2011
10.30

Although I’m quite aware this subject has probably been blogged to death, this entry serves two purposes. For one my memory is shot and I need to write this somewhere to help me not forget. The second is the simple fact that this site is, after all, for the beginner.

Imagine yourself the following scenario:  You’re at work (or one of your clients) and you need to RDP out to your place.  Then you remember port 3389, amongst others, are blocked from going outside the corporate network.  What does a bored admin do…? What will he do?  He organizes ahead of time so as to be able to connect home using a SSH Tunnel.

Read More >>

2011
09.24

Hackfest_ca 2011

Hackfest.ca Quebec’s finest and largest Information Security conference (and according to statistics one of the bigger ones in Canada) is set for November 4th & 5th.  This year promises to be as exciting as the years previous. Great sponsors, good roster of speakers in both English and French and some good prizes up for crabs during the evening events. Check their website (link provided above).

For those that are not familiar with Hackfest, I’ll do my best to describe the experience, the atmosphere and the overall “feeling” of the event. This from my point of view and by comments made by others while I was their in past years.  Although I have never attended any other InfoSec convention (Defcon, BlackHat, Brucon etc), I have been to many IT related convention and others.

First thing that pops out when one sets foot at Hackfest is the crowd.  Every year it just keeps getting bigger and yet still has that small personal feel. Everyone is open to discussion, nice and polite to each other. We are all there for a common purpose, to share and learn from one another. I’ve seen people that are normally so shy they have trouble talking to their own shadow. At Hackfest they open up and spark conversations with perfect strangers. That in my opinion is a strong point for any convention. The environment makes you feel invited and welcomed.

The talks are, of course, interesting. A wide range of topics are always on the table. From the legal perspective to the actual demonstrations and theories displayed on large screens. Having a broad selection of topics makes the convention accessible not only to the IT guy or gal, but also to management that may want to understand more on whats going on behind the scenes when it comes to IT security.  Another good thing are the talk’s languages. Being in Quebec Canada, the predominant language up here is French. I must add to this, a good percentage of French speaking Quebec are either bilingual or have an excellent understanding of the English language. So this opens up the convention to foreign speakers (either from the US or UK) without any trouble. And lets face, if one is going to work in IT you have no choice really to understand English in the first place. I have to mention the language issue, seeing the wide spread misconception that Canada and/or Quebec is French speaking only… it is not. Last thing about the speakers, and the way the convention is setup, they are available to the public after their talk… And usually available at the bar during the evening’s event.

A few comments from speakers past range from (paraphrasing here) “Great little con not too crowed so we can actually hear ourselves speak” -Mick Douglas 2009 to Mike Kemp’s comment (2010) “This is like Defcon’s little brother much better then the one in Toronto…”  Many speakers actually participate in the events, so that alone shows their enjoy it. They wouldn’t stay otherwise no?

For the atmosphere and setting, well the convention is held in the beautiful city of Quebec. Although in November it is on the cooler side of the thermometer, it’s nothing a heavy sweater won’t fix. The city has many attractions such as historical monuments and great restaurants if one wishes to go out for some site-seeing.

Finally the glue that makes this event hold together and possible are of course the organizers. The hard work these guys put into this thing is impressive… probably obsessive.  Sharing information about information security is their primary motivation. They don’t do it for fame and fortune and it shows.  They accept suggestions and help from anyone willing to put some time. They are open and very accessible outside the event as well. In a word “human”. Very nice humans at that I must add. I’ve had the privileged to meet them on several occasions, and contribute (in my own small way) to this event.

In a nut shell, everyone can/will/would enjoy this convention. It may not be 10,000 strong like Defcon, but one must remember it had humble beginnings as well. Everything starts small and as long as the quality is present the quantity will eventually follow.

I really do hope that more people outside the Quebec InfoSec community will come this year and in future years. Hackfest deserves to be on the map along side it’s US counterparts. Pretty sure there’s enough room to share.

Hope to see you there.

-Steven McElrea
aka loneferret

2011
09.01
Metasploit The Penetration Tester's Guide

Front Cover

A few weeks ago, I ordered the MSF pentest guide mostly authored by the Offsec crew (www.offsec.com).  Hailed as the best MSF guide, and highly praised by the project’s founder H.D Moore this guide does live up to the hype.  I rarely find an IT book that can be read cover-to-cover, especially one that is as specific as this one.

The book covers the framework’s basic functions as well as more advance ones.  It does this by taking the reader through a mock penetration test on vulnerable systems; Windows XP SP2 & Ubuntu 9.04 for example.  Some may criticize the OS selection, saying “what’s the point”, but they need to keep in mind the object of the book is the tool and not “how to hack”.

New and old users to Metasploit will appreciate this work. It covers the basics in such a way as to not lose the new comer’s interest, and for the veterans it may serve as a good refresher on certain auxiliary modules.

The guide starts off with basic setup of the tool, setting up with a database for record keeping.  Moves on to the scanning capabilities; features such as using NMAP straight from the application’s console.  Scanning for mySql or MSSql databases from the console using MSF’s built in features.  Loading and running exploits against found targets, encoding payloads to avoid anti-virus detection, pass-the-hash attacks and so on.

It also convers porting existing exploits to Metasploit and meterpreter scripting. Fast-Track and SET (www.social-engineer.org) are covered as well in later chapters.

