DefCon 22 and BSides LV recap

I managed to make it to Vegas in a rather unexpected way, what originally was a planned beach trip ended up not working out, and I ended up being able to join FALE at BSides LV and DefCon 22.

table

I was working in the mornings, but most of my free time at BSides LV was spent at our lockpick village where we were joined by someone making hand made lockpicks as you can see above. I didn’t get to attend any talks, but the talks were found online shortly after, my favorite one being the Hack the Gibson talk which focused on IBM mainframes. Very educational considering I work with mainframes and do some operations on them at work. Jon McAfee, yes, that McAfee also made an appearance, which was interesting to say the least. He talked a little about his version of events regarding his recent troubles in Belize. Including alleged hired assassins out to get him, his personal spy ring, and people popping out from behind trees they’re hiding behind, and snapping pictures, etc. Later, he shifted into some Snowden-esque persona rallying for personal privacy online, and plugged his new product that spys on spyware, not sure how you protect yourself from spyware by installing his “trusted” spyware, but that was the sales pitch from my view. Also, there was the tower of vendor distributed condoms, collectively named “Bonerhenge”, built by some people who apparently didn’t have a better use for them in Vegas, thus had some time on their hands.

[Read More]

Reverse XOR'ing WebSphere Passwords

Some of the lessons I’ve learned from the Matasano Crypto Challenge has already had unexpected practical application for a common issue I encounter at work. Sometimes, people forget things, don’t document things especially in dev environments (hopefully not so much in production), one of those things is passwords, passwords for database accounts, or for an account that has some authorization the application needs. If a dev forgets a password or can’t find where it was documented, it’s many times better to just recover the password, rather then reset the password, especially if the account is used by the application in local dev environments, etc.

[Read More]

Metasploitation

So I’ve been using some of my spare time to experiment with and learn how to use Metasploit. I’ve been familiar with Metasploit for a while now, so this isn’t really about learning something new so much as it is finally getting familiar with a tool that I’ve messed with only a little in the past. Part of this is because I have no programming projects to occupy myself with since I have a real problem finding an interesting problem or project that I can code a solution for. Metasploit is also something I feel I should know how to use, if I ever want to run a quick pentest against my own network, etc.

[Read More]

Fierce

I’ve been learning a little bit about security and penetration testing in my spare time. I have some friends who are professionals in the industry and I have an interest in it myself so when they mention a tool I like to take a look at what it does and learn a little bit about it.

Fierce is a domain scanning tool, what that means is it scans an organization’s domains for listed hosts. For example, a target company may have several non-contigious IP ranges or have branch sites or locations that aren’t using the same public IP’s as say their website or main office. By scanning their DNS records you might discover some hosts on IP’s that weren’t in the same scope as say their website or primary data center, and thus may be hosts that aren’t as vigilantly maintained. An organization’s IT department might have hosts or backdoors to access a branch location they setup for themselves that they setup a domain name for (ex:branch32-jumphost.company.com) that isn’t apparent by scanning a single IP address range.

[Read More]

CarolinaCon 9

CarolinaCon 9 was this weekend in Raleigh, NC which I attended Saturday. I was also there as a representative of FALE to help host their lock pick village.

There were several talks given by some of the FALE members, one titled “Terminal Cornucopia” by treefort was on how ineffective TSA security theater is at preventing weapons from making it onto an airplane. There was a demonstration of a club called “Murica” made with items purchased in the terminal behind TSA security checkpoints consisting of a copy of the Declaration of Independence, with a pointy metal souvenir model of the Washington monument protruding from it. I actually missed this one, but saw and held the hefty “Murica” and can honestly say a violent individual could do some serious damage with it.

[Read More]