Ok, it’s not to you, but it is to a good cause. Here is their blurb:

Hackers for Charity helps non-malicious hackers gain valuable job experience by putting them to work on projects for charity. They also build computer classrooms to help children and adults break the cycle of poverty through empowerment training, and feed children with funds raised by sales of Johnny Long’s books.

This month, I thought that it would be fun to partner up with Hackers for Charity in order to raise money for the people of Uganda. The Academy has offered to donate $1 to Hackers for Charity for every user that registers for a free account at www.theacademy.ca for the entire month of November. If you’re a registered user already please forward this email or post it on a blog. Anything you can do to spread the word would be greatly appreciated. Let’s try to make a substantial donation to charity this month. Thanks everybody!

So head on over and sign up. It’s free and you can feel better about yourself. Plus you can help me in my goal to make The Academy’s Director broke.

So I have graduated from the black and green standard hacker theme (with forest header) to a much easier to read and iPhone friendly theme. I have also added a few things to the site. Probably the most noticeable is the new logo. The logo was the created by my good friend TestMAD. He is a starving graphic artist that runs the IRC network ThinStack. He also supports a number of other projects like Geekcred, and Wess Tobler’s new project, Unpersons.

Haven’t had enough conferences yet? First, thanks to everyone who entered through email, twitter and commenting on the CSI give away. Second we do have a winner so please stop the flood. But, on to the show.

The SC World Congress, Dec. 9-10, 2008, at the Javits Convention Center in New York is offering a dicount code to all readers of SBN (Security Blogger’s Network). But what is “The SC World Congress” Here is what they say:

_The SC World Congress, presented by SC Magazine, is the conference and expo that information security professionals won’t want to miss.

Faced with the challenges of safeguarding their organizations’ customer data and intellectual property, complying with a long list of regulatory demands, and staying abreast of new threats and even newer applications, these pros will find at the SC World Congress expert insight and advice they can use. Over two days of plenary sessions, targeted panels and an instructive expo floor, the SC World Congress features the actionable, inside information that IT security and corporate management needs to safeguard their company’s critical assets from threats, such as malware, targeted attacks, careless — or malicious — employees, and even careless executives.

At the SC World Congress, attendees from all the major verticals — such as finance, health care, government, and more — will gain insight from industry leaders and fellow security professionals as SC Magazine explores the need-to-know topics that help IT security professionals do their jobs better._

Here’s the blurb on how to get a discount:

“35% discount against the conference rates for all of your blog readers. Just ask your readers to enter the promotional code BLOG1 (for a one day pass) or BLOG2 (for a two day pass) when they register at www.scworldcongress.com”

If you are in New York or can get your company to pay the full fair (wink wink) then you are set. I took a quick look through the speaker’s list and didn’t recognize any names, but that doesn’t mean much. The price points are as follows:

$1095 – Conference Two day pass

$795 – Conference One day pass

FREE – Expo only pass

FREE – Exhibitor registration

COMPLIMENTARY – Press (Press ID required on site)

What is CSI? This is what CSI says about it:

Security is in transition. There is general agreement that security does not work, but not on how to fix it. CSI 2008 is the only event today that faces the challenge to reconsider security. This year at CSI’s annual event, the most innovative minds in security will grapple with the tough questions, providing a reality-check and alternative to cookie-cutter conferences that merely tweak the status quo.

I haven’t been to CSI yet, but I will be going this year and it seems like an outstaning conference. Far from ShmooCon but still packed with rockstars such as Jeremiah Grossman and Andy Willingham.

Cool, but what is the title about?! Well, I, along with each of the other SBN members have been authorized to give away a free conference pass! All you have to do is name the DLL that was patched in MS08-067. First person to get that answer to me, be it IM, email, or twitter, wins the pass.

Ok, what if I don’t win, can I still get something? Sure! Use the coupon code: BLOG25 to get 25 % off your admission. TIME IS LIMITED. This conference starts the week of November 15th.

http://www.csiannual.com/ for more details.

What do I get out of this ad? Nothing, I was already going. See you there!

We have a winner! – But that doesn’t mean other SBN members aren’t also giving away free passes: http://www.mckeay.net/2008/10/31/tell-me-your-security-or-it-horror-story-and-win-a-pass-to-csi/

Hi, and welcome to my trap. I see a ton of searches of just your type on my site on a daily basis. Lets get down to ranting.

Maltego is an awesome tool, it’s also GIVEN AWAY for FREE.. As in beer, which they allow you to use their servers to do your stupid little ego searches on. STOP TRYING TO STEAL IT.

Offensive Security 101. This is by far the best course / certification that I have attempted thus far in my career. It is informative and challenging. STOP TRYING TO STEAL IT.

