July 28th, 2008 Anthony Towry
I haven't been up to a lot lately. I'm finishing out my term with my current employer, getting equipment ready for Las Vegas, and thinking about the viability of a few personal projects.
I have however found time to do a little reading. Over at the SANS Reading Room there is a paper titled Effectiveness of Antivirus in Detecting Metasploit Payloads by Mark Baggett. This is a really solid paper with some great work done by Mark. Mark takes the reader from a basic payload, to customizing options, to making use of the msfencode functions, etc. In addition to the authors goals, this paper could serve as a great jumping off point for pentesters wishing to make use of metasploit payloads instead of say the CORE agent. I wouldn't call it deeply technical, but it does clearly illustrate some of the issues with today's antivirus solutions.
Posted in Security | No Comments »
July 25th, 2008 Anthony Towry
Geekonomics: The Real Cost of Insecure Software
attempts to employ solid economic reasoning behind software defects that impact security.
Geekonomics was a finalist in the running for a prestigous Jolt Award, and not terribly expensive (coming in @ MSRP $30 and less than that most places), so I jumped on it. The case for this book in my mind is that it really speaks to the ideas of reaping what you create incentive for. The book explores EULAs, Open Source, cement, car crashes and plane wrecks. Read the full review
Posted in Books | No Comments »
July 23rd, 2008 Anthony Towry
So, if you haven't seen the details for the DNS flaw you can take a look here: http://www.ri0tnet.net/dns.html
Check out the information leak of the year. Oh, and patch those DNS servers. WWDKD?
Posted in Uncategorized | No Comments »
July 23rd, 2008 Anthony Towry
If you remember and I'm sure that you do, a while back some researchers at Princeton released a demonstration video of shaping encryption keys from frozen memory. They proved that RAM may not be quite as volatile as everyone had previously assumed. The tool they used is now public information. Great, great...so the hell what.
Another researcher had proved that through the use of a device with direct memory access (DMA) one could execute arbitrary commands by manipulating memory.
Access to memory + Crypto key shaping tool = pwned hard disk encryption without the need for a can of air and the ability to disassemble the computer (also sweet for 0wning the MacBook Air's smug little soldered on RAM).
Now, such a tool does not yet exist (to my knowledge). Fertile ground.
Posted in Hardware, Security | No Comments »
July 23rd, 2008 Anthony Towry
This past Friday the Defcon 405 group held the July edition of the monthly meeting. This round featured 0hm as our headliner. He presented a riveting talk on "Hardening Windows Server: Building a House out of Greased BBs". I taped the presentation and as soon as I coordinate slides, will post the video.
I also handed out a few samples of the latest homebrew.
The Ingredients for DC405 Truth Serum:
- 7lbs DME
- 3lbs Coopers IPA LME
- 1lb Crystal Malt
- 1lb Liberty Malt
- 1oz Saaz
- 1oz Columbus
- White Labs Dry Ale Yeast
So far it's been a pretty tasty beverage. Not my typical hop bombs, but I guess I can get used to it. Look for it at Defcon! 0hm and I will be attempting to dish out some nasty at the 0wn the b0x/0wn the b0x contest, find us there.
Posted in Community | No Comments »
July 17th, 2008 Anthony Towry
(IN)SECURE Magazine is back out with issue 17 hitting the stands. As always there are a few articles of note in particular. The first, Reverse Engineering Software Armoring is a great look at some of the ways that software can give the finger to a researcher. This is especially important stuff for those wanting to get into reverse engineering malware.
Second, Security flaws identification and technical risk analysis through threat modeling makes a thorough run through the basics of threat modeling and explores the area covered by a variety of popular methodologies. Very solid articles and I didn't even notice the vendor/product overload that I usually do...maybe I'm immune.
Posted in Security | No Comments »
July 15th, 2008 Anthony Towry
Metasploit is a tool that has forever changed the information security landscape. One would be hard pressed to find a tool as versatile, powerful and as supported in the hacking community today. On top of all that good mojo, it comes free of charge!
I get excited about Metasploit (who wouldn't). I wanted this book to match that excitement; To dive into Metasploit in new and exciting ways. It didn't. This book is written by some very smart guys, but goes about as deep as the average user guide. There's nothing new here really and most of what's discussed could be better absorbed through a few hours of playing with the application itself.
Overall this was a disappointment, one that could have been a whole lot better.
Posted in Security | No Comments »
July 15th, 2008 Anthony Towry
Friends, Wordpress 2.6 is out, which means support for 2.5 is dead. If you're running Wordpress and want to attempt to keep pace with the evil doers you probably need to consider upgrading.
Wordpress 2.6 does bring some new features worth a look, such as version control and theme previews.
Watch out though, during this upgrade my login appeared to be hosed. Clear your cookies before attempting to submit a username/pass combination to the new version. Cool right?
Posted in Site News | No Comments »
July 13th, 2008 Anthony Towry
Last year sometime after Defcon and the early stages of forming the DC405, a friend of mine (m00dimus) got me into participating with the Open Source Vulnerability Database Project. Since then we've had some big fun organizing mangle parties to promote project participation (even if we beat more beer than bugs sometimes) and we've made a significant contribution to the effort.
Over the past 9 months or so, I've gotten a lot out of digging into some of the vulnerabilities I've researched. I've passed a major milestone in my mangling, now sitting at 100.25 points! I do want to say thanks to the group at OSVDB for the new 2.0 interface, which cut the time for each submission in half.
Let's keep it rolling! Join OSVDB and get mangling!
Posted in Community, Projects, Security | No Comments »
July 3rd, 2008 Anthony Towry
Some bright expo coordinators have created a social network on ning.com targeted at Oklahoma's IT professionals. I'm still a bit skeptical as to if it will take off or not, but it's worth a shot. If nothing else this will be one more place for me to peddle DC405 meeting times.
I love things that encourage geek collaboration. It'd be great if an OKCBarcamp came out of this sort of forum. I guess we'll see if it blossoms, or stutters and dies. Check out the OKTechOnline.ning.com group here.
Posted in Community | No Comments »
