag At Louisville Infosec Conference Details

Wed, 9 Sep 2009 13:20:12 -0400

Link:Capture The Flag At Louisville Infosec Conference Details
As many of you know, I've been busy setting up a hacker war game for the Louisville Infosec conference on Oct 8th. The Louisville Infosec website has information about the CTF event on their site, which should be updated shortly. If you would like to compete please email the Conference Chair. If you use the code "irongeek" you get $20 off the admission fee for the conference. I believe the time frame is 9am to 3:30pm, but the position of the event should allow you to watch the keynotes, eat the included lunch and still, compete.

What are the prizes?

First prize is a Wi-Spy 2.4x Wireless Scanner!
The second prize is a WD 320GB USB Hard Drive
Third Prize is a Pico Mini USB 4GB (small enough to carry in your wallet)

Scenario (subject to some change):

The admins try to run their network as a tight ship, but you have been brought in to do a pentest. You know the admins have a Truecrypt volume out there with Personally Identifiable Information (PII). Your goal is to find it, and decrypt its contents till you get a list of names and Social Security Numbers. Little hints will be given via a comment wall on one of the web servers. To win points bring proof to the judge that the particular flag task has be completed.These are the "flags", and their point values:

0. Attach to the Wireless network (hint:CTF is in the name) and show the judge how you got the SSID. 15 points
(Name will be given if you can't find it, but you won't be able to get points for it.)
1. Find the IP of the of the Windows box named WinCTF owned by IronGCorp, and list 3 or more open ports. 5 points
2. Find the IP of the x86 based Linux box ran by IronGCorp, and list 3 or more open ports. 5 points
3. What box are the admins running their Intranet site on, and what is the web server type/version? 5 point
4. What is the Windows box's (WinCTF) Administrator password? 10 points
5. What is the x86 Linux box's Root password? 5 points
6. Copy PII.tc (a true crypt volume) to your box. 10 points
7. Password to the PII.tc file. 10 points
8. Password to a non x86 based Linux box. 10 points
9. Password to a 7zip archive. 10 points
10 The decrypted PII.csv file. 25 points

Highest point score at the end of the game wins. If two contestants have the same points at the end of the game, the first to accumulate their point total wins. Obviously, if you play as part of a team you have to figure out amongst yourselves how to split the prize. The winner will get up on stage and explain what he did when he picks up his prize.

Mutillidae Venerable Web App Updated

Thu, 3 Sep 2009 20:14:31 -0400

Link: Mutillidae Venerable Web App Updated
I found out that my little teaching app stopped working with new versions of XAMPP. It seems I have to use <?php to start my PHP tags, using just <? no longer worked. I've updated Mutillidae to 1.3 and made it work again.

WiGLE WiFi Database to Google Earth Client for Wardrive Mapping Tool Updated

Tue, 1 Sep 2009 06:40:12 -0400

Link:WiGLE WiFi Database to Google Earth Client for Wardrive Mapping Tool Updated
I've uploaded version 0.80 of my wardrive mapping app IGiGLE. I had to fix some things since Wigle.net added a field to their output, throwing off all of my code. I've also added information to each entry regarding its network type, either infrastructure or ad-hoc.

Anti-Forensics: Occult Computing Class

Mon, 24 Aug 2009 09:55:15 -0400

Link:Anti-Forensics: Occult Computing Class
This is a class I gave for the Kentuckiana ISSA on the the subject of Anti-forensics. It's about 3 hours long, and sort of meandering, but I hope you find it handy. For the record, Podge was operating the camera :) Apparently it was not on me during the opening joke, but so be it, no one seemed to get it. I spend way to much time on the Internet it seems. Also, I'm in need of finding video host to take these large files. This class video is 3 hours, 7 min and 1.2GB as captured.

Side Note: I still have about 7 free passes to the Louisville InfoSec to give away. If you want a free pass, just email me at irongeek at irongeek.com and agree to be in the CTF event. If you don't want to be in the CTF, you could instead use the code "irongeek" when you register and you will get $20 off the cost ($79 instead of $99).

