= Announcements =
PaulDotCom Security Weekly - Episode 240 for Thursday April 21st, 2011 - What we learned at Source Boston.
* [https://cybersecurityworldevents.webex.com/cybersecurityworldevents/onstage/g.php?t=a&d=667180810 Register now] for Wednesday's Late Breaking Computer Attack Vectors Webcast Sponsored by Core Security - April 27th at 2PM EDT.
* El primer Episodio de
PaulDotCom Espanol [http:// pauldotcom.com/wiki/index.php/PaulDotCom_Espanol esta disponible aqui]
* [http://hackerrun.com/doku.php Born To Run (and Hack)] - Don't forget to sign up for Hacker run! Team Pesce is training in April for [http://www.kintera.org/faf/home/default.asp?ievent=464980 Purple Stride] on May 15th.
PaulDotCom Blackhat Training Part 1''' [http://blackhat.com/html/bh-us-11/training/pauldotcom-offensive.html Sign up] for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!
PaulDotCom Blackhat Training Part 2''' [http://blackhat.com/html/bh-us-11/training/bh-us-11-training_TEN-AdvNessus.html Sign up] for "Advanced Vulnerability Scanning Techniques Using Nessus" July 30-31 or August 1-2
* Larry is teaching SANS 617 SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses in the only country he is licensed to teach in - Canada! Catch him in Victoria May 9 to May 14th.
* [http://charlotteissa.org/content/8th-annual-charlotte-issa-security-summit-registration Register now for the] 8th Annual Charlotte ISSA Security Summit featuring the 3 buffest people in InfoSec:
PaulDotCom, Ed Skoudis, and Chris Hadnagy, all on May 5th.
* DerbyCon : Louisville, Kentucky – September 30th to October 2, 2011. Catch Carlos Perez's training session - "Automating Post Exploitation with Metasploit".
= Tech Segment: Trapping Attackers in Your WebLabyrinth =
Tech Segment: Installing & Configuring WebLabyrinth ==
== Step 1: Download it! ==
You can get Ben's awesome code from the [http://code.google.com/p/weblabyrinth/ WebLabyrinth Google Code Site]. I then download it like this:
# wget http://weblabyrinth.googlecode.com/files/weblabyrinth-0.3.0.tar.gz
== Step 2: Install it! ==
tar zxvf weblabyrinth-0.3.0.tar.gz
cp * /var/www/labyrinth/
I sent Ben some corrections, here's what the commands should be:
I've got a few different ways, the first is re-write rules:
<pre>RewriteRule ^/admin$ http://
pauldotcom.com/labyrinth/ [R]RewriteRule ^/secret/$ http:// pauldotcom.com/labyrinth/ [R]</pre>
Then use some robots.txt action:
You will now see people getting caught in the trap. This is great data to send to you SEIM. I have yet to play with the alerting, but want to mod it to write to a log, rather than email, so you can include that in your SEIM.
= Stories For Discussion =
== Larry's Stories ==
== Paul's Stories ==
== The Interns' Stories ==
[http://www.guardian.co.uk/technology/2011/apr/20/iphone-tracking-prompts-privacy-fears iPhone tracks your iMovements & then syncs to your iTunes!]
== Carlos' Stories ==