Sunday, August 15, 2010

On the way back home

The trip is over and was definitely a success, sitting in BWI airport about to catch the first thing smoking back to Seattle via Air Tran. Time to fly home for another month until its time to head back to Maryland to do a ECSA/LPT training course.

Tuesday, August 10, 2010

NoVA Hackers

http://novahackers.blogspot.com/

I had the pleasure of attending a meeting last night.  Its these kind of events that make me wish that I lived on this side of the country sometimes.  The format is mostly 'lightning talks' but they were very informative and the atmosphere was relaxed.  The second best part to me was the talk about the recent DefCon CTF event and how some NoVA members participated (they didn't come in last by the way! ;)).  They shared their trials and tribulations preparing for the event, qualifying and subsequently competing.  Really nice stuff, I hope that they post their slide deck online.

The best part was being able to see CG and get caught up with him a bit, its been too long.  Hopefully we will be able to do dinner or something like that before I head back to Seattle on Sunday.

May Your Skill Prevail.



Training Tornado Dying Down

Three weeks of training across the United States (Washington State to Maryland, Maryland to Hawaii, Hawaii to Maryland and Maryland to Seattle) is coming to a close.  I'm spending the last week hanging out with a very close friend (surrogate younger brother!).  It turns out that I'll be returning to Greenbelt, Maryland next month to do an ECSA\LPT 5 day boot camp in a month.

Over the last month I have learned that it truly pays to account for 'variable change' especially when delivering custom content and that I'm not nearly as infallible as I thought. ;)  Its best not to put all of your eggs in one basket and works more smoothly when you distribute them in layered fashion to prepare for the inevitable snag in your game plan.   Its all part of a never ending learning process though and I plan on using what I've learned to improve the things that do. 

Until next time.

Tuesday, July 13, 2010

Lab - o - Matic!

Have you been wondering where I have been hiding all this time?  Well, providing labs for four classes and two info-sec workshops will make time for blog posting sparse. 

IS 315 Risk Management and Intrusion Detection: Wireshark Labs to cover the basics and core protocols (TCP,UDP, IP, ICMP, ARP, etc.) and special projects to build a Snort IDS and discuss sensor placement and risk management concerning the deployment.  Plans are to author snort signatures towards the end of the quarter if time permits.

IS 418 Securing Linux Platforms and Applications:  Some basic labs to brush up on Linux accounts and permissions did an IPTables to review firewalling.  Building on all this teaching SELinux...we have been covering the basics and tacking a few of the concepts, particularly MCS  and MLS models.

IS 316 Firewalls & VPNs: Started with IPTables and BASH shell scripting around that to automate the process.  Currently working on Packet Filtering and using OpenSSH Layer 3 VPNs.  Will graduate to pfSense (firewall, proxy and VPN) and possibly using the Cisco ASA as a firewall/VPN platform.

IS 413 Auditing E-Commerce and  Network System Implementation: The students have already had policy and auditing courses including another one the evening before.  We are using WebGoat and Damn Vulnerable Web App to learn about many of the web application risks that are out there.  Towards the end of the quarter we will investigate the audit trails and discuss writing strong policy around these issues.

On a Training Run

Headed to Greenbelt MD for a week to teach a CEH class, then over to Honolulu HI for a week to teach a CEH class then back to Greenbelt for a  week long CHFI class.  I suppose after that I will be allowed to return home! ;)

Sunday, June 13, 2010

Back to Business

Unfortunately my two week hiatus that is also known as a vacation is coming to a close.  As I will be back to providing training, I'm sure that I will be posting relevant material here.  Do I sound excited to be going back to work? No?  Really?

Updated Design Template

This should be pretty self explanatory and I hope that everyone likes it better than the previous ones.

Thursday, May 20, 2010

Metasploitable == Virtualbox

Last night I put together a Metasploitable Virtualbox appliance.  It includes the readme.txt provided by the MSF team as well as the .mf file has been deleted (all these manifest files ever do it make it take 5 times longer to import appliances and they fail half of the time).

You can scoop up the appliance at:


581,840KB
MD5: fa7d8304af40e1127dd690ad0159b5dc  metasploitable.tar.gz
SHA1:  1080f8389c1115cbdca1ce6cd5e910d4201e0bc8  metasploitable.tar.gz
RIPEMD160: b0c089861ca727439abc650de7bbb74243aa4b56  metasploitable.tar.gz

Enjoy!

Wednesday, May 19, 2010

RootWars - Day Three

Well, it would appear that we have a winner! Team One was able to obtain root access again and Team Two decided to just stay in a holding pattern until we wrapped things up for the evening. Understandably there was a great deal of frustration coming from Team Two. As time progresses it is my hope that the frustration resides and they can look back on it as a positive learning experience and that after a debriefing next week and an exchange of whitepapers both teams will have learned more about information security on Linux platforms. Among the skills displayed were some custom shell scripts, knowledge of shutting down unnecessary services, examination of backdoor source code as well as traditional talents such port scanning, netcat manipulation, etc.

All in all it was a good learning experience, I'll have to figure out ways in the future to make it different and exciting for disparate skill levels. Until next time.

May Your Skill Prevail.

Metasploitable

Looks like the guys over at Metasploit have a new addition to the family....Metasploitable. An Ubnutu Linux based distribution with built in vulnerabilities so that one can test the Metasploit Framework and learn how to use some of its functionality.

Many thanks for the creation of another useful and valuable tool!

May Your Skill Prevail.