Fear and loathing at the Riviera: A noobs guide to Defcon

Tue, 18 Aug 2009 17:59:32 -0400

Link: Fear and loathing at the Riviera: A noobs guide to Defcon
This is a write up of my experiences getting to, and being at, Defcon 17. Also, check out by comments on twitter.

Security and Forensics Podcasts Irongeek Listens To

Fri, 14 Aug 2009 21:22:55 -0400

Link:http://www.irongeek.com/security-podcasts.php
I got tired of going to a bunch of different sites to see if my favorite hacking podcasts had a new episode out, so I made a site that puts them all together on one page in chronological order. Let the XSS via RSS commence!

Forensically interesting spots in the Windows 7, Vista and XP file system and registry (prep work for my anti-forensics class)

Thu, 13 Aug 2009 17:49:06 -0400

Link: Forensically interesting spots in the Windows 7, Vista and XP file system and registry (prep work for my anti-forensics class)
I've started work on a list of Windows registry keys and file systems spots that would be of interest to forensics, anti-forensics and pen-test folks. If you have additions, please email me.

Anti-Forensics Class Near Louisville, Aug 22nd 2009 1-4:30PM

Wed, 12 Aug 2009 21:54:45 -0400

Link:Anti-Forensics Class Near Louisville, Aug 22nd 2009 1-4:30PM
What: The ISSA Anti-Forensics Class
When: Aug 22nd 2009 1-4:30PM
Where: Jeffersonville Library
http://jefferson.lib.in.us

Details: This class will teach the basics of Anti-forensics, how people hide data and events on their computer for both legitimate and illegitimate reasons. We will cover data carving, disk wiping, encryption, steganography , timestamps, clearing logs and other ways people may attempt to cover their digital tracks. The subject matter should be of interest to many groups, it's "Not about just hiding your stash from the Fuzz…". Some of the groups that may be interested include:

Companies that want to know how to clear boxes before donating them
Law/policy enforcement agents who want to know how folks hide computer activities
Users who want to know how to hide their activities from invasive law/policy enforcement

Things to bring if you want to be hands on, but not absolutely required:
1. A Windows XP/Vista/7 laptop. Having an extra laptop to wipe may also be educationa.
2. An external drive/thumb drive you don't mind wiping.
3. Some software I'll be emailing a link to a few days before the class.
4. Energy drinks for the teacher.

As always, the class is free, even to non ISSA members. Please reserve a spot by RSVPing to programs -at- issa-kentuckiana.org.

Louisville InfoSec:Free passes, discounts and the CTF

Sun, 9 Aug 2009 17:27:35 -0400

Link: Louisville InfoSec:Free passes, discounts and the CTF
As many of you know, I attend the local Louisville Infosec conference. This year they have offered me some promotional stuff for the conference. If you use the code "irongeek" when you register you will get $20 off the cost. Also, they have given me 10 free passes to give out, but here are my conditions: 1. You must participate in are CTF event. 2. I want you to do a write up about the conference after you attend. If you want a free pass, just email me at irongeek at irongeek.com. For those that want more information about the con, check out the Louisville InfoSec website. Here are some of our speakers this year:

John Strand
Paul Asadoorian
Scott Moulton
Alex Lanstein
Adrian Crenshaw
Dr. Eugene Schultz
John Pavone
Rick Taylor
Brian Long
John Maynor
Lee Kushner
Jason Wessel
Mark Maxey

If you want to see videos from the 2008 conference check out these links:
Adrian Crenshaw - "Intro to Sniffers" from Louisville Infosec 2008
Kevin Beaver - "Staying Ahead of the Security Curve" from Louisville Infosec 2008
Rohyt Belani - "State of the Hack" from Louisville Infosec 2008
John Strand - "Advanced Hacking Techniques and Defenses" (and demos of evilgrade/passing the hash/msfpayload) from Louisville Infosec 2008

and here is my write up from the even two years ago: http://www.irongeek.com/i.php?page=security/louisville-infosec-conference

