July 23rd, 2008 Anthony Towry
This past Friday the Defcon 405 group held the July edition of the monthly meeting. This round featured 0hm as our headliner. He presented a riveting talk on "Hardening Windows Server: Building a House out of Greased BBs". I taped the presentation and as soon as I coordinate slides, will post the video.
I also handed out a few samples of the latest homebrew.
The Ingredients for DC405 Truth Serum:
- 7lbs DME
- 3lbs Coopers IPA LME
- 1lb Crystal Malt
- 1lb Liberty Malt
- 1oz Saaz
- 1oz Columbus
- White Labs Dry Ale Yeast
So far it's been a pretty tasty beverage. Not my typical hop bombs, but I guess I can get used to it. Look for it at Defcon! 0hm and I will be attempting to dish out some nasty at the 0wn the b0x/0wn the b0x contest, find us there.
Posted in Community | No Comments »
July 13th, 2008 Anthony Towry
Last year sometime after Defcon and the early stages of forming the DC405, a friend of mine (m00dimus) got me into participating with the Open Source Vulnerability Database Project. Since then we've had some big fun organizing mangle parties to promote project participation (even if we beat more beer than bugs sometimes) and we've made a significant contribution to the effort.
Over the past 9 months or so, I've gotten a lot out of digging into some of the vulnerabilities I've researched. I've passed a major milestone in my mangling, now sitting at 100.25 points! I do want to say thanks to the group at OSVDB for the new 2.0 interface, which cut the time for each submission in half.
Let's keep it rolling! Join OSVDB and get mangling!
Posted in Community, Projects, Security | No Comments »
July 3rd, 2008 Anthony Towry
Some bright expo coordinators have created a social network on ning.com targeted at Oklahoma's IT professionals. I'm still a bit skeptical as to if it will take off or not, but it's worth a shot. If nothing else this will be one more place for me to peddle DC405 meeting times.
I love things that encourage geek collaboration. It'd be great if an OKCBarcamp came out of this sort of forum. I guess we'll see if it blossoms, or stutters and dies. Check out the OKTechOnline.ning.com group here.
Posted in Community | No Comments »
June 11th, 2008 Anthony Towry
Boys and Girls, Defcon XVI is just around the corner and it's time to start thinking about what to take, were to stay, speakers to see, and skills to hone. I thought I'd drop my extensive con knowledge. If you've never been to Vegas or Defcon maybe this'll be helpful. For a much better post, check out the official "Be Prepared" thread on the Defcon.org blog.
So, I've been to Las Vegas and Defcon a total of 1 times, so I'm an expert. Let's start with the location.
The Riviera (the Riv as the vets call it) is a great place for a convention and a fairly crappy place to stay. That said, first timers may benefit from being on top of Defcon at all times. Once was enough for me. The rooms are slightly less comfortable than a college dorm and for the money, you could wrangle something much nicer down the strip.
Other issues with the Riv is the food. There really isn't a good place to grab a bite. There is a food court with Pizza-Hut, Quiznos, etc., but you'll not find a world class buffet or other typical Vegas eateries.
What to take:
- Caffeine
- Alcohol (Suffer thy Guinness unto me!)
- Geek games and other crap (Whoever brought robot sumo last year...that was fun as hell)
- Sense of humor
What not to take:
- Unless you're participating in the contests, forget your laptop/backpack/fishing pole
Defcon should be sweet this go round, make the most of it. Crash parties, social engineer and make some friends!
Tip: Do Vegas stuff if you can find time. See the fountains, Fremont Street and gamble a bit. All the videos will be online in a few months anyway!
Posted in Community, conferences | No Comments »
April 8th, 2008 Anthony Towry
Yesterday I attended the mini-launch put on by the Oklahoma City Developer's Group and several sponsors. It was held out at Francis Tuttle Technology Center with an excellent showing of local .Net talent. Read the rest of this entry »
Posted in Community, Programming | No Comments »
March 3rd, 2008 Anthony Towry
The Google Summer of Code is back for another round. If you're a college coder looking for a great way to work for a non-profit open source organization this summer, check out the GSoC. For the rest of us, we can sit around and wait for the new developments to be added in to our favorite projects.
OSVDB has posted some of their ideas for the GSoC. Check out some of the interesting stuff there.
I like the OSVDB Port Listing Project suggestion. Initially I didn't think much of this, but the possibilities for integrating this with firewalls and IDS systems could be really cool.
The other suggested project I found interesting is the idea of creating a Vulnerability and Patch Management Portal with OSVDB. Vulnerability management practices are going to become increasingly important in the coming years and tools like this should be well received.
My only issue is that, if I were handling vuln management for an organization I wouldn't be particularly keen on storing any information on my organization's current patch level, schedule, etc. out on the internet.
The Summer of Code projects are interesting, inspiring and great way to get some more attention for community oriented projects. I'm looking forward to seeing what gets done this summer.
Posted in Community, Programming, Security | 1 Comment »
December 13th, 2007 Anthony Towry
Jake Kouns of OSVDB recently sent around this e-mail:
Just a quick email to let everyone know that we have started the 2.0
upgrade. The new site, with all new (and very cool) data management
interface will be online Friday night. In the meantime, kick back and relax!
So if you haven't signed up to do some vulnerability research yet this is a great opportunity to get in on a new era with a killer project.
Posted in Community, Security | No Comments »
November 24th, 2007 Anthony Towry
The DC 405 meeting for November covered the ins and outs of wireless security. n0mad presented some interesting things involving high-end countermeasures and solutions to common wireless deployment problems. Check it out online at blip.tv.
Posted in Community, Security | No Comments »
October 27th, 2007 Anthony Towry
If you've listened to my last podcast you know I missed the first gathering of the newly formed DC 405 group. Luckily, 0hm was there to shoot and edit the talks and has made them available at http://dc405.blip.tv
Some notes on the technologies behind ri0t's part of the talk: Read the rest of this entry »
Posted in Community, Security | No Comments »
