Link to pictures of the CDC 2005 event at Iowa State University. The CDC is the CyberDefense Competition held at ISU where teams of students attempt to defend their networks against a team of attackers (usually area professionals) over the course of an entire weekend. The event is reminiscent of Defcon’s Capture the Flag, but with a much more instructive mentality. I wish we had this much stuff in this field at ISU back when I was a student! A version of this is also being held annually where high school teams are the defenders and college students are the attackers.

There are scripts and various automatic ways of hardening a Linux system, but nothing is more informative and instructive than doing many of the tweaks and settings manually. I liked this post because it really delved into a few of the particulars and exactly what is going on.

This paper is very advanced using a lot of different skills, but it does demonstrate how to abuse SNMP on a Cisco router to get its configuration file, and then have some fun with Generic Routing Encapsulation (GRE).

Information Overload. Kind of hard to admit that I am nearing that point, since I completely love learning things and absorbing knowledge. But the IT, techie, world has been doing that to me lately…really kicking my ass. I want to learn so much, catch up on things over the years that I missed because I wasn’t a packet geek or into coding as a child (yeah, right!). I have an entire different part of this site dedicated to postings and news and links and tidbits of knowledge that I have happened across in the past few years (I keep these separate because, well, it’s just for me). I have a huge list of bookmarks in my web browser that are “pending” things to check out, usually tools, large sites, or long papers that I didn’t have time to fully deal with back when I was made aware of them. I have dozens upon dozens of books that are half-started or not yet read…as if just owning them means I can somehow claim the knowledge locked away.
I don’t have enough hours in my day, enough days in my life, to learn all this stuff like I want to learn it. That’s frustrating beyond belief.
Couple this with my recent soul-searching about my career. I love my career to date and where it is going, but I’ve had some thoughts that maybe specializing a bit more would be beneficial.
Now that I was working on “that other” part of my site that will remain mysteriously locked away, I have realized that my categorizing of information is almost manic at this point. It is still a mess and I’m not happy with having all this knowledge in front of me and just not having the time to get to it. Maybe I should specialize that too?
It kinda makes sense, but while I am happier to do this with my young career, I’ll likely not adopt that quite too soon with my thirst for knowledge…but I certainly need to slow down and instead of blitzing this realm, to sit back, clear off the desk, and focus on a few things at a time and truly enjoy and experience them.

NRMC has posted a presentation delivered at Schmoocon this year on Hacking the Friendly Skies. The presentation starts out like most any discussion on wireless security, but then takes a turn for the sinister by delving into FakeAP attacks. What really makes this presentation excellent are the later reports of just how many systems were found. When you combine Windows XP’s affinity for associating to anything that says hello and user affinity for not patching their systems and running a firewall you get some pretty satisfying results. And if you look closely, some of the vulnerable systems were some pretty trusted/important-sounding people. Yikes!

Illustrated Guide to Crypt Hashes

Airpwn is a quick C tool that can inject http content (and other content) into wireless 802.11b networks. Tested at Defcon12; supposedly the only reliable part of the tool is to replace all http images with an image/redirect of your choosing. Might be interesting to play with on a nix box.

Update: article on using airpwn.

PublicIP.net has open source (read: free!) tools for hotspot operators. Granted, the tools are not *quite* as feature-laden as expensive commercial tools, but I must say this looks pretty darn amazingly useful anyway, especially for small coffeeshops or local hotspots as opposed to the national franchises or hotels or something.

This is a LinuxExposed article on wireless hacking.

Cleaning out some old bookmarks I came across this pretty cool find: a forum tutorial on recovering and then cracking cached domain credentials on a Windows machine. Not only is this tutorial practical to follow and use, but it gives ammunition to anyone who challenges setting Windows cached credentials to 0. Sadly, this butts right up against laptop users who, when they log in at home, need the cached credential to use the system.

For possible future pen-test work that I’d love to do someday, this might be useful to test policy. If I can get my hands on a system or even get a local admin to come over and troubleshoot my system by logging in as himself, I can use that cached credential and crack it. This is exactly why I made sure to let users log in right after I had been logged into their machines to clear the 1 cached credential that I allowed my systems to retain.

A SANS Tool Talk Webcast: Anatomy of an Attack.

A thorough examination of sql injection attacks using examples.

There is a fairly new blog out called Checkmate that deals with forensics and other things security. Here are some choice pieces to check out so I can catch up:

rainbow tables
timestompe
xp’s built-in spyware
userassist
apache and squid logs

Sans has a bit on defeating a DOS attack. They also have a webcast I’d like to check out on the same topic.

I should get the Log Parser book sometime, as it goes over things on this site about the Microsoft logparser tool. This should be useful to use to perform adhoc and maybe some scripted queries against single or groups of logs.