Also, the complimentary lunch is good. :)

Follow me and #defcon on Twitter

Fri, 31 Jul 2009 18:21:33 -0400

I'm twittering my time at Defcon, for those that care:
http://twitter.com/Irongeek_adc

DD-WRT v24-sp1: CSRF Example (Bugtraq ID: 35742 )

Sat, 25 Jul 2009 17:43:06 -0400

Link for whole article: DD-WRT v24-sp1: CSRF Example (Bugtraq ID: 35742 )
I was interested in giving a real world example of using a CSRF attack, similar to the ones I mentioned in my OWASP Top 5 video, and maybe use it against a piece of internal equipment that is behind a NAT box. Then I heard about the Carlos Perez write-up on using Metasploit against a vulnerability in the DD-WRT v24-sp1 firmware. I thought this would be a great way to demo the concept of using CSRF/XSS against hardware behind a NAT, especially since I've done a video on installing DD-WRT before.

Phreaknic 12 Videos Posted

Sat, 25 Jul 2009 08:52:37 -0400

Link: Phreaknic 12 Videos Posted
After much encoding work, I've got all of the talks from Phreaknic 2008 up. I've posted some of the more security related videos in my RSS feed over the past day, but if you follow the link there's video of the other talks as well. Hope to see some of you at Phreaknic 2009, and if you see me at Defcon hit me up for some stickers.

Lee Baird/John Skinner - JAIL: Get your iPhone out, and try NOT to get yourself in!

Sat, 25 Jul 2009 01:27:45 -0400

Link: Lee Baird/John Skinner - JAIL: Get your iPhone out, and try NOT to get yourself in!
A guide on how to jailbreak your iPhone, install & backup unauthorized apps, and what to do with your iPhone once it's jailbroken.

Nathan Hamiel /Shawn Moyer - Satan is on my Friends List: Attacking Social Networks

Sat, 25 Jul 2009 01:27:07 -0400

Link: Nathan Hamiel /Shawn Moyer - Satan is on my Friends List: Attacking Social Networks
Social Networking is shaping up to be the perfect storm... An implicit trust of those in one's network or social circle, a willingness to share information, little or no validation of identity, the ability to run arbitrary code (in the case of user-created apps) with minimal review, and a tag soup of client-side user-generated HTML (Hello? MySpace? 1998 called. It wants its markup vulns back). Yikes. But enough about pwning the kid from homeroom who copied your calc homework. With the rise of business social networking sites, there are now thousands of public profiles with real names and titles of people working for major banks, the defense and aerospace industry, federal agencies, the US Senate... A target-rich and trusting environment for custom-tailored, laser-focused attacks. Our talk will show the results of a series of public experiments aimed at pointing out the security and privacy ramifications of everyone's increasingly open, increasingly connected online personae and the interesting new attack vectors they've created.

Handgrip/Buttstock - Open Source AK-47's

Fri, 24 Jul 2009 22:40:53 -0400

Link: Handgrip/Buttstock - Open Source AK-47's
Ensuring freedom through greater firepower. How to build yourself a legal, paperwork-free AK47 from salvage parts.

Darren Kitchen - Lessons Learned in Hacker Media

Fri, 24 Jul 2009 22:39:17 -0400

Link: Darren Kitchen - Lessons Learned in Hacker Media
From e-zine to podcast the world of hacking has been filled with media of all sorts. In this talk I will speak about my experiences and lessons learned in "new media". In particular how they relate to underground culture and our social responsibility to the next generation of security enthusiasts.

Daniel Hooper - An Introduction to Software Defined Radio by Cowboy Dan

Fri, 24 Jul 2009 22:38:31 -0400

Link: Daniel Hooper - An Introduction to Software Defined Radio by Cowboy Dan
Software Defined Radio (SDR) is the latest (and possibly last) iteration of radio communication technology. Traditional radio technology is very hardware-oriented, and somewhat inaccessible to the software-hacking community. NO LONGER! With a fixed piece of hardware such as the Universal Software Radio Peripheral (USRP), we can emulate many different kinds of traditional hardware, from CW Morse-code type transmissions, all the way up to digital QAM, HDTV, and beyond. This presentation will demonstrate how to get set up with GNU Radio and the USRP hardware. We will perform a few simple tasks such as receiving radio and TV. The goal is to get most people in the audience comfortable with the setup process so that they can start experimenting.

