Difference between revisions of "Episode66"

From Security Weekly Wiki
Jump to navigationJump to search
m (Text replacement - "[PaulDotCom]" to "[Paul]")
 
(15 intermediate revisions by 6 users not shown)
Line 1: Line 1:
= Open-source NAC with Packet Fence =
+
=Episode Media=
 +
 
 +
[http://archive.securityweekly.com/pauldotcom-SW-episode66.mp3 mp3]
 +
 
 +
= Security Weekly - http://securityweekly.com =
 +
 
 +
== Open-source NAC with Packet Fence ==
  
 
[http://www.packetfence.org Packetfence] is an open-source project aimed at providing network access control.
 
[http://www.packetfence.org Packetfence] is an open-source project aimed at providing network access control.
  
 
One of the project leaders, Kevin Amorin, is here to tell us all about it!
 
One of the project leaders, Kevin Amorin, is here to tell us all about it!
 +
 +
BONUS: DHCP Fingerprinting via libpcap! [http://www.packetfence.org/dokuwiki/doku.php?id=dhcpfingerprints Get It Here]
  
 
[http://www.networkworld.com/news/2007/032907-open-source-swarms.html Open source players show a knack for NAC]  
 
[http://www.networkworld.com/news/2007/032907-open-source-swarms.html Open source players show a knack for NAC]  
  
= Stories For Discussion =
+
[https://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror NAC ATTACK!] - ''Researchers in Germany today demonstrated a tool that allows an unauthorized PC to disguise itself as a legitimate client in a Cisco Network Admission Control (NAC) environment, effectively circumventing the networking giant's end-point security strategy.''
 +
 
 +
== WRT54G Wireless Monitor ==
 +
 
 +
Using a WRTSL54GS we have hacked it to:
 +
 
 +
* Sniff wireless packets while channel hopping using kismet_drone
 +
* Monitor bluetooth devices using the bluez stack and a hacked Linksys BT100 Class 1 device with an external antenna connector
 +
* Remotely monitor the 2.4Ghz spectrum with Wi-Spy and a specially ported remote agent called LINUXSpy
 +
 
 +
Live Demo!
 +
 
 +
All these hacks and more will be available in our book, [http://www.amazon.com/Linksys-WRT54G-Ultimate-Hacking-Learning/dp/1597491667/ref=sr_1_1/102-1310806-1653759?ie=UTF8&s=books&qid=1175721070&sr=8-1 Ultimate WRT54G Hacking], and upcoming SANS Course. We have a web site too, [http://www.wrt54ghacks.com www.wrt54ghacks.com]!
 +
 
 +
== Stories For Discussion ==
  
[https://www.securinfos.info/english/the-week-of-vista-bugs.php TWOVB aka The Week Of Vista Bugs] - [PaulDotCom] - This is the year of the week of bugs!  BONUS: [https://www.securinfos.info/passwords-liste-mots-de-passe.html Default Password List] from the same site, kewl!
+
[https://www.securinfos.info/english/the-week-of-vista-bugs.php TWOVB aka The Week Of Vista Bugs] - [Paul] - This is the year of the week of bugs!  BONUS: [https://www.securinfos.info/passwords-liste-mots-de-passe.html Default Password List] from the same site, kewl!
  
[https://www.securinfos.info/english/the-week-of-vista-bugs_day1.php First Bug Released in TWOVB] - [PaulDotCom] - I will borrow from J0hnny Long, and ask l33t or lame?
+
[https://www.securinfos.info/english/the-week-of-vista-bugs_day1.php First Bug Released in TWOVB] - [Paul] - I will borrow from J0hnny Long, and ask l33t or lame?
  