Just to sum up a bit and not sound like a total ass. I fully support the use of torrents, for many of it’s uses. I do not however support the torrenting of projects such as this. The Offensive Security people contribute day and night with the development of BackTrack 3, which is again, free. Paterva also gives away the use of their Community Edition of Maltego for free. 

Instead of just taking from the community like the leech that you are, try contributing something. 

</rant>

Those who frequent my blog, I am sorry, this rage is not intended for you.

Recently there has been a lot of people in my scope that have been wondering about what “hacker” or security related podcasts are out there. iTunes does a horrible job at categorizing anything past “Technology”. That is where Hacker Media.org comes in. Not only can you get the main feed of ALL the hacker/security related podcasts out there, you can get even deeper. Droops, the maintainer of said monster, makes it so you can pick and choose what kind of shows you want to see by having individualized feeds based on categories, and as shows come and go from those categories the feed changes with it. Like hardware hacking, phreaking, linux, or just a stubborn BSD junkie. The other thing is, each show might belong to multiple categories

Your search is over, check out http://www.hackermedia.org/ and drop one of the feeds into your pod cruncher of choice. Another awesome way to use this resource is dropping the feeds into Google Reader. Now you take the iPod out of the equation and you can keep up to date and play all of the shows you love directly from your browser.

EDIT: Switching something from “DRAFT” to “PUBLISH” is a really important step. Sorry guys.

Let me preface all of these tools with, the fact that some don’t come “portable”. To make them so, I have dropped the installer / setup file into Universal Extractor and then cleaned up the directory.

• PortSwigger’s Burp Suite - http://portswigger.net/suite/

  • This tool is essential to any web application security guru’s tool belt. If you haven’t used it already it is time to get schooled up on this wreaking ball.

• Network Miner - http://sourceforge.net/projects/networkminer/

  • Takes a live feed, or a pcap file and dumps files, frames, and runs p0f. It even allows you to do searches for keywords like “password”

• NZB-O-Matic Plus - http://www.bunnyhug.net/nomp/

  • I swear by this tool for downloading NZB files. Now other people us hellanzb on Linux. There is another one that was even more recommended for Linux but I can’t remember it at the moment. I’ll find it and post it to Mubix’s Links or if someone wants to comment on this post.

• Wootalyzer - http://www.wootalyzer.com/

  • Woot.com has one awesome deal each day that shows up like clock work at 1 AM EST, and always 5 dollars shipping. (Yes, even if it is a 60 inch plasma). And if you get as addicted to Woot as my family has, this application is a must.

• FastStone Capture - http://www.faststone.org/FSCaptureDetail.htm

  • Still hands down the best screen capture utility known to man. You can still find the Freeware version out there if you look around a bit. The built in editor, ruler and color picker just add to it’s awesomeness

• HFS (HTTP File Server) – http://www.rejetto.com/hfs/

  • Always at the top of my list, this tool has been my most valuable asset on my USB keys for a couple years now.

• Looking Glass - http://portal.erratasec.com/lg/

  • A tool by Errata Security, it’s designed for checking files on Vista to see which ‘advanced security’ features aren’t being used, such as ASLR, NX and unsafe functions (swprintf)

• MobaLiveCD - http://mobalivecd.mobatek.net/

  • Allows you to boot a LiveCD within your Windows environment using QEMU. Booting Back Track 3 works but the networking side is a bit flaky. Can’t wait to see where this project goes.

• Process Explorer - http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

  • If you haven’t switched out Task Manager with Process Explorer yet I think you have been living in a cave…. Well, get to it! In fact, put the whole Sysinternals Suite on your usb stick – http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

• GoPC – http://www.gopc.net/

  • I haven’t had to use this that much, but when I have it has come in really handy. Best way to describe it is a remote desktop that you don’t have to maintain. You can install the app on your USB stick and be ready to login at the drop of a hat. It uses port 22 to tunnel the connection automagically.

• sbd - http://www.cycom.se/dl/sbd

  • This awesome gem was the result of taking the Offensive Security 101 course. It’s a netcat clone that adds some nice encryption features to the mix as well as being less detected via VirusScans.

• SmartSniff - http://www.nirsoft.net/utils/smsniff.html

  • This tool is on the list along with all of the tools by nirsoft, because of it’s portability. I can fire up SmartSniff, look at the packets there, or dump them to a pcap file for inspection via WireShark or Network Miner later.

• –=Xploitz=– Master Password Collection - http://thepiratebay.org/torrent/4017231/–Xploitz-Master_Password_Collection

  • This is an awesome collection of password files, extract, combine, sort, uniq and you have about a gig worth of passwords to check against.

