Thursday, September 22, 2011
Opinion: The Age of Artisanal Engineering
Andrew Huang posts an interesting essay on some potential (and exciting) ramifications of the deceleration of Moore's Law and the future shift towards incremental innovation over wholesale moves to entirely new hardware generations.
Thursday, September 15, 2011
Hack3rCon II Presentation: Lurking in the Shadows
Tim Tomes and Mark Baggett
Synopsis:
"Lurking in the Shadows"
In the past, hackers and pen testers have used various techniques to hide the presence of tools and information on compromised systems. Techniques such as alternate data streams in Windows, and directories with common names in Linux, have been basic implementations of such techniques. The addition of Shadow Copies to modern Windows operating systems provides us with yet another opportunity to conceal information on remote systems. This talk will discuss the history of concealing data within operating systems and new techniques and tools for doing so in modern Windows implementations.
Bios:
Tim Tomes (LaNMaSteR53) is a Senior Enterprise Security Consultant for Accuvant Labs and security blogger for http://pauldotcom.com who specializes in penetration testing, web application assessments, and Python tool development. A former officer in the U.S. Army and 10 year veteran, Tim spent 3 years as the Senior Red Team Leader for the Army Red Team and was the principle designer of the Army's 1st CyberTraining program.
Twitter: @LaNMaSteR53
Mark Baggett (Mark Baggett) is the Technical Advisor to the DoD for the SANS Institute, an instructor for SANS, and a security blogger forhttp://pauldotcom.com. Mark is the owner and operator of In Depth Defense Inc, a private consulting firm that specializes in penetration testing and incident response.
Twitter: @MarkBaggett
Synopsis:
"Lurking in the Shadows"
In the past, hackers and pen testers have used various techniques to hide the presence of tools and information on compromised systems. Techniques such as alternate data streams in Windows, and directories with common names in Linux, have been basic implementations of such techniques. The addition of Shadow Copies to modern Windows operating systems provides us with yet another opportunity to conceal information on remote systems. This talk will discuss the history of concealing data within operating systems and new techniques and tools for doing so in modern Windows implementations.
Bios:
Tim Tomes (LaNMaSteR53) is a Senior Enterprise Security Consultant for Accuvant Labs and security blogger for http://pauldotcom.com who specializes in penetration testing, web application assessments, and Python tool development. A former officer in the U.S. Army and 10 year veteran, Tim spent 3 years as the Senior Red Team Leader for the Army Red Team and was the principle designer of the Army's 1st CyberTraining program.
Twitter: @LaNMaSteR53
Mark Baggett (Mark Baggett) is the Technical Advisor to the DoD for the SANS Institute, an instructor for SANS, and a security blogger forhttp://pauldotcom.com. Mark is the owner and operator of In Depth Defense Inc, a private consulting firm that specializes in penetration testing and incident response.
Twitter: @MarkBaggett
Wednesday, September 14, 2011
Book Review: Metasploit The Penetration Tester's Guide
SlashDot has posted a review of Hack3rcon II Speaker and all around Good Guy Dave Kennedy's new book Metasploit The Penetration Tester's Guide.
Check out the Review Here
Buy the book from Amazon Here
Check out the Review Here
Buy the book from Amazon Here
Sunday, September 4, 2011
Network King of the Hill (NetKotH) Challenge Returns To Hack3rCon
Network King of the Hill (NetKotH) will be returning to Hack3rCon this year. The rules are the same as last years challenge:
***BRING YOUR OWN LAPTOP!
w/dvdrom (unless you already have Backtrack 4 installed on your
computer OR OS of your choice.)
***Depending on how many participants we have, you may need to provide
a cat5 cable. Wireless will be available but not recommended ;-)
Scoring:
1. The teams will be given IPs to web servers with vulnerabilities to
attack, their goal is to deface the front page on each. Expect there to be a
Linux and a Windows box, and maybe some surprises. J The IPs for this
game are:
10.0.0.1 Linux
10.0.0.2 Windows
10.0.0.3 Wildcard
Versions will be switching during the game.
2. Teams try to put up their own defacement, take down other people's
defacement, and lock down the box to keep others teams out. The teams name
must be in the tag when they deface the site for the scoring
system to register it, but they can change the page however they like.
3. Once per minute (more or less) the scoring software will see who
currently owns the site, and score it.
