DefCon 22 and BSides LV recap

 Posted on September 2, 2014  |  5 minutes  |  890 words  |  David Mitchell

I managed to make it to Vegas in a rather unexpected way, what originally was a planned beach trip ended up not working out, and I ended up being able to join FALE at BSides LV and DefCon 22. I was working in the mornings, but most of my free time at BSides LV was spent at our lockpick village where we were joined by someone making hand made lockpicks as you can see above. [Read More]
hacking  security 

Metasploitation

 Posted on August 5, 2013  |  3 minutes  |  505 words  |  David Mitchell

So I’ve been using some of my spare time to experiment with and learn how to use Metasploit. I’ve been familiar with Metasploit for a while now, so this isn’t really about learning something new so much as it is finally getting familiar with a tool that I’ve messed with only a little in the past. Part of this is because I have no programming projects to occupy myself with since I have a real problem finding an interesting problem or project that I can code a solution for. [Read More]
metasploit  security 

Fierce

 Posted on April 11, 2013  |  3 minutes  |  488 words  |  David Mitchell

I’ve been learning a little bit about security and penetration testing in my spare time. I have some friends who are professionals in the industry and I have an interest in it myself so when they mention a tool I like to take a look at what it does and learn a little bit about it. Fierce is a domain scanning tool, what that means is it scans an organization’s domains for listed hosts. [Read More]
Security  Pen Testing  DNS 

CarolinaCon 9

 Posted on March 17, 2013  |  2 minutes  |  352 words  |  David Mitchell

CarolinaCon 9 was this weekend in Raleigh, NC which I attended Saturday. I was also there as a representative of FALE to help host their lock pick village. There were several talks given by some of the FALE members, one titled “Terminal Cornucopia” by treefort was on how ineffective TSA security theater is at preventing weapons from making it onto an airplane. There was a demonstration of a club called “Murica” made with items purchased in the terminal behind TSA security checkpoints consisting of a copy of the Declaration of Independence, with a pointy metal souvenir model of the Washington monument protruding from it. [Read More]
security  hacking  lockpicking 

Reverse XOR'ing WebSphere Passwords

 Posted on January 1, 0001  |  3 minutes  |  505 words  |  David Mitchell

Some of the lessons I’ve learned from the Matasano Crypto Challenge has already had unexpected practical application for a common issue I encounter at work. Sometimes, people forget things, don’t document things especially in dev environments (hopefully not so much in production), one of those things is passwords, passwords for database accounts, or for an account that has some authorization the application needs. If a dev forgets a password or can’t find where it was documented, it’s many times better to just recover the password, rather then reset the password, especially if the account is used by the application in local dev environments, etc. [Read More]
ibm  websphere  crypto  python  security