[http://research.eeye.com/html/alerts/zeroday/20070328.html Windows ANI "Unspecified" Vulnerability] - [PaulDotCom] - The link provided contains more resources, a patch installation file, and complete patch source code.  Good, Bad, Indifferent?  I think for individuals, a 3rd party patch is great.  For organizations with more than a few desktops, its debatable. [Larry] - MS released the patch for this on Tuesday, a week early.  QA issues anyone?.  One otof the videos I was on this was great - ANI on desktop sends explorer on Vista into a crash loop.
+
[http://research.eeye.com/html/alerts/zeroday/20070328.html Windows ANI "Unspecified" Vulnerability] - [Paul] - The link provided contains more resources, a patch installation file, and complete patch source code.  Good, Bad, Indifferent?  I think for individuals, a 3rd party patch is great.  For organizations with more than a few desktops, its debatable. [Larry] - MS released the patch for this on Tuesday, a week early.  QA issues anyone?.  One otof the videos I was on this was great - ANI on desktop sends explorer on Vista into a crash loop.
  
 
[http://www.linuxdevices.com/news/NS7064947536.html USB 2.0 hub via 802.11g] - [Larry] - Please buy these.  It will make my job of sniffing your files, keyboard and any other USB transmissions easier.  (Wireshark supports USB snooping).
 
[http://www.linuxdevices.com/news/NS7064947536.html USB 2.0 hub via 802.11g] - [Larry] - Please buy these.  It will make my job of sniffing your files, keyboard and any other USB transmissions easier.  (Wireshark supports USB snooping).
  
[http://remote-exploit.org/research/busting_bluetooth_myth.pdf Busting Bluetooth: Finding Bluetooth Sniffing Hardware] - [PaulDotCom] - From what I can tell you can buy an off-the-shelf bluetooth dongle and turn it into a sniffer by flashing the firmware.  However, this still requires a commercial application to sit on top of this in order to collect the packets. [Larry] I wonder how many other items are like this? Airpcap anyone?
+
[http://remote-exploit.org/research/busting_bluetooth_myth.pdf Busting Bluetooth: Finding Bluetooth Sniffing Hardware] - [Paul] - From what I can tell you can buy an off-the-shelf bluetooth dongle and turn it into a sniffer by flashing the firmware.  However, this still requires a commercial application to sit on top of this in order to collect the packets. [Larry] I wonder how many other items are like this? Airpcap anyone?
  
 
[http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9015399&source=rss_topic85 Radio Shack Dumpster diving] - [Larry] - While not technology, records disposal should be part of your IT (or other) security planning.  Low tech hacking (dumpster diving) often yeilds interesting results.
 
[http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9015399&source=rss_topic85 Radio Shack Dumpster diving] - [Larry] - While not technology, records disposal should be part of your IT (or other) security planning.  Low tech hacking (dumpster diving) often yeilds interesting results.
  
[http://portal.spidynamics.com/blogs/spilabs/archive/2007/04/02/Jikto-in-the-wild.aspx Jikto leaked!] - [Joe] - Billy Hoffman's Shmoocon presentation "JavaScript Malware for a Grey Goo Tomorrow" uncovered a URL to the Jikto source code and LogicX nabbed it. It is now out in the wild... ([http://www.spidynamics.com/spilabs/education/presentations/Javascript_malware.pdf Here is a link to his presentation])
+
[http://portal.spidynamics.com/blogs/spilabs/archive/2007/04/02/Jikto-in-the-wild.aspx Jikto leaked!] - [Joe] - Billy Hoffman's Shmoocon presentation "JavaScript Malware for a Grey Goo Tomorrow" uncovered a URL to the Jikto source code and LogicX nabbed it. It is now out in the wild... ([http://www.spidynamics.com/spilabs/education/presentations/Javascript_malware.pdf Here is a link to his presentation], [http://news.com.com/Tool+turns+unsuspecting+surfers+into+hacking+help/2100-1002_3-6169034.html Here is more info on Jikto])
  
 
[http://www.playfuls.com/news_06782_Hacked_Nude_Snapshots_End_Up_On_Internet.html You too can be a porn star] - [Larry] - Just leave naked pics of your vulnerable and then compromised machine.  HACK NAKED!
 
