Irongeek's Security Site

ShmooCon Firetalks 2012 Videos

Sun, 5 Feb 2012 16:50:53 -0500

Link:http://www.irongeek.com/i.php?page=videos/shmoocon-firetalks-2012

Night 1
“How Do You Know Your Colo Isn’t “Inside” Your Cabinet, A Simple Alarm Using Teensy” by David Zendzian
“Bending SAP Over & Extracting What You Need!” by Chris John Riley
“ROUTERPWN: A Mobile Router Exploitation Framework” by Pedro Joaquin
“Security Is Like An Onion, That’s Why it Makes You Cry” by Michele Chubirka
“Five Ways We’re Killing Our Own Privacy” by Michael Schearer

Night 2

“Cracking WiFi Protected Setup For Fun and Profit” by Craig Heffner
“Passive Aggressive Pwnage: Sniffing the Net for Fun & Profit” by John Sawyer
“Ressurecting Ettercap” by Eric Milam
“Security Onion: Network Security Monitoring in Minutes” by Doug Burks
“Remotely Exploiting the PHY Layer” by Travis Goodspeed

ShmooCon Epilogue 2012 Talks

Sun, 5 Feb 2012 16:25:11 -0500

Link: http://www.irongeek.com/i.php?page=videos/shmoocon-epilogue-2012
Includes:
Resurrection of Ettercap: easy-creds, Lazarus & Assimilation
Eric Milam - (Brav0Hax) &
Emilio Escobar

Media Hype and Hacks that Never Happened
Space Rouge

More than one way to skin a cat: identifying multiple paths to compromise a target through the use of Attach Graph Analysis
Joe Klein

Proper Depth / Breadth testing for Vulnerability Analysis and fun with tailored risk reporting metrics.
Jason M Oliver

Extending Information Security Methodologies for Personal User in Protecting PII.
John Willis

Stratfor Password Analysis
Chris Truncer

Intro To Bro
Richard Bejtlich

Javascript obfuscation
Brandon Dixon

Unix File Permissions and Ownership (CHOWN, CHMOD, ETC)

Sat, 21 Jan 2012 12:39:01 -0500

Link:http://www.irongeek.com/i.php?page=videos/unix-file-permissions-and-ownership-chown-chmod-etc
I'm taking a security class were we had a lab on Unix/Linux file system permissions. I decided I might as well record it, and the steps taken, along with explanations as to what I was doing to set the permissions such as read, write, execute, SetUID, SetGID and the Stickybit. Kevin Benton created the lab, so I'd like to give him credit for inspiring me to do this video.

Basic Setup of Security-Onion: Snort, Snorby, Barnyard, PulledPork, Daemonlogger

Sun, 15 Jan 2012 22:23:18 -0500

Link: http://www.irongeek.com/i.php?page=videos/basic-setup-of-security-onion-snort-snorby-barnyard-pulledpork-daemonlogger
Thanks to Doug Burks for making building a Network Security Monitoring Server much easier. I mentioned Snort, Snorby, Barnyard, PulledPork and Daemonlogger in the title, but there is a lot more on the distro than that. This is a nice way to get an IDS up and running featuring pretty frontends without going into dependency hell.

Pen-Testing Web 2.0: Stealing HTML5 Storage & Injecting JSON Jeremy Druin

Sat, 7 Jan 2012 11:02:02 -0500

Link:Pen-Testing Web 2.0: Stealing HTML5 Storage & Injecting JSON Jeremy Druin
This is Jeremy's talk from a recent ISSA meeting. In it he covers what the title says, showing off stealing of HTML 5 storage, injecting JSON, using Burp Suite, Muttillidae and some XSS attack fun. Sorry about the noise in the first bit, I had to set the camera up a ways off and it picked up my bag of chips better than it did Jeremy's talk. @webpwnized

Video Posted and Code Updated for Homemade Hardware Keylogger

Mon, 2 Jan 2012 00:29:07 -0500

Link:http://www.irongeek.com/i.php?page=security/homemade-hardware-keylogger-phukd
My video from NeoISF is now posted: PHUKD/Keylogger Hybrid.

The code has been updated in the following ways:

On the PIC side: Updated Firmware for the USB Host Module - PIC24FJ256GB106 to work with more keyboards.

On the Teensy side:

0.04:
* If a keyboard was plugged in after the keylogger was already powered on, it would type "i7-". I added code
to fix this problem.
* Fixed RAW serial debug mode not to print key
* Changed name of variable "lasttenletters" to "lastfewletters" and expanded it to 60.
* Ctrl+Alt+Y is now used for typing more debugging details.
* Implemented likely to fail code for unlocking workstation using captured password.
* I had some problems with running out of SRAM because of all of my static strings. I started using the F()
function to pull these strings from flash memory to solve this issue.
* Fixed a case issue with lastfewletters. I did not know the method changed it in place.
* Fixed a bug in HIDtoASCII that made it top row of number keys not work right.