SkyDog & Crew - Starting your own Hackerspace (Panel Talk)

Fri, 24 Jul 2009 22:37:36 -0400

Link: SkyDog & Crew - Starting your own Hackerspace (Panel Talk)
Got a bunch of hacker/maker friends and wanna do some projects? Start a hackerspace! We’ll take you on an adventure as we look back over the last year and reflect on the progress we have made getting our hackerspace started, and share some pitfalls and triumphs along the way. Skydog will be joined by Seeblind, the VP of the HC, Mudflap, the Secretary, and Someninjamaster, a devoted, hardworking member.

Irongeek - Hardware Keyloggers: Use, Review, and Stealth (Phreaknic 12)

Fri, 24 Jul 2009 19:17:59 -0400

Link: Irongeek - Hardware Keyloggers: Use, Review, and Stealth (Phreaknic 12)
This talk will cover hardware keyloggers and their use. About six will be presented in person for folks to try hands on, with a few others referenced in the slide show (mini-pci ones for example) . I'll cover the advantages and disadvantages of the current crop on the market and how they work. Also covered will be possible ways to detect hardware keyloggers via physical inspection an software.

TRiP - Discussion of the legality of wardriving (Phreaknic 12)

Fri, 24 Jul 2009 19:17:11 -0400

Link: TRiP - Discussion of the legality of wardriving (Phreaknic 12)
This talk is to provide a "current" legal status of wardriving throughout the US. The talk will include an overview of wardriving and it's history (wardialing), the statues regulating all 50 states and how courts have interrupted such statutes, recent arrests for wardriving/related activities, and a brief overview of the international statues.

Scott Moulton - At Least TEN things you didn't know about your hard drive! (Phreaknic 12)

Fri, 24 Jul 2009 19:16:34 -0400

Link: Scott Moulton - At Least TEN things you didn't know about your hard drive! (Phreaknic 12)
This speech comprises at least 10 things that are 2+2=5 type situations people do not realize about hard drives. For Example, Data is written in Cylinders on hard drives, all partitions are created on Cylinder Boundaries and that leaves an offset from the end of one partition to the next which leaves a gap between partitions that is unusable or free space at the end of the disk. In addition to that, the point would be, since the outer edge of a drive starting at Track 0 is the fastest location on the drive, and the first partition is created on a cylinder boundary at the outside edge, then each and every partition you create on the disk has to be at a cylinder boundary into the disk. This means the second partition is on a slower part of the drive than the first. So for Mac Users that create a 32 gig Fat32 partition on their drive (actually the 6th/7th partition on the drive) is 32 gigs from the end of the drive on a Cylinder boundary and they just installed Windows on the slowest part of the drive. No it will not be animated!

Scott Milliken/Erin Shelton - Beer Hacking - Real World Examples (Phreaknic 12)

Fri, 24 Jul 2009 19:09:09 -0400

Link: Scott Milliken/Erin Shelton - Beer Hacking - Real World Examples (Phreaknic 12)
You build your own computers from the bare parts. You'd die before paying someone else to actually write a basic HTML page for you. So why is it that you pay up to 10x the actual cost of making beer for something of lesser quality? This presentation will cover the various methods of making your own alcoholic beverages (beer, cider, wine), including the equipment required and approximate setup costs for each. Even if your skill in the kitchen is limited to the microwave, there is a method of brewing that will work for you. Some experimentation tricks will also be covered so that you can literally hack your beer to create a new flavor. Samples of various batches made by the presenters will be available during the presentation, assuming they haven't already drunk all of it.

