Episode337

From Paul's Security Weekly
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
BlackSquirrel
Onapsis

Episode Media

MP3

Announcements

Security Weekly - Episode 337 for Tuesday July 2nd, 2013

  • The Hills have IPs!! Defensive Intuition (the Consulting arm of Security Weekly Enterprises) and Black Hills Information Security have joined forces to offer all your training, Active Defense and pen test needs! Visit www.blackhillsinfosec.com for more information.
  • We are looking for sponsors for monthly webcasts in conjunction with SANS - contact paul -at- hacknaked.tv for details!
  • The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Sunday nights at 8:30PM EST. Come have a cigar with us! If you are in the Rhode Island area please visit our sponsor the Havana Cigar Club, its an awesome place to have a drink! Make sure you print out your $5.00 off coupon here!
  • BSides RI recap and wrap-up. We are already actively working on next year, we're looking for sponsors and volunteers, and we have a web site! http://bsidesri.org

Interview: Matt Bergin of Core Impact

Biography:

Matt "Level" Bergin, age twenty four, works for CORE Security as a Senior Security Consultant where his day job consists of discovering, exploiting, and mitigating vulnerabilities in their client’s network environments. Before joining CORE, Matt became well recognized in the industry through his activities in the US Cyber Challenge and publications of vulnerability research such as his discovery of the Microsoft IIS 7.5 FTP Heap Overflow.

Interview Questions:

  1. What is kfuzz, and what does it do?
  2. What would be a good application of kfuzz? any examples in the wild?
  3. Tell us about what else you are presenting at Black Hat.


Five Questions:

  1. Three words to describe yourself
  2. If you were a serial killer, what would be our weapon of choice?
  3. In a game of ass grabby-grabby do you prefer to go first or second?
  4. If you wrote a book about yourself, what would the title be?
  5. Stranded on a desert island, which tablet would you bring with you if you could choose only one: Android, iPad or Surface?

Tech Segment: Kati Rodzon & Mike Murray of MAD Security on Social Engineering War Stories

Social Engineering War Stories

About

Social engineering is the art of coercing -let face it manipulating- someone into giving you information, allowing you access, or doing something for you. It's basically the art of behavior modification and moment-to-moment training.

How

Fresh off of a physical penetration test for a major company, Michael and Kati will talk about the psychological techniques that do and do not work. When is it time to blend it? When is it time to stand out? What patterns of behavior can be used to your advantage?

References

Many of the techniques talked about are taken from basic social psychology as well as behavior analysis and modification theory. Even though these topics are traditionally small scale, Michael and Kati will discuss how they are applied on a larger scale in a pentest.


Announcement

Stories

Paul's Stories

  • <a href="http://packetstormsecurity.com/files/122169/sctp_reverse.py.txt">SCTP Reverse Shell</a>
  • <a href="http://securityspread.com/2013/07/01/modem-secure/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29">Is your modem secure? | Security Spread</a>
  • <a href="http://blog.whitehatsec.com/blind-sql-injection-what-is-it-good-for/">Blind SQL Injection – What is it Good For? | WhiteHat Security Blog</a>
  • <a href="https://isc.sans.edu/diary/HP+iLO3iLO4+Remote+Unauthorized+Access+with+Single-Sign-On/16034">ISC Diary | HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On</a>
  • <a href="http://blog.beefproject.com/2013/06/cross-domain-communication-with-jsp.html">BeEF - The Browser Exploitation Framework Blog: Cross-domain communication with a JSP shell from a browser hooked with BeEF</a>
  • <a href="http://blog.spiderlabs.com/2013/06/the-problem-with-networks-.html">The Problem With Networks ..... - SpiderLabs Anterior</a>
  • <a href="http://www.networkworld.com/news/2013/070113-two-malware-programs-help-each-271419.html?source=nww_rss">Two malware programs help each other stay on computers</a>
  • <a href="http://news.hitb.org/content/mit-researchers-can-see-through-walls-using-wi-vi">MIT researchers can see through walls using 'Wi-Vi'</a>
  • <a href="http://news.hitb.org/content/hackers-africa-are-building-their-own-aircraft">Hackers in Africa are building their own aircraft</a>
  • <a href="http://www.darkreading.com/vulnerability/3-stupid-corporation-tricks/240157563">3 Stupid Corporation Tricks</a>
  • Larry’s Stories

    Jack’s Stories

    1. Android security is starting to suck less
    1. The Shadowcrew forum was taken down in 2004 but the search for the people behind it didn't stop there. Aleksi Kolarov has finally been extradited to the US and was arraigned in Newark yesterday.


    Allison's Stories

    Patrick's Stories