[http://www.playfuls.com/news_06782_Hacked_Nude_Snapshots_End_Up_On_Internet.html You too can be a porn star] - [Larry] - Just leave naked pics of your vulnerable and then compromised machine.  HACK NAKED!
  
 
[http://www.cbronline.com/article_news.asp?guid=484BC88B-630F-4E74-94E9-8D89DD0E6606 "JavaScript hijacking" <3's Web 2.0] - [Joe] - "Fortify Software, which said it discovered the new class of vulnerability and has named it 'JavaScript hijacking', said that almost all the major Ajax toolkits have been found vulnerable. 'JavaScript Hijacking allows an unauthorized attacker to read sensitive data from a vulnerable application using a technique similar to the one commonly used to create mashups'"
 
[http://www.cbronline.com/article_news.asp?guid=484BC88B-630F-4E74-94E9-8D89DD0E6606 "JavaScript hijacking" <3's Web 2.0] - [Joe] - "Fortify Software, which said it discovered the new class of vulnerability and has named it 'JavaScript hijacking', said that almost all the major Ajax toolkits have been found vulnerable. 'JavaScript Hijacking allows an unauthorized attacker to read sensitive data from a vulnerable application using a technique similar to the one commonly used to create mashups'"
 
[http://taosecurity.blogspot.com/2007/03/help-johnny-long-go-to-uganda.html Do good, not evil] - [Larry] - Jonny has had a grat impace on both Paul and I, so if you can help him with his mission...
 
  
 
[http://www.military.com/features/0,15240,130657,00.html Close to (Conference) home] - [Larry] - Looks like the Navy lost 3 laptops with PII (Personally Identifiable Information) on them...right here, across the harbor here in San Diego.  Password protection doesn't cut it!
 
[http://www.military.com/features/0,15240,130657,00.html Close to (Conference) home] - [Larry] - Looks like the Navy lost 3 laptops with PII (Personally Identifiable Information) on them...right here, across the harbor here in San Diego.  Password protection doesn't cut it!
Line 33: Line 53:
 
[http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/ WEP broken even more...] - [Larry] - Now, 104 bit (weak!) with only 40-80K packets, with 50-95% reliability.  All done in under 60 seconds.
 
[http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/ WEP broken even more...] - [Larry] - Now, 104 bit (weak!) with only 40-80K packets, with 50-95% reliability.  All done in under 60 seconds.
  
[https://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html#eu Blackhat Europe Presentations Online] - [PaulDotCom] - Its a good rule of thumb, when there are hacker cons you are not able to attend, read the presentations, watch the videos, or listen to audio, what ever they provide, its almost as good as going to the con!
+
[https://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html#eu Blackhat Europe Presentations Online] - [Paul] - Its a good rule of thumb, when there are hacker cons you are not able to attend, read the presentations, watch the videos, or listen to audio, what ever they provide, its almost as good as going to the con!
 +
 
 +
[https://www.blackhat.com/presentations/bh-eu-07/Butti/Whitepaper/bh-eu-07-butti-handouts.pdf Wifi Fuzzing Presentation with notes from BH EU] - [Paul] - From the authors of Raw Glue AP
 +
 
 +
== Other Stories For Discussion ==
 +
 
 +
[http://taosecurity.blogspot.com/2007/03/help-johnny-long-go-to-uganda.html Do good, not evil] - [Larry] - J0nny has had a great impact on both Paul and I, so if you can help him with his mission...
  
[https://www.blackhat.com/presentations/bh-eu-07/Butti/Whitepaper/bh-eu-07-butti-handouts.pdf Wifi Fuzzing Presentation with notes from BH EU] - [PaulDotCom] - From the authors of Raw Glue AP
+
[[Category:Show Notes]]

Latest revision as of 00:55, 11 October 2014

Episode Media

mp3

Security Weekly - http://securityweekly.com

Open-source NAC with Packet Fence

Packetfence is an open-source project aimed at providing network access control.