Bruce Potter - Three Cool Security Technologies You've Never Heard Of (Phreaknic 12)

Fri, 24 Jul 2009 18:27:18 -0400

Link:Bruce Potter - Three Cool Security Technologies You've Never Heard Of (Phreaknic 12)
This talk will introduce you to 3 cool security technologies that you've probably never been exposed to. There is still innovation going on, and much of the most useful tech isn't getting press time. So I'm going to try and rekindle some of that love you've lost over the years by giving you the 20 minute low-down on each one. Go get some wine, light the candles, sit back, and enjoy security again. What are the 3 technologies? Well, you'll just have to attend the talk to find out.

Russell Butturini - Using the Hak5 U3 Switchblade as an Incident Response and Forensics Tool (Phreaknic 12)

Fri, 24 Jul 2009 18:26:42 -0400

Link:Russell Butturini - Using the Hak5 U3 Switchblade as an Incident Response and Forensics Tool (Phreaknic 12)
This talk will explain how to adapt the Hak5 switchblade, originally conceived as an attack/pen-testing tool into an incident response and forensics tool using different utilities. Adaptations of the original solution using a non-U3 drive and a more automated solution using U3 technology will be discussed.

Ncat Tutorial: A modern Netcat from the Nmap team

Wed, 22 Jul 2009 00:26:03 -0400

Link: Ncat Tutorial: A modern Netcat from the Nmap team
For those not in the know, Netcat is a utility who's goal is to be like the Unix cat command, but for network connections. It has been referred to as a "Swiss-army knife for TCP/IP" for good reason, since it can do so many things.

This is the biggest Flash tutorial I've done in awhile at 41.2MB, so I plan to relax some. See you at Defcon.

Compiling Nmap form source on Ubuntu

Sat, 18 Jul 2009 14:27:19 -0400

Link: Compiling Nmap form source on Ubuntu
Along the way to making a video on Ncat I needed to compile Nmap 5 from source, so I figured I might as well do a video on that as well. There are many reasons why you might want to compile Nmap from source instead of just using the package manager, so enjoy.

Windows 7: Copy A Modified User Profile Over The Default Profile

Fri, 17 Jul 2009 21:05:52 -0400

Link: Windows 7: Copy A Modified User Profile Over The Default Profile
While this is not directly security related, it should be helpful to those who are testing Windows 7. I'm posting it to help those who are searching the Internet for details on copying user profiles in Windows 7.

NDiff: Comparing two Nmap 5 scans to find changes in your network

Thu, 16 Jul 2009 12:20:34 -0400

Link: NDiff: Comparing two Nmap 5 scans to find changes in your network
Fyodor gave me a heads up that Nmap 5 was coming out, so I figured I'd do a couple of videos on useful new features that come with Nmap 5 and later. For a better understanding of Nmap in general, check out my older videos which I will link to after the presentation. In this video I will cover the basics of using NDiff to compare two seperate Nmap scans. This is really useful for change management, where you want to know what new devices have appeared on your network or about ones that have disappeared for some reason. You could easily schedule Nmap to run on your network weekly, and then compare the differences with NDiff to see what has changed.

As a side note, looks like I'm going to Defcon. Thanks to Haxorthematrix, Sereyna, Minoad, Mr. Bradshaw, George and anyone else who donated to my Paypal so I could go.

Exotic Liability Episode 25: Irongeek sits in

Sat, 11 Jul 2009 22:58:20 -0400

Link:Exotic Liability Episode 25: Irongeek sits in
I came in as a guest of the Exotic Liability podcast, episode 25. I've not listened to it yet, hope I came off ok. Some of the things we discussed include: Incident response switchblade, Tiger Team: The Whole Story, Our neighborhood memories, Kon-boot, Cool tools for data collection, P/W cracker speed test challenge, Look at my thumb, Olympic games, Louisville Info Sec Conference, Anti-forensics and Legalities. Thanks for having me on.

As a sidenote, I may be going to Defcon after all but nothing is confirmed yet. I'll need to find someone's floor to crash on Wednesday night as I think I'll be arriving a day before the person I'm staying with the rest of the con.

