Difference between revisions of "Episode342"

From Paul's Security Weekly
Jump to: navigation, search
(Tech Segment: Zach Cutlip)
(Tech Segment: Zach Cutlip)
Line 54: Line 54:
  
 
1) About & Why
 
1) About & Why
 +
 +
  
 
2) How
 
2) How
  
[http://shadow-file.blogspot.com/2013/03/buffer-overflows-with-crossbow-part-1.html]
+
[http://shadow-file.blogspot.com/2013/03/buffer-overflows-with-crossbow-part-1.html walkthrough part 1]
  
[http://shadow-file.blogspot.com/2013/03/buffer-overflows-with-crossbow-part-2.html]
+
[http://shadow-file.blogspot.com/2013/03/buffer-overflows-with-crossbow-part-2.html walkthrough part 2]
  
[http://shadow-file.blogspot.com/2013/03/buffer-overflows-with-crossbow-part-3.html]
+
[http://shadow-file.blogspot.com/2013/03/buffer-overflows-with-crossbow-part-3.html walkthrough part 3]
  
[http://shadow-file.blogspot.com/2013/04/buffer-overflows-with-bowcaster-part-4.html]
+
[http://shadow-file.blogspot.com/2013/04/buffer-overflows-with-bowcaster-part-4.html walkthrough part 4]
  
 
3) References
 
3) References
[https://github.com/zcutlip/bowcaster]
+
[https://github.com/zcutlip/bowcaster bowcaster github]
  
[https://github.com/zcutlip/exploit-poc]
+
[https://github.com/zcutlip/exploit-poc exploit proof of concept]
  
[https://vimeo.com/52954499]
+
[https://vimeo.com/52954499 Here's a video (with cool music) of me popping root on the BT HomeHub]
  
 
4) Plugs
 
4) Plugs
[http://shadow-file.blogspot.com/2013/05/running-debian-mips-linux-in-qemu.html]
+
[http://shadow-file.blogspot.com/2013/05/running-debian-mips-linux-in-qemu.html debian mips in qemu]
  
 
[http://44con.com/speakers Reversing and Exploiting BT CPE Devices]
 
[http://44con.com/speakers Reversing and Exploiting BT CPE Devices]

Revision as of 11:21, 20 August 2013

Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
BlackSquirrel
Onapsis

SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here


Episode Media

[MP3 pt1]

[MP3 pt2]

Announcements

PaulDotCom Security Weekly - Episode 342 for Thursday August 22nd, 2013

  • We've released a book on Offensive Countermeasures! Visit tinyurl.com/OCM-Amazon to add this to your summer reading list.
  • We are looking for sponsors for our September webcast. Contact mike -at- hacknaked.tv for details!
  • The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Thursday nights at 9:00PM EST. Come have a cigar with us! If you are in the Rhode Island area please visit our sponsor the Havana Cigar Club, its an awesome place to have a drink! Make sure you print out your $5.00 off coupon here!


Interview: Phil "Main Framed" Young

Philip-Young.png


Biography:

Philip Young, aka Soldier of Fortran, is a mainframe phreak! His love of mainframes goes back to when he watched Tron, wide eyed, for the first time. Though it would be decades until he actually got his hands on one he was always interested in their strangeness. Phil has always been in to security since his days as a sysop and playing around on Datapac (the Telenet of Canada). Some people build toy trains, others model airplanes, but Phil's hobby is mainframe security.


Five Questions:

  • Three words to describe yourself
  • If you were a serial killer, what would be our weapon of choice?
  • In a game of ass grabby-grabby do you prefer to go first or second?
  • If you wrote a book about yourself, what would the title be?
  • Stranded on a desert island, which tablet would you bring with you if you could choose only one: Android, iPad or Surface?

Tech Segment: Zach Cutlip

Zachary Cutlip.png


Biography:

Zachary Cutlip is a security researcher with Tactical Network Solutions, in Columbia, MD. At TNS, Zach develops exploitation techniques targeting embedded systems and network infrastructure. Since 2003, Zach has worked either directly for or with the National Security Agency in various capacities. Before embracing a lifestyle of ripped jeans and untucked shirts, he spent six years in the US Air Force, parting ways at the rank of Captain. Zach holds an undergraduate degree from Texas A&M University and a master's degree from Johns Hopkins University.

Zach will be going over how he does research on exploiting embedded systems and his exploit development framework bowcaster.

1) About & Why


2) How

walkthrough part 1

walkthrough part 2

walkthrough part 3

walkthrough part 4

3) References bowcaster github

exploit proof of concept

Here's a video (with cool music) of me popping root on the BT HomeHub

4) Plugs debian mips in qemu

Reversing and Exploiting BT CPE Devices

Stories

Paul's Stories

Larry’s Stories

Jack's Stories

Allison's Stories