PaulDotCom Security Weekly - Episode 249 for Thursday June 23d, 2011.
- This month's Late Breaking Computer Attack Vectors webcast will be given by Carlos Perez on Wednesday June 29th at 2 PM EDT
- Los tres primeros episodios de PaulDotCom Espanol con Julio Canto, Lorenzo Martinez, y Chema Alonso esta disponible aqui. Tenemos mas entrevistas en las semanas que vienen....
- Sign up for Blackhat Training Courses:
- PaulDotCom Blackhat Training Sign up for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!
- Tenable Security Blackhat Training Sign up for "Advanced Vulnerability Scanning Techniques Using Nessus" July 30-31 or August 1-2
- DerbyCon : Louisville, Kentucky – September 30th to October 2nd. Catch Carlos Perez's training session - "Automating Post Exploitation with Metasploit" Friday and Saturday of the Con from 4:00PM to 9:00PM.
- Don't forget to Read our blog, Participate on our mailing list, Visit PaulDotCom Insider, Follow us on Twitter, Join the IRC channel at irc.freenode.net #pauldotcom, and Watch our Videos!
- You can Add us on Facebook where we can be "friends"
Interview: Chris Gates
Chris joined the original Titan Team (Lares) in 2011 as a Partner & Principal Security Consultant. Chris is a member of the Metasploit Project, a major contributor to the carnal0wnage attackresearch blog and is known to enjoy business logic flaws, misconfigured databases and the occasional client-side attack.
Chris joined Lares in 2011 as a Partner & Principal Security Consultant. Chris has extensive experience in network and web application penetration testing as well as other Information Operations experience working as an operator for a DOD Red Team and other Full Scope penetration testing teams. Chris holds a BS in Computer Science and Geospatial Information Science from the United States Military Academy at West Point and holds his CISSP, CISA, GPEN, GCIH, CEH, and Security+. In the past, he has spoken at the United States Military Academy, BlackHat, DefCon, Toorcon, Brucon, Troopers, SOURCE Boston, OWASP AppSec DC, ChicagoCon, NotaCon, and CSI. He is a regular blogger carnal0wnage.attackresearch.com and is also a regular contributor to the Metasploit and wXf Projects.
- What's the distinction you make when you say that "repeatable" pentests are really vulnerability assessments (with exploitation) vs. actual pentesting
- What is the Web Exploitation Framework?
- What's the difference between w3af and the wXf framework?
- Will wXf ever be part of Metasploit?
- Tell us about your research such as the recent Attacking Oracle Web Applications With Metasploit talk
- Between the Lares Blog and carnal0wnage.attackresearch.com, when do you sleep?
- We need to start a drinking game - this time based on how many times Chris says "fuzz" or "fuzzing".
Tech Segment: Catching base64 on the network with Kevin Fiscus of NWN Corportation
Kevin is a security architect and consultant with 2 decades of experience in information technology and a decade in compliance, which we won't hold against him. He is currently the Director of NWN Corporation's Security Technology, Assessment and Response (STAR) Team
Kevin will be on to discuss work he's been involved with detecting base64 using Snort. Instead of detecting basic web authentication, he'll be going over other malicious uses for base64 encoding including evading DLP systems that don't involve basic web authentication. Specifically, using snort and a variety of regular expressions to catch base64 on the network.