Hacking

Someone recently asked for a free pentest in a private security related group for a site they had been working on for a while before it went live. Some of us guys at FALE obliged. Since it was a free pentest, I am taking the liberty to post about it. It was actually my first shell and first box I’ve popped that wasn’t mine. So it was a learning opportunity for me with some subtle direction by those more experienced.

I managed to make it to Vegas in a rather unexpected way, what originally was a planned beach trip ended up not working out, and I ended up being able to join FALE at BSides LV and DefCon 22.

I was working in the mornings, but most of my free time at BSides LV was spent at our lockpick village where we were joined by someone making hand made lockpicks as you can see above. I didn’t get to attend any talks, but the talks were found online shortly after, my favorite one being the Hack the Gibson talk which focused on IBM mainframes. Very educational considering I work with mainframes and do some operations on them at work. Jon McAfee, yes, that McAfee also made an appearance, which was interesting to say the least. He talked a little about his version of events regarding his recent troubles in Belize. Including alleged hired assassins out to get him, his personal spy ring, and people popping out from behind trees they’re hiding behind, and snapping pictures, etc. Later, he shifted into some Snowden-esque persona rallying for personal privacy online, and plugged his new product that spys on spyware, not sure how you protect yourself from spyware by installing his “trusted” spyware, but that was the sales pitch from my view. Also, there was the tower of vendor distributed condoms, collectively named “Bonerhenge”, built by some people who apparently didn’t have a better use for them in Vegas, thus had some time on their hands.

CarolinaCon 9 was this weekend in Raleigh, NC which I attended Saturday. I was also there as a representative of FALE to help host their lock pick village.

There were several talks given by some of the FALE members, one titled “Terminal Cornucopia” by treefort was on how ineffective TSA security theater is at preventing weapons from making it onto an airplane. There was a demonstration of a club called “Murica” made with items purchased in the terminal behind TSA security checkpoints consisting of a copy of the Declaration of Independence, with a pointy metal souvenir model of the Washington monument protruding from it. I actually missed this one, but saw and held the hefty “Murica” and can honestly say a violent individual could do some serious damage with it.