This episode is sponsored by Core Security Technologies, helping you penetrate your network. Rock out with your 'sploit out and check out the client side exploit and web application testing modules! Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.
This podcast is also sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notibly the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Direct Feed subscription for immediate access to new Nessus plugins, and compliance checks” Tenable – Unified Security Monitoring!
Announcements & Shameless Plugs
Live from the PaulDotCom Studios Welcome to PaulDotCom Security Weekly, Episode 117 for August 10th, 2008
Welcome to PaulDotCom Security Weekly, a show for security professionals, by security professionals.
- PaulDotCom SANS Click-Through - Go there, register for fabulous SANS training! Go now!
- ICE (Integrated Cyber Exercise) - Oct. 1-3 at SANS Las Vegas!
- Larry and I will each lead a team, names to be announced
- Attendance and participation is FREE, come join one of our teams!
- 4 Networks, 1) Attackers 2) Defenders 3) Public/Internetish 4) Spectator Room
- Looking for food/drink sponsor
- Featuring wireless, voip, and SCADA!
- Help support pauldotcom with your donations. Visit http://pauldotcom.com and press the DONATE button.Note: Thanks to listener Ken for the donation!
- Paul is in Boston, TA for 560 and 401 bootcamp, giving keynote: Things That Go Bump In The Network: Embedded Device (In)Security. This keynote will also be given at SANS Las Vegas in addition to SEC535, Network Security Projects Using Hacked Wireless Routers!
Larry will emerge from his drunken Defcon adventures to tell us all about it! (and try to remember what little pieces of technical information and tips he can muster, which to give you warning, are few and far between :)
Mini-Tech Segment: Security Tips For OS X (Or really any operating system)
I want to explore this topic in more detail and get down to the nitty gritty as I covered the high level details on the Typical Mac User Podcast and on the monthly webcast this July. I made a blog post titled Top 5 Mac OS X Tips, so check out some of the details there!
Stories For Discussion
Bypass Memory Protection: Impress Girls? - [PaulDotCom] - Lets face it, with our field doing well, being able to pay the mortgage is all you need to impress the ladies and is far more attractive than memory protection by pass :) However, I am slightly aroused after briefly reading through the slides..
Auto-Immunity in 802.11 - [PaulDotCom] - Some pretty neat attacks here, such as spoofing the broadcast address and tricking the AP into dis-associating all clients. DoS is fun, and disruptive, but don't dismiss it. It can be used quite effectively as a part of a larger attack. Many other wireless attacks, such as ones against WPA-PSK, require that you grab some of the intial handshaking. Also, what about security cameras/systems that use wireless? DoS in this scenario is bad, in additional to hospitals that ise any 802.11 for monitoring devices, etc...
Meta-Post Exploitation - [PaulDotCom] - This presentation is one of my favorites this year! They address some issues that are important, such as password management post-exploitation. This is so key to a successful pen test, and can often lead to the difference between "success" & "FAIL". What do I mean? Sometimes its like the new Kung Fu student, they come into the school and are excited about learning and exploring kung fu and martial arts. They then reach for a sword or a staff, wield it around, and most often crack themselves in the head or leg by accident. They don't know what kind of weapon they posses, and neither do you on a pen test unless you manage passwords well. How do you determine if you are holding the keys to the kingdom or the bathroom key? Good password, or even better, credentials management. More on this presentation in future episodes as I digest it and watch the videos...
Booting Direct From SD With OSWA - [PaulDotCom] - Dave maynor on how to boot directly from SD, no USB required! EEEPC is nice, travels well, and the OWSA framework looks interesting, however, I want Samurai first..
Samurai - WTF - [PaulDotCom] - Samurai from Kevin Johnson has been released! I have not tested it yet, but its on the list.
iKat - Interactive Kiosk Hacking Tool - [PaulDotCom] - This is neat, and while touted as something kiosk vendors should use to test their systems, it will undoubtedly be used by bored teenage hackers everywhere. And of course by legit pen testers like ourselves :) Its a great idea, can't wait to test it out! (I have not yet, makes you wonder just what I HAVE been doing all week, doesn't it? :)