Changes

From Security Weekly Wiki
Jump to navigationJump to search
1,437 bytes added ,  00:52, 11 October 2014
m
Text replacement - "[PaulDotCom]" to "[Paul]"
= Shameless Plugs & General Announcements =
PaulDotCom Security Weekly - Episode 197 198 - For Thursday May 6th.
* Sign up for "Advanced Vulnerability Scanning Using Nessus" being offered at [http://blog.brucon.org/2010/03/announcing-brucon-training-5-advanced.html Brucon] and [http://www.blackhat.com/html/bh-us-10/training/bh-us-10-training_TEN-AdvNessus.html Black Hat Las Vegas]!
* [http://www.sans.org/vlive/details.php?nid=20709 Hacker Techniques and Incident Response] with Ed Skoudis and John Strand, in your living room via SANS vLive! Pants are optional. IN504 gets you 25% off. http://www.vergenet.net/~conrad/scripts/pants.html
=Episode Media= [http://traffic.libsyn.com/pauldotcom/pauldotcom-SW-ep198.mp3 mp3] = Guest Interview: [http://www.emergingthreats.net Matt Jonkman& Will Metcalf] =
== BACKGROUND ==
Matt Jonkman is the founder of Emerging Threats, and spent five years in the Army as an Air Traffic Control RADAR and Communications Tech. He currently works for Metaflows under NSF grant funding as well as leading Emerging Threats and the OISF.  Will Metcalf is the QA lead for OISF. He's both breaker and producer of code for the Suricata IDS and has worked on the snort_inline project. 
[http://www.openinfosecfoundation.org Suricata, the Open Source Intrusion Detection and Prevention engine]
== Questions ==
 
# How is Emerging Threats going?
# What kind of new rules are you coming up with and how do they work?
# What do they emerging threats firewall rules do?
# What is Suricata?
# Most organizations I encounter that run IPS do so in "log only" mode, what can we do to change this? Does Suricata help with this problem and if so how?
# No question that open source IDS and IPS tools are awesome, but there is a lot of maintenance required to run them and keep them updated, what do you recommend people do to ease this maintenance?
# There are many IDS/IPS evasion tactics out there, what can we do to prevent attacks from slipping past the IDS/IPS?
# What do you think of Tipping Points Zero day initiative and their customers receiving IDS updates for 0days?
# What can we do to push vendors to release details about vulnerabilities so that we can write IDS rules?
= Tech Segment: Zone Transfers & Embedded Systems =
Sweet! Here are some easy ways to find all those DDNS providers:
* http://www.dmoz.org/Computers/Internet/Protocols/DNS/DNS_Providers/Dynamic_DNS/* http://www.oth.net/dyndns.html
You can put them in a list and do something like these:
STOP_WLDCRD false yes Stops Brute Force Enumeration if wildcard resolution is detected
WORDLIST /home/paulda/msf3/data/wordlists/namelist.txt no Wordlist file for domain name brute force.</pre>
 
Credits: Thanks to Mark Baggett for providing me with help on the zone transfer information and DDNS providers!
= Stories For Discussion =
#[http://www.locusmag.com/Perspectives/2010/05/cory-doctorow-persistence-pays-parasites/ Getting phished can happen tot he best of us] - [Larry] - It just goes to show that someone who is savvy can get owned. Of course they were able to realize that they had been phished, and what it meant, AND how to address it. How many of our grandmas would know?
#[http://icanstalku.com/ I can stalk you!] - [Larry] - Hmm, how about stalking through twitter. This project is intended to raise awareness on inadvertent information sharing through social networks by harnessing teh power or metadata.
# [http://www.irongeek.com/i.php?page=videos/whas11-webcam-exploit&mode=print Irongeek on the news!] - [PauldotcomSecurity Weekly] - "I always feel like somebody's watching me!". Pretty neat stuff, trying to figure out what payload he is using to activate the remote payload to snoop on the webcam. I always thought this was a neat payload.# http://carnal0wnage.blogspot.com/2010/01/layer-four-traceroute.html Layer 4 Tracerout] - [PaulDotComPaul] - This is a really neat traceroute program because it finds ways to get around filters to make traceroute work. I find it interesting to see which ISP the target is using and be able to gather the IP address of their upstream router. If you can successfully attack the upstream router, its game over for the target.# [http://jvn.jp/en/jp/JVN14313132/index.html Cisco Router and Security Device Manager XSS] - [PaulDotComPaul] - Anytime you can get an XSS on the software that manages the entire network, SCORE! This XSS attack lives on the SDM, software used to manage Cisco routers and firewalls. Let me make a guess, it yours called "sdm.yourinternaldomain.com"? Could I try to launch an attack against it by sending email? Sure can...# [http://www.computerworld.com/s/article/9176371/Hacker_develops_multi_platform_rootkit_for_ATMs?source=rss_news Hacking ATMS - You do know Jack] - [PaulDotComPaul] - Barnaby Jack does some really awesome research, primariy in embedded systems. This time he's targeting ATMs. His previous employer, Juniper networks, made him pull his talk on ATM security last year because the vendors complained. This year, he's just got a new job at IOActive and will deliver the talk, and talk about two different model ATMs from two different manufacturers and their software vulnerabilities. Jeff Moss is quoted as saying, "Apparently you can make all the money come out". Freaking sweet! And good for Barnaby Jack (BJ for short?) for leaving an doing whats right, rock on man!# [http://sunbeltblog.blogspot.com/2010/05/facebook-remote-login-flash-drive.html Fake Facebook Login] - [Security Weekly] - USB flash drive on public computer pops up Windows cmd.exe and prompts for Facebook login. Its LOLZY!
= Other Stories =

Navigation menu