Incident Response U3 Switchblade From TCSTool

Thu, 9 Jul 2009 20:59:55 -0400

Link:Incident Response U3 Switchblade From TCSTool
In Russell's own words: "The U3 incident response switchblade is a tool designed to gather forensic data from a machine in an automated, self-contained fashion without user intervention for use in an investigation. The switchblade is designed to be very modular, allowing the investigator/IR team to add their own tools and modify the evidence collection process quickly." This video shows you how to setup u3ir, and modify it.

Using Kon-Boot from a USB Flash Drive: Bypass those pesky Windows and Linux login passwords completely

Wed, 8 Jul 2009 00:48:10 -0400

Link:Using Kon-Boot from a USB Flash Drive: Bypass those pesky Windows and Linux login passwords completely
Kon-Boot is a neat little tool that you can boot from a CD or a floppy, change memory before booting a full OS, and then login to Windows or Linux without knowing a proper password. The above link contains my notes and config files to get Kon-Boot to work from a bootable USB drive.

PHPIDS Install Notes and Test Page

Tue, 7 Jul 2009 20:06:19 -0400

Link:PHPIDS Install Notes and Test Page
I've been playing around with PHPIDS and have posted my notes on installing it as well as details on the kinds of attacks by web site gets. Interesting, I get a lot of attacks, mostly RFI.

As a side note, GFI was kind enough to sponsor my site for two months, show our appreciation by trying out some of their log and vulnerability scanning software.

How to change your MAC address article updated, added information on OS X 10.5.6 and latter

Mon, 29 Jun 2009 20:39:49 -0400

Apparently there are some problems changing your MAC address in versions of OS X 10.5.6 and latter. Stefan Person sent me a note about it, so I added it to the article.

Also, Mubix recently did a presentation for Dojo Sec on getting a job in information security. In it he mentions my article on how to cyber stalk potential employers. Thank much Rob!

OWASP Top 5 and Mutillidae: Intro to common web vulnerabilities like Cross Site Scripting (XSS), SQL/Command Injection Flaws, Malicious File Execution/RFI, Insecure Direct Object Reference and Cross Site Request Forgery (CSRF/XSRF)

Sat, 20 Jun 2009 00:00:44 -0400

Link:OWASP Top 5 and Mutillidae: Intro to common web vulnerabilities like Cross Site Scripting (XSS), SQL/Command Injection Flaws, Malicious File Execution/RFI, Insecure Direct Object Reference and Cross Site Request Forgery (CSRF/XSRF)
This is a recording of the presentation I gave to the Louisville Chapter of OWASP about the Mutillidae project. A while back I wanted to start covering more web application pen-testing tools and concepts in some of my videos and live classes. Of course, I needed vulnerable web apps to illustrate common web security problems. I like the WebGoat project, but sometimes it's a little hard to figure out exactly what they want you to do to exploit a given web application, and it's written in J2EE (not a layman friendly language). In an attempt to have something simple to use as a demo in my videos and in class, I started the Mutillidae project. This is a video covering the first 5 of the OWASP Top 10.

Louisville Infosec Conference Looking For Sponsors/Speakers

Fri, 12 Jun 2009 23:18:08 -0400

As many of you know, I'm involved with the local ISSA group here in the Louisville area. They are looking for sponsors for the upcoming Louisville Infosec conference (Thursday, October 8, 2009 at Churchill Downs). We had about 250 attendees last year, so it could be a good spot for advertising your company via a booth. One of our keynotes this year is Johnny Long. John Strand and Eugene Schultz should also be presenting. If you are interested in being a sponsor email marketing (at) issa-kentuckiana.org and let them know Adrian sent you. We also may have a few speaker slots open for the breakout sessions, contact chair (at) louisvilleinfosec.com if you have a proposal. For more information, check out the Louisville Infosec Conference site.