4. Referees will work as a blue team to occasionally step in and change
things on the target IPs. Fix the defacement, patch, roll back changes,
switch Operating Systems, etc, just to even the playing field and make
things interesting.
Rules:
1. Only penetrate the hosts at the given IPs, not the scoring box
(10.0.0.99) or other contestant's boxes.
2. DoS and network routing/traffic attacks are allowed, even on the
traffic coming to and from contestants and the scoring box.
3. Stay on the NetKotH network while attacking.
4. Martin and Adrian may change other rules at will.
Prize: TBA
***BRING YOUR OWN LAPTOP!
w/dvdrom (unless you already have Backtrack 4 installed on your
computer OR OS of your choice.)
***Depending on how many participants we have, you may need to provide
a cat5 cable. Wireless will be available but not recommended ;-)
Scoring:
1. The teams will be given IPs to web servers with vulnerabilities to
attack, their goal is to deface the front page on each. Expect there to be a
Linux and a Windows box, and maybe some surprises. J The IPs for this
game are:
10.0.0.1 Linux
10.0.0.2 Windows
10.0.0.3 Wildcard
Versions will be switching during the game.
2. Teams try to put up their own defacement, take down other people's
defacement, and lock down the box to keep others teams out. The teams name
must be in the tag when they deface the site for the scoring
system to register it, but they can change the page however they like.
3. Once per minute (more or less) the scoring software will see who
currently owns the site, and score it.
4. Referees will work as a blue team to occasionally step in and change
things on the target IPs. Fix the defacement, patch, roll back changes,
switch Operating Systems, etc, just to even the playing field and make
things interesting.
Rules:
1. Only penetrate the hosts at the given IPs, not the scoring box
(10.0.0.99) or other contestant's boxes.
2. DoS and network routing/traffic attacks are allowed, even on the
traffic coming to and from contestants and the scoring box.
3. Stay on the NetKotH network while attacking.
4. Martin and Adrian may change other rules at will.
Prize: TBA
Jon Schipp has been selected as a presenter for Hack3rCon II
The 304Geeks are pleased to announce Hack3rCon 2010 NetKoH winner and Black Badge holder Jon Schipp has been selected as a presenter for Hack3rCon II.
Saturday, September 3, 2011
The Hack3rCon Speakers presentations and bios page has been updated
Go to Hack3rCon.org and click on the Speakers link. Presenters this year include: Dave Kennedy (ReL1k), Adrian Crenshaw (Irongeek), Martin Bos (purehate), Borris Sverdlik (JadedSecurity), Joshua Perrymon (Packetfocus), Jon Schipp, Tim Tomes, Mark Baggett, Brian Martin, Keith Pachulski, @grecs, Chris Silvers, Pat McCoy, Charlie Vedaa, James Macgregor Watson, and Gus Fritschie, Jonathan Claudius.
Presentation titles include: “Your Perimiter Sucks”, “Knowing What's Under Your Hood: Implementing a Network Monitoring System”, "Lurking in the Shadows", “Presentation Title: How to Win Followers and Influence Friends: Hacking Twitter to Boost Your Security Career”, "Hook, Line and Syncer: A Liar for Hire’s Ultimate Tackle Box", "F*** the Penetration Testing Execution Standard (PTES)", "Online Time of Crime", and "Hijacking: Repairing Broken Communication Channels".
A portion of the #Hack3rCon proceeds will go to benefit Hackers for Charity: http://www.hackersforcharity.org/.
Presentation titles include: “Your Perimiter Sucks”, “Knowing What's Under Your Hood: Implementing a Network Monitoring System”, "Lurking in the Shadows", “Presentation Title: How to Win Followers and Influence Friends: Hacking Twitter to Boost Your Security Career”, "Hook, Line and Syncer: A Liar for Hire’s Ultimate Tackle Box", "F*** the Penetration Testing Execution Standard (PTES)", "Online Time of Crime", and "Hijacking: Repairing Broken Communication Channels".
A portion of the #Hack3rCon proceeds will go to benefit Hackers for Charity: http://www.hackersforcharity.org/.
Thursday, September 1, 2011
Hack3rCon II Musical Guests
The 304Geeks are pleased to announce special musical guest for Hack3rCon will be DJ Siberia, DJ Bloodlossgirl, and Dual Core.
Security breach on kernel.org
Security breach on kernel.org
See the site for details https://www.kernel.org/
See the site for details https://www.kernel.org/
Subscribe to:
Posts (Atom)