One of the project leaders, Kevin Amorin, is here to tell us all about it!

BONUS: DHCP Fingerprinting via libpcap! Get It Here

Open source players show a knack for NAC

NAC ATTACK! - Researchers in Germany today demonstrated a tool that allows an unauthorized PC to disguise itself as a legitimate client in a Cisco Network Admission Control (NAC) environment, effectively circumventing the networking giant's end-point security strategy.

WRT54G Wireless Monitor

Using a WRTSL54GS we have hacked it to:

  • Sniff wireless packets while channel hopping using kismet_drone
  • Monitor bluetooth devices using the bluez stack and a hacked Linksys BT100 Class 1 device with an external antenna connector
  • Remotely monitor the 2.4Ghz spectrum with Wi-Spy and a specially ported remote agent called LINUXSpy

Live Demo!

All these hacks and more will be available in our book, Ultimate WRT54G Hacking, and upcoming SANS Course. We have a web site too, www.wrt54ghacks.com!

Stories For Discussion

TWOVB aka The Week Of Vista Bugs - [Paul] - This is the year of the week of bugs! BONUS: Default Password List from the same site, kewl!

First Bug Released in TWOVB - [Paul] - I will borrow from J0hnny Long, and ask l33t or lame?

Windows ANI "Unspecified" Vulnerability - [Paul] - The link provided contains more resources, a patch installation file, and complete patch source code. Good, Bad, Indifferent? I think for individuals, a 3rd party patch is great. For organizations with more than a few desktops, its debatable. [Larry] - MS released the patch for this on Tuesday, a week early. QA issues anyone?. One otof the videos I was on this was great - ANI on desktop sends explorer on Vista into a crash loop.

USB 2.0 hub via 802.11g - [Larry] - Please buy these. It will make my job of sniffing your files, keyboard and any other USB transmissions easier. (Wireshark supports USB snooping).

Busting Bluetooth: Finding Bluetooth Sniffing Hardware - [Paul] - From what I can tell you can buy an off-the-shelf bluetooth dongle and turn it into a sniffer by flashing the firmware. However, this still requires a commercial application to sit on top of this in order to collect the packets. [Larry] I wonder how many other items are like this? Airpcap anyone?

Radio Shack Dumpster diving - [Larry] - While not technology, records disposal should be part of your IT (or other) security planning. Low tech hacking (dumpster diving) often yeilds interesting results.

Jikto leaked! - [Joe] - Billy Hoffman's Shmoocon presentation "JavaScript Malware for a Grey Goo Tomorrow" uncovered a URL to the Jikto source code and LogicX nabbed it. It is now out in the wild... (Here is a link to his presentation, Here is more info on Jikto)

You too can be a porn star - [Larry] - Just leave naked pics of your vulnerable and then compromised machine. HACK NAKED!

"JavaScript hijacking" <3's Web 2.0 - [Joe] - "Fortify Software, which said it discovered the new class of vulnerability and has named it 'JavaScript hijacking', said that almost all the major Ajax toolkits have been found vulnerable. 'JavaScript Hijacking allows an unauthorized attacker to read sensitive data from a vulnerable application using a technique similar to the one commonly used to create mashups'"

Close to (Conference) home - [Larry] - Looks like the Navy lost 3 laptops with PII (Personally Identifiable Information) on them...right here, across the harbor here in San Diego. Password protection doesn't cut it!

WEP broken even more... - [Larry] - Now, 104 bit (weak!) with only 40-80K packets, with 50-95% reliability. All done in under 60 seconds.

Blackhat Europe Presentations Online - [Paul] - Its a good rule of thumb, when there are hacker cons you are not able to attend, read the presentations, watch the videos, or listen to audio, what ever they provide, its almost as good as going to the con!

Wifi Fuzzing Presentation with notes from BH EU - [Paul] - From the authors of Raw Glue AP

Other Stories For Discussion

Do good, not evil - [Larry] - J0nny has had a great impact on both Paul and I, so if you can help him with his mission...