Speaking at the OWASP Louisville meeting, June 19th 2009

Wed, 10 Jun 2009 06:19:10 -0400

Hi all, the local OWASP chapter has asked me to speak about the Mutillidae project. While I'd like to cover all of the OWASP Top 10 that it implements, I think there will only be time for the top 5. The description as posted on their site follows:

The second OWASP meeting will feature a presentation from Adrian Crenshaw of Irongeek. Adrian is a Louisville based Security professional that has worked in the IT industry for the last twelve years.

Adrian runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He's currently working on an MBA, but is interested in getting a network security/research/teaching job in academia. Please see the description from Adrian on his presentation on the 19th.

Title: Mutillidae: Using a deliberately vulnerable set of PHP scripts to illustrate the OWASP Top 10 Description: A while back I wanted to start covering more web application pen-testing tools and concepts in some of my videos and live classes. Of course, I needed vulnerable web apps to illustrate common web security problems. I like the WebGoat project, but sometimes it's a little hard to figure out exactly what they want you to do to exploit a given web application, and it's written in J2EE (not a layman friendly language). In an attempt to have something simple to use as a demo in my videos and in class, I started the Mutillidae project.

Mutillidae is a deliberately vulnerable set of PHP scripts meant to illustrate the OWASP Top 10. This talk will cover installing Mutillidae in a test environment, and how to use it to illustrate the OWASP Top 10 web vulnerabilities in easy to understand terms.

Our meeting location will be at Memorial Auditorium, located at 970 S. 4th Street (Corner of 4th Street and Kentucky Street).

ARPFreeze: A tool for Windows to protect against ARP poisoning by setting up static ARP entries

Sun, 7 Jun 2009 00:02:25 -0400

Link: ARPFreeze: A tool for Windows to protect against ARP poisoning by setting up static ARP entries
As many of you know, I've created quite a bit of content about ARP poisoning, such as:

A Quick Intro to Sniffers
Intro to ARP poisoning
Using Cain to do a man in the middle attack by ARP poisoning

I've even done some work on detection:

Decaffeinatid: A Simple IDS/arpwatch for Windows
Finding promiscuous and ARP poisoners and sniffers on your network with Ettercap

This tool is for prevention. ARPFreeze lets you setup static ARP tables so that attackers (using Cain, Ettercap, Arpspoof or some other tool) can't pull off an ARP poisoning attack against you.

XSS, Command and SQL Injection vectors: Beyond the Form

Wed, 3 Jun 2009 19:59:10 -0400

Link: XSS, Command and SQL Injection vectors: Beyond the Form
We are all familiar with XSS via a form field in a web application, but what about other vectors? The article talks about using User Agent strings, even logs, object properties and other odd alternative vectors for XSS, SQL and command injection. What other vectors can you think of?

Another book for the list

Tue, 2 Jun 2009 19:42:28 -0400

Link:Another book for the list
Looks like my site has been mentioned in another book, Security+ Guide to Network Security Fundamentals by Mark Ciampa. Thanks Mark.

In other news, Irongeek.com was a nominee for “Best Technical Blog” at the recent RSA Conference. Congratulations to PaulDotCom for winning the best security podcast award. And while I'm on the subject of great podcasts for infosec folks to listen to, check these out:
http://securabit.com/
http://securityjustice.com/
http://www.exoticliability.com/

802.11 Wireless Security Class for the Louisville ISSA Part 1

Sun, 24 May 2009 19:10:40 -0400

Link: 802.11 Wireless Security Class for the Louisville ISSA Part 1
Originally, this was going to be one 4hr class, but Jeff had something come up so he could not cover WEP/WPA cracking, and my section took so long that Brian never got a chance to present his material on DD-WRT. I'm hoping to get them back to do a part 2 of this video. In this section I cover the basics of WiFi, good chipsets, open file shares, monitor mode, war driving tools, testing injection, deauth attacks and the evil twin attack. Some of this comes out as kind of a stream of consciousness, but hopefully you can find some useful nuggets from my brain dump of what I've learned about 802.11a/b/g/n hacking. As far as classes goes this is the mostly complicated one I've set up, and for a wireless class Brian and I had to run a lot of wires. :)