Archive for the ‘Security’ Category

Web Services explaination

Saturday, October 5th, 2013

When I find really good links to explain things I tend to want to keep them.  Here is a link that explains web services and how to pentest them.

http://resources.infosecinstitute.com/web-services-penetration-testing-part-1-2/

 

 

Derbycon 3.0 Saturday Night & Sunday

Sunday, September 29th, 2013

Well,

I haven’t been to sleep yet.  Yesterday I sat down for a few talks.  One of which I thought was awesome was the talk on Browser Pivoting by Raphael Mudge.  Pretty cool watching what he was doing with the VM’s and I happen to have a copy :D.  So it will be great to get it into my lab and play with it.  The scary part is that he did some things with certs and SSL that is kinda scary!

Saturday night was pretty awesome.  Got to watch the sun rise at the pier!

Derbycon 3.0 Friday Night

Saturday, September 28th, 2013

not every geek with a commador 64 can hack into nasa…

Got to watch Dual Core perform like rock stars!  It’s great to follow a group from the beginning and see how big they have gotten.  Nerdcore is music that touches home.  Probably the only kind that almost every song means something. So I will support these guys til the end of time!

On an even sweeter note got to hand out with them after the concert.  Just got back from hanging out with Dual Core, IllWill from 2600 and a few others.  Boy did I have a blast!  Everyone was mad cool.  No one was left behind and everyone had a good time!  Didn’t get home til 5:30am.  HEH.

If you are interested in nerdcore totally check out Dual Core.   Here is a link to the groups youtube channel.

Dual Core Youtube Channel

Derbycon

Tuesday, September 24th, 2013

Tomorrow,

I get to go to Derbycon for the first time.  I am extremely excited and can’t wait to get there.  I don’t get to many go to many new cons. So I can’t wait!

TLS BEAST and CRIME

Tuesday, August 6th, 2013

If you  have been any type of security assessment/audit TLS BEAST and CRIME  has been seen.  Here is an article done by Omar Santos over on the cisco blogs.

This year at Black Hat USA, Angelo Prado, Neal Harris, and Yoel Gluck uncovered a new attack and a tool they called BREACH, which is based on some of the previous research by the folks behind CRIME.

 

http://blogs.cisco.com/security/breach-crime-and-blackhat/

Security tube – Courses

Wednesday, January 9th, 2013

While looking at security tube I noticed that they had courses and certifications.  I knew they had them but never really paid too much attention to it.  There is a paid version and a community version.  The community version provides the same videos as the paid version for free!  Vivek has been kind enough to provide these to the security community in an effort “to provide quality yet free infosec education to one and all”  I highly recommend these courses if you are looking to learn more about security or learn a scripting language.

You can find the courses located here:

http://securitytube-training.com/online-courses/

Hacking Lab OWASP Top 10 challenge

Saturday, October 6th, 2012

I am always looking for ways to keep my skills up.  I have found looking for challenge sites a way of doing that.  Sometimes it can be very hard if you are newish to network security but don’t have a great lab to test your skills.  Hacking-Lab is a great way of doing that.

Oh I forgot the best part.. its free!

https://www.hacking-lab.com/Remote_Sec_Lab/free-owasp-top10-lab.html

VirtualBox Adventures

Wednesday, September 26th, 2012

I installed Backtrack 5R3 in VirtualBox.  I have always used VMware and figured I would give it a try.  It isn’t so bad.  It has a lot of networking features I look forward to messing with. :).

Burp Suite Framework you say!

Tuesday, August 7th, 2012

James Lester & Joseph Tartaro: “Burp Suite: Informing the 99% of what the 1%’ers are knowingly taking advantage of

Burp Suite has created a name for itself as arguably one of the go-to weapons of choice for web application pentesters, but one of its best features is consistently being ignored: the ability to append or modify functionality through the use of burp extensions. Extensions as a feature have introduced users to numerious possibilities, and have given opportunities to easily develop functionality that’s necessary to complete required test related tasks. With all that is available through Burp extensibility, why have we not seen its users contribute functionality to the same degree as community driven projects such as MetaSploit or the Nmap Scriptability Engine? In this presentation, James Lester and Joseph Tartaro will debut their campaign, which focuses on building demand, support, and an overall desire around the creation of Burp extensions in the hope of bringing extensibility to the forfront of web application testing. As a team, James and Joseph will begin by outlining the current demand, capabilities, and limitations while introducing up to a dozen extensions they created that presently utilize all current accessible functionality within the extensibility suite. Along with the release of these extensions, a campaign will be presented to organize and develop an extension community that documents tool primers, lessons learned, and tips/tricks, along with hosting extensions and tools catered to Burp. As a team, Joseph and James will showcase the benefits to their approach, which include increased efficiency and a simplified way to write new scripts. During development of this talk, James and Joseph took into consideration that re-use is a key factor and development techniques were used to help test user adaptation. Something learned isn’t research until it’s shared, and they plan to put this statement to practice utilizing B-Sides as a perfect tool to help collect data, convey interests, and share results.

Looking for labs in all the wrong places?

Friday, July 27th, 2012

So,

I was looking for labs to assist me in my GPEN studies.  I figured if I post them here then everyone can benefit from these links.

http://g0tmi1k.blogspot.de/2011/03/vulnerable-by-design.html?m=1