Difference between revisions of "Episode337"

From Security Weekly Wiki
Jump to navigationJump to search
Line 85: Line 85:
==Jack’s Stories==
==Jack’s Stories==
#[https://blog.bit9.com/2013/06/29/has-google-finally-closed-the-android-orphanage/?utm_source=BLOG-has-google-finally-closed-the-android-orphanage-6.30.2013&utm_medium=Twitter&utm_campaign=Social+Media Android security is starting to suck less]
== Allison's Stories ==
== Allison's Stories ==
==Patrick's Stories==
==Patrick's Stories==

Revision as of 21:53, 2 July 2013

Episode Media


PaulDotCom Security Weekly - Episode 337 for Thursday July 2nd, 2013

  • The Hills have IPs!! Defensive Intuition (the Consulting arm of PaulDotCom Enterprises) and Black Hills Information Security have joined forces to offer all your training, Active Defense and pen test needs! Visit www.blackhillsinfosec.com for more information.
  • We are looking for sponsors for monthly webcasts in conjunction with SANS - contact paul -at- hacknaked.tv for details!
  • The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Sunday nights at 8:30PM EST. Come have a cigar with us! If you are in the Rhode Island area please visit our sponsor the Havana Cigar Club, its an awesome place to have a drink! Make sure you print out your $5.00 off coupon here!
  • BSides RI recap and wrap-up. We are already actively working on next year, we're looking for sponsors and volunteers, and we have a web site! http://bsidesri.org

Interview: Matt Bergin of Core Impact


Matt "Level" Bergin, age twenty four, works for CORE Security as a Senior Security Consultant where his day job consists of discovering, exploiting, and mitigating vulnerabilities in their client’s network environments. Before joining CORE, Matt became well recognized in the industry through his activities in the US Cyber Challenge and publications of vulnerability research such as his discovery of the Microsoft IIS 7.5 FTP Heap Overflow.

Interview Questions:

  1. What is kfuzz, and what does it do?
  2. What would be a good application of kfuzz? any examples in the wild?
  3. Tell us about what else you are presenting at Black Hat.

Five Questions:

  1. Three words to describe yourself
  2. If you were a serial killer, what would be our weapon of choice?
  3. In a game of ass grabby-grabby do you prefer to go first or second?
  4. If you wrote a book about yourself, what would the title be?
  5. Stranded on a desert island, which tablet would you bring with you if you could choose only one: Android, iPad or Surface?

Tech Segment: Kati Rodzon & Mike Murray of MAD Security on Social Engineering War Stories

Social Engineering War Stories


Social engineering is the art of coercing -let face it manipulating- someone into giving you information, allowing you access, or doing something for you. It's basically the art of behavior modification and moment-to-moment training.


Fresh off of a physical penetration test for a major company, Michael and Kati will talk about the psychological techniques that do and do not work. When is it time to blend it? When is it time to stand out? What patterns of behavior can be used to your advantage?


Many of the techniques talked about are taken from basic social psychology as well as behavior analysis and modification theory. Even though these topics are traditionally small scale, Michael and Kati will discuss how they are applied on a larger scale in a pentest.



Paul's Stories

  • <a href="http://packetstormsecurity.com/files/122169/sctp_reverse.py.txt">SCTP Reverse Shell</a>
  • <a href="http://securityspread.com/2013/07/01/modem-secure/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29">Is your modem secure? | Security Spread</a>
  • <a href="http://blog.whitehatsec.com/blind-sql-injection-what-is-it-good-for/">Blind SQL Injection – What is it Good For? | WhiteHat Security Blog</a>
  • <a href="https://isc.sans.edu/diary/HP+iLO3iLO4+Remote+Unauthorized+Access+with+Single-Sign-On/16034">ISC Diary | HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On</a>
  • <a href="http://blog.beefproject.com/2013/06/cross-domain-communication-with-jsp.html">BeEF - The Browser Exploitation Framework Blog: Cross-domain communication with a JSP shell from a browser hooked with BeEF</a>
  • <a href="http://blog.spiderlabs.com/2013/06/the-problem-with-networks-.html">The Problem With Networks ..... - SpiderLabs Anterior</a>
  • <a href="http://www.networkworld.com/news/2013/070113-two-malware-programs-help-each-271419.html?source=nww_rss">Two malware programs help each other stay on computers</a>
  • <a href="http://news.hitb.org/content/mit-researchers-can-see-through-walls-using-wi-vi">MIT researchers can see through walls using 'Wi-Vi'</a>
  • <a href="http://news.hitb.org/content/hackers-africa-are-building-their-own-aircraft">Hackers in Africa are building their own aircraft</a>
  • <a href="http://www.darkreading.com/vulnerability/3-stupid-corporation-tricks/240157563">3 Stupid Corporation Tricks</a>
  • Larry’s Stories

    Jack’s Stories

    1. Android security is starting to suck less

    Allison's Stories

    Patrick's Stories