Even if this guide is a shade under 300 hundred pages, I must say it covers Metasploit very well.  It could have easily been a few hundred pages longer, but then how good a read would that have been is unsure. For new users to the framework, this book coupled with Offsec’s Metasploit Unleasched WiKi  is great, provides enough material to have a firm understanding.  As for the veterans, they may skip a few chapters but I’m convinced some of the pages will hold their interest.

The book is published by No Starch press, and can also be purchased from their web site directly.

One last note on the authors and the work they have done. Lots of time and effort was put into this.  Seeing they are not professional writers (people that make a living off writing books), I must say they did a great job.  Pretty sure writing and compiling such a book together is no small feat.  Hats off to them…

2011
08.26

Generic Letter one can use…

Been awhile, unfortunately life throws a few curve balls once in a while. So this post isn’t “security related” but still can be useful for some.

In any letter campaign, a few keys to success are to have a good letter, proper English and staying polite. This last point is difficult at times when one is campaigning for something they take to heart. Staying polite will usually insure that the receiving person will keep on reading. A perfect example is “theprez98” recent letter to MIS Training Institute concerning their 2nd Annual ICT Security Africa Summit. So I’ve taken the liberty of using theprez98’s letter and modified it for Greg’s latest conference appearance the 2011 Techno Forensics Conference. All one needs to do is sign and send to the email address provided by attrition’s recent tweet.

—————————————

Good day,

I noted with particular interest on your homepage (http://www.technoforensicsconference.com/) that you have Mr. Gregory Evans listed as one of the speakers for the “Digital Forensics Conference” this November (http://techno-forensics.com/agenda).

Mr. Evans proudly claims his status as an ex-hacker (and ex-felon), but there is a much deeper (and more recent) history that you should consider before allowing Mr. Evans to speak. I would like to point you to a web page (http://attrition.org/errata/charlatan/gregory_evans/) that details multiple issues with Mr. Evans conduct over the past few years, including multiple counts of plagiarism, multiple legal and financial issues, multiple lies about the certifications he holds, and much more. Added to that, Mr. Evans has repeatedly threatened those who criticize him, and frequently claims any criticisms of him are attacks against his race.

 Additionally, I would like to point you to the video from CBS News Atlanta, who exposed much of Mr. Evans fraud this past February. This video can be viewed here: (http://www.youtube.com/watch?v=O3Ms8UZnOoA).

 I believe that after learning more about Mr. Evans background, you will come to the conclusion that it is not worth the reputation of your conference to extend him an invitation. Mr. Evans is a stain on the computer security industry and that stain goes with everything he touches. Please do not allow your conference to be blighted by Mr. Evans association.

Please note that I have nothing to gain from writing this email except the assurance that I did the right thing in letting you know about Mr. Evans’ past.

Sincerely,

<Your name here>

 

—————————————

If you wish, you can just copy past and sign your name at the end. Here is the e-mail address you could send it to: jkirkpatrick[at]viconpublishing.com

As mentioned on the theprez98’s site. I also have nothing to gain from this, nor has Mr.Evans ever contacted me etc etc etc.

UPDATE:

oops, forgot thx theprez98 for this. You really did write a proper letter (e-mail) for this type of thing.

<ps: I just woke up here, no my english may not be great at the moment.>

2011
05.29

Well… We’ve been hacked

This morning wasn’t a great one for us here.
When I logged on to our site to see this as our main page:

Kioptrix Defaced

Egg on our faces I guess. We are still investigating the cause of the hack. No real damaged was done besides our egos.  Nothing was deleted besides a few php files here and there. Seems that the French part of the blog was the hardest hit.  We are aware of a few possibilities, but before I venture a guess on how everything played out I’ll just leave it at that.  Once we take the time to figured the exact root of the problem, be assured we’ll share it with everyone.

To ATesS, the person or group claiming responsibility for the hack.  I really don’t have much to say unfortunately.  Good job? euh…  not really.  I don’t see the point of defacing low profile, small time sites like ours.  We are far from being popular, and never proclaimed to be expert security people.  From the beginning we’ve been saying we are enthusiast and nothing more.  So the reason for the attack is lost on us.  Can we appreciate the work you put into this?  I suppose so.  Time and effort was obviously put into doing this.  Effort, in my opinion, that could’ve been put to more constructive and legal activities… but that’s just me.  So enjoy the time the site was “down” or “defaced” which wasn’t for very long I must say.  Hope you got a kick out of it, but really get a girlfriend and get laid it’s way more fun  ;)

This must serve as a lesson to all.  A good backup solution is a must… I speak of experience.  Recently I lost hundreds of baby pictures due to a hardware failure.  The irony was, I was performing a backup at the time on an external device (I was able to get them back).  Not only did I lose baby pictures (of my first born mostly), we also lost our e-mail server.  We are slowly putting things back to normal.

On to good news now.  I’ve been away from some time now due to the birth of my son.  He’s (at the time of this writing) 5 weeks old.  Becoming a father all over again is a great feeling.  My daughter will now have someone to play with soon.  No plans for a third… lol

So until I get my hardware issues fixed, and family life back to “normal” my posts will be few and far between unfortunately.
Thanks for your support.

Have a good one,
loneferret