Archive for November, 2010

 

B-Sides DE

Nov 07, 2010 in Security

[SecurePlanet Wiki][SecurePlanet RSS Feed][SecurePlanet RSS Vulnerabilities]

Just got back from B-Sides Delaware and it’s always good to see what other hackers are working on. For those who don’t know what b-sides is, it is:

Each BSides is a community-driven event built for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. – bsides

Best of all, its FREEEEEE.

So here are some of the talks that I went to?

1) Brian Baskin
P2P Forensics: Your Admin Knows Your Porn Habits

This talk was about how there are lots of reminiscences of artifacts from using kazaa, limewire and bittorrents. Even though you might think you delete those files, they still exist in a bunch of different places.

Want to join private torrent trackers? Use trackerchecker.com. Brian also pushed a new hackerspace in MD (http://www.unallocatedspace.org/).

2) Christopher Witter @mr_cwitter
Packet Capture and Analysis

This talk was all about packetcapture and what to do after you have all your pcaps. Pretty much pushing tools such as TCPExtract and using NetWitness. Give NetWitness a try, its free for pcaps under 1 gig.

3) Mubix
Mubix stopped by and did a little primer on meterpreter. He is coming out with a tool called SmartLocker (integrated in Metasploit) which is a better/smarter keylogger. Pretty much this tool will find and inject in the winlogin process, wait 5 minutes for idle time, and then pop the login screen. When the unsuspecting user logs in with his/her username and password, bam, game over. More to come on this.

4) Dave Marcus @DaveMarcus
Social Engineering and Target Profiling with 100% Accuracy Using Social Media and OSINT

Dave talked mostly about trying to track people via twitter, facebook, etc using GPS coordinates from their smartphone. Tools in mention are:
twitscoop, bing twitter maps (this tool is great!), trendistic, hashtag, picfog, fourwhere, openbook, backtweet. Use all these open source tools to stalk and track your enemies and friends…

5)Brad Bowers
The evolution of Evil – Changes in the use of USB devices as delivery mechanisms for malicious code

Just more on teensy. Try and stop them… it’s near impossible.

6) @theprez98
How to Pwn an ISP in 10 Minutes or Less (without really trying)

All about using shodan – shodanhq.com, to pwn servers. Make sure you make smart queries.

7)Jason Ross @rossja
WHOIS the Master – An Introduction to ShoNuff