HTTP/1.0 200 OK
Server: MochiWeb/1.0 (I'm not even supposed to be here today.)

Nothing new, or ground breaking here, but gave me short lol in the midst of the daily static.

At any rate, the tournament is coming up in a couple weeks, so register if you think your Fu is strong enough.  Free training is the prize, and it is well worth it.  The training I took last year consisted of some text and video that walked you through all aspects of a successful pentest using BackTrack… hence the title “Pentesting with BackTrack.”  Along with the course materials, I had 2 months access to the Offensive Security Lab which consisted of several targets to practice my newly acquired knowledge on.  I was even provided a lab machine to do some exploit development on.  Yes, you will learn the basics of fuzzing and writing your own exploits.

The final exam was to conduct a pentest.  You have 24 hours to successfully penetrate a new target network.  The lab and the exam were both great and my only regret is that I would love to have more time to hack at both networks.

I’m confident the Tournament will be a quality event that will be well worth the time of anyone who decides to sign up.

I’m continuing on to achieve my Bachelor’s by next summer and I hope to obtain another certification or two this year.

So, if anyone is looking for either an entry-level infosec position, or an experienced sysadmin position, check out my resume and drop me an email.

Another resource I’ve found but haven’t spent much time on is Webster’s Art of Assembly Language, which basically amounts to a list of other useful resources, including useful resources for Win32 Assembly.

Since my focus is on exploit development, the Assembly Language Primer for Hackers on SecurityTube is also an excellent resource.  This is a video resource that walks you through the basics of assembly, the stack, and eventually moves on to another series that gives the anatomy of a Buffer Overflow in the Buffer Overflow Primer.

And of course, if you ever need more resources, there’s Google.

Anyway, I should also point out that even those I hang out with regularly have little interest in IT Security.  The InfoSec world is not made up of a bunch of lone geeks hacking away in their mom’s basement as Hollywood might have us think, it is actually a thriving community of geeks who love to get together and share information ( and party!).  If I really hope to make it in the IT Security career I need to get involved and network with the community.  Since there’s no local group for me, I won’t get any real face time with people except at some of the national cons that are spread out across the globe throughout the year.  Of course, I can make plenty of connection on teh internets, and I suppose I’ll include that as a sort of sub-goal to this one.

As far as competing goes, it’s another opportunity to test and improve my skills, plus if I do well it’s something I can point out on a resume.

So, rather than driving down to the local bank and cracking their wireless encryption then gaining access to their servers and looking at people’s personal information, it would be far easier (and way more legal) to setup a hack lab at home with servers and such I can hack away at.  So I’ve got a server already that I took to work with me to fill in for awhile, but now that we’ve upgraded our hardware there it is no longer needed and I can use the hardware I bough myself for my own purposes.  There are several ways to put together a hack lab, but for simplicity sake I’m starting out by using the resources at http://www.de-ice.net/.  De-Ice offers several live linux CD’s with pre-configured hacking challenges on them.  So I simply pop the CD into my server, boot it up, and let the leetness begin.  Once I’ve obtained my goal, I can move on to the next challenge.

Once I’ve completed all the De-Ice challenges I’ll have to look around for other similar services, if there are any.  And if there aren’t, I’ll just have to come up with some of my own scenarios.  Meanwhile, there are various online challenges, such as Mod-X I can also conquer.

I hope later in the year to have the time to compete in NetWars and score some points.

http://www.securityfocus.com/bid/32703/discuss

For those who have no idea what any of that means, I’ll try to break it down more.  Whenever you visit a website and there’s a box that you type in and then click a button, what you enter into that box is user input.  This could be the search box on Google, or the Username box when you login to your email.  Either way, the code on the backend takes what you enter and does something with it.  Without any extra work by the developer of the web page your visiting, that box will accept any character you enter, and basically enter it into that pages code as if it were always there, typed in originally by the page designer.  So, lets say we have a textbox called username, and some code that accepts the username then logs in.  The login page has a variable called $Username that whatever you type into the username textbox gets put into.  So if your username is bamed, the code will look like:

Select * from users where username=’bamed’;

Notice, the word bamed is inside single quotes (‘).  Here’s where a simple SQL injection might work.  Instead of typing bamed into the username box, I type bamed’;Insert into users (username,password,admin) values(‘pwned’,’secret’,'True.  Now the code sees:

Select * from users where username=’bamed’;Insert into users (username,password,admin) values(‘pwned’,’secret’,'True‘;

So the page will actually execute what I typed into the login box, even if my login credential aren’t correct, becase it sees the single quote(‘) that I typed in as the end of the first statement and runs the second statement as if it were something put in there when the page was first created.  BTW, this is just a proof of concept example and won’t actually work!  If you don’t understand SQL, which is the scripting language of databases, what I did was tell the database to add a new record in the users tables for a user names pwnes with password secret who was an administrator.

Anyway, more details on the WordPress attacks can be found at http://www.guardian.co.uk/technology/blog/2009/sep/05/wordpress-hacked-blogs-threat

I’ll let you know how it goes.

A HoneyNet is a network designed to be hacked, but isn’t actually connected to any real data.  The point is to lure in an attacker.  Meanwhile everything on that HoneyNet is monitored and logged in detail.  A HoneyNet serves two purposes.  One is an early detection system.  If someone chooses to target your company and they start researching and finding targets, the HoneyNet should make an appealing target to begin the attack on.  Like I said, it’s designed to be easily hacked.  The other benefit of a HoneyNet is to discover new techniques being used so you can protect your REAL network before those techniques are used on it.

After an overview of the technology Sean talked about using criminal science techniques to learn about the person behind the attack.  He talked about doing some profiling, and things to look for to determine if the attack is targeted against your company or if it’s a bot  You should be able to tell if it’s a pro, or a script-kiddie just playing around.

To be perfectly honest I was tired, and had trouble staying awake during the presentation, but the content was good, and “when I have time” I may setup my own HoneyNet.

The second presentation that I was really interested in was Turn-Key Pen Test Labs – Thomas Wilhelm.  Thomas is the guy behind http://www.de-ice.net.  OK, to be perfectly honest, I sat in my room and tried to watch this one, but slept through most of it, so I can’t tell you much about the actual presentation, but Jeffx told be a bit about it and I’ve gone to the website and I’m pretty excited about this.  De-Ice.net has LiveCD’s that are designed to be used as a penetration-testing lab.  So you download the ISO, burn the CD and boot up computer1 with said CD.  Plug computer1 into a router, then plug in another computer.  The site suggests computer2 is booting off BackTrack(another LiveCD).  Setup the network as described on the forum, then read the scenario.  Your goal is to hack into computer1 and discover some key nugget of info.  I downloaded CD1 today and booted it up, then started checking it all out.  Unfortunately, I was busy today and only got about 20 minutes to look it over, but I’d say this is a great idea, and it looks like Thomas knows what he’s doing.  This is a GREAT resource for someone who wants to learn penetration-testing, without breaking any laws.  I suggest you go to the site and check it out NOW.