From Security Weekly Wiki
Revision as of 18:36, 12 January 2012 by Pauldotcom (talk | contribs)
Jump to navigationJump to search

Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 273 for Thursday January 12th, 2012.

  • Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Wether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being relesaed and talk "Stogie Tech".

Guest Technical Segment: Chris "loganWHD" Hadnagy on Framing

Chris Hadnagy, aka loganWHD focuses on the "human" aspect of technology such as social engineering and physical security. Chris is also the lead developer of Social-Engineer.Org as well as author of the best-selling book Social Engineering: The Art of Human Hacking and has co-authored a ground breaking course on Social Engineering to be given in the UK, Seattle, and Vegas. He's on tonight to give us a taste of one of the topics on the course: Framing in Social Engineering.


Chris was last on PaulDotCom in Episode 216, October 2010

Training Info

Registration link

Class Syllabus

  1. What is framing?
  2. Give us some examples of how you use Framing in an SE engagement.
  3. How can you 'teach' framing in a course?
  4. How do you adjust your framing once you dentify the target’s dominant communication style?
  5. For your Social Engineering podcast on Framing, you interviewed Sam Yagan of www.okcupid.com. Do you think statistical analysis is accurate and can be used in Social Engineering? Have you used any of their research in your SE engagements?
  6. What have you learned about Framing and Social Engineering from your course partner, Robin Dreeke?
  7. What was your favorite section of the course?
  8. We've heard there are homework assignments, specifically, getting the brasize of a stranger at the mall in a non-sexual way. Will you do a writeup of the student failures? :)
  9. Is it true students who fail assignments have a make-up assignment that consists of dumpster diving? :)
  10. How do you 'certify' one is a Social Engineer?
  11. Does the FBI conduct any SE training for its agents?

Tech Segment: Using pfSense and an Alix.6F2 For A Wireless Access Point

TIP: For the segment on how we built my pfsense firewall, see this document.

I wanted a new access point. I have stacks of WRT54G series routers, and they are good, but often aren't up to the task. They are low in memory and processing power, and share one single 10/100 Ethernet bus. This limits their usage for things like streaming HD. Can you do it? Sure. My other problem was the WRT54G I had was constantly needing to be power cycled. All my old ones either went to friends and family members, bricked, or are in pieces somewhere. I bought a shiny new Dlink Dir-655, but after about a year it crapped out on me, actually the wireless radio itself died, which turns out to be a common problem. So, I wanted to build something myself out of really good hardware, and use real software like pfsense, and have an access point that would just kick ass.

Hardware List

All hardware for this project came from www.netgate.com:

  1. ALIX.6F2 Kit Black Unassembled - $188 - This kit comes with the board, power supply, CF card, and enclosure.
  2. Atheros WLM54G-HP mini PCI Card, U.FL to RP-SMA pigtails (two), 5.5 dbi rubber duck antennas (two) - $88 - This is the wireless card, with all the fixings!
  3. 2.4 GHz 9 dBi Rubber Duck Omni Antenna RP-SMA - Bigger is better, right? I want to cover my entire house with one 802.11g access point.

Total cost: $305.77

Get pfSense and Install on CF Card

For the embedded version, make sure you get the NanoBSD images.

Important, verify that you are installing the operating system on the correct disk image:

# df -h
Filesystem      Size   Used  Avail Capacity  Mounted on
/dev/disk0s2   465Gi  425Gi   40Gi    92%    /
devfs          185Ki  185Ki    0Bi   100%    /dev
map -hosts       0Bi    0Bi    0Bi   100%    /net
map auto_home    0Bi    0Bi    0Bi   100%    /home
/dev/disk1s1   7.5Gi  805Mi  6.7Gi    11%    /Volumes/AVST

On OS X, for example, the OS disk is "disk0", try not to overwrite that one (even though you'd likely get an error that its already in use, however I did not test that!). Then use the following command to dump the image on the CF card:

# gzcat pfSense-2.0.1-RELEASE-2g-i386-nanobsd.img.gz | dd of=/dev/disk3 bs=16k

Now go get a cup of coffee, it takes a while. Notice I used the image labeled "2g", for 2 gig, which is the size of my card.

Configure an IP address in the Serial Interface

I used OS X for this, and used the following tools:

  1. zTerm - Excellent serial interface software, works well.
  2. Plugable USB to RS-232 DB9 Serial Adapter (Prolific PL2303HX Chipset) - USB serial adapter was $11 on Amazon, handy to have. I had to connect another serial cable to it from some of my old Cisco gear (those connectors should say "Terminal" on them).
  3. Prolific drivers for OS X Lion - I had to get updated drivers to work with the serial adapter that have been updated to work with OS X Lion.

Once you have all that, Follow Mike's instructions located here on setting up the LAN IP address.

Setup the Wifi Interface using the Web UI

Make sure you add the interface on this page by clicking the "+" symbol
Add the LAN and Wifi interface to the same bridge
Set a static IP
Set an SSID and choose your security, I chose "WPA"
More WPA settings
Define your channel settings, choose one not so much in use!
Configure the firewall or the Wifi interface will drop all packets from wireless network to the LAN by default!

Paul's Stories

Larry's Stories

  1. You know what really grinds my gears? - [Larry] - Not truly security related, but I think that the response from Stratfor was , well, strained. They claim that Anonymous is creating censorship, some of that based on the fact that there is no accountability on the internet. Hrm, no accountability. I seem to recall hearing several raids and arrests. I'd also argue that the lack of accountability goes both ways. I mean who was holding Stratfor accountable for having poor security and cleartext CC numbers? Discuss.
  2. Social Engineering on the rise - [Larry] - yeah, no kidding. Why, oft times we find that the internal network is still of the very chewy variety. Best way to get there? Have some code you want there? The human is the last frontier, weakest link and I'd argue, the hardest to secure.
  3. Hacking SCADA going mainstream? - [Larry] - In a politically motivated event, Anonymous publishes IP addresses and login details for Israeli SCADA systems after being branded as terrorists. My argument is that is Anonymous can do it, it has hit the big time.
  4. Shark? We jumped that shit. - [Larry] - Oh, that module that you use to prevent XSS, due to a flaw ALLOWS XSS. Ugh.
  5. Koobface OSINT - [Larry] - Dancho Danchev puts together the pieces to identify the alleged Koobface author. How? The author got sloppy and registered a domain with a phone number used elsewhere in ads for kittens and a BMW for sale. It just goes to show, if you don't want to get caught you need to be meticulous. It also proves that there is no such thing as a perfect crime.

Jack's Stories