• Peer Guardian - http://phoenixlabs.org/pg2/

  • A must have for anyone torrenting files, legal or not. Plus the fact that you can make your own ACLs makes it an instant win. When I am in an airport I usually fire PG2 up with my ‘local’ ACL list and have it block everything but my gateway and DNS.

• Proxifier PE - http://www.proxifier.com/

  • One of the only tools that I would recommend spending money on. There really isn’t anything out there like it. You can instantly proxy any application you want, or all applications. Anyone up for some Hak5 LAN Parties, from work? Word of advice, bring headphones and don’t use voice chat.

• PS2DIS - http://www.geocities.com/SiliconValley/Station/8269/ps2dis/

  • Originally created for PlayStation 2 hacking, and yes, still hosted on GeoCities. It is a great way to start looking into HEX editing for free.

• Recuva - http://www.recuva.com/

  • I have used many different undelete programs and this is the one that made to to my main USB stick. Consistently found and was able to recover more deleted files than any other out there.

• WinShove - http://tombell.org.uk/blog/projects/8

  • Sweet little program by Tom Bell that takes away the painstaking annoyance of having to find the title bar to move a window around, by letting you use any part of the window.

• Universal Extractor - http://legroom.net/software/uniextract

  • Ever had a file that you couldn’t extract for one reason or another? Well this baby is the cure. It extracts almost everything, including most installers which leads to a lot of my installed apps becoming ‘portable’

• BareGrep and BareTail - http://www.baremetalsoft.com/

  • Grep and Tail for windows, free and portable. Need I say more?

• SIW - http://www.gtopala.com/

  • If you ever wanted to absolutely everything about the machine you are on, and be able to dump it to a file, the is the tool. But it doesn’t stop there. Check out the Tools menu option for the real hotness

• SoundCardPicker - http://www.phasequest.com/soundcardpicker.htm

  • This tool hasn’t been updated to even recognize the existence of XP, but it still works on XP. I don’t know about Vista. But I get real tired of going all the way into my sound settings and changing the Default Sound Card, every time I want an application to use a different one. This might be uniquely my problem, but then again, it may help some of you audiophiles out there.

Thats all for now folks. I will add more later as this is by far not a complete list and fix the USB Goodies page when I publish the torrent and updated list.

So there I was…

Today I was sitting at home watching Irongeek’s post of John Strand’s talk Defense In Depth is Dead, Long Live Defense In Depth. And I had one really evil thought:

Someone (such as Bob), could sit at an airport. We all do this it isn’t difficult. He could then turn on his laptop and connect it the airport wireless. Another task, difficult for some, but lets go with Bob being able to. Bob then, pulls out a Fon with Jasager on it. He then connects it to his newly started laptop running evilgrade. Bob’s setup for evilgrade installs and runs the USB Hacksaw payload. Now, every computer that is duped into connecting through Jasager automatically installs a payload that will copy and send all data from any inserted USB stick to… This post is already evil enough, so I will leave it up to you to figure it out. That is also why I haven’t included any in-post links.

For the cost of an airline ticket, Bob has possibly infected and/or circumvented your whole defense in depth strategy.

In closing. Don’t be like Bob. Bob is in jail.

I got an overwhelming response to me stopping the social engineering challenges, which far out-shadows the large response I got against the challenges. In other words, the “AYE”s have it. As soon as my Maltego series comes to a close I will be starting the challenges back up again. Thank you for your support and I look forward to the continuation of the challenges, I really had fun with the first one.

Also, if you have ideas for scenarios, please email me or hit me up on twitter. Include as much detail as possible, especially with the answer. Or, if you want to, leave the answer out, and we’ll see what we come up with.

Thanks again,

mubix

If you haven’t heard already about Jasager.. well you probably don’t read this blog, but for those who want to know a bit more about the history of Jasager – Karma on the Fon, where the project is now, and where it’s headed, then buckle up, and hang on while we first travel down memory lane.

History:

The time was ShmooCon 2006. It was my very first “HACKER” convention. I was there with my buddies from Hak5 and SploitCast. I just so happened to sit in a talk by Dino (A. Dai Zovi). He was talking about Karma, his project that basically sat in the middle of wireless connections and instead of picking out the special bits directed his way, Karma accepted and responded to them all. I was in love, no not with Dino, but the project. I wrote theta44.org in my notebook (the site Dino noted to find out more) and continued on with the craziness that is any con. Having no money to invest in a wireless card that could handle Karma that page with theta44.org kept hounding me.

In early 2007, boxgamex (a gentlemen from the Hak5 community) sold me a little Fonera router. What’s the first thing I did? Hack it, put OpenWRT and DD-WRT on it. But one day that page in my notebook showed up again and reminded me of Karma. I looked on Dino’s page and was appalled to find that the project hadn’t gone anywhere. Did no one see the potential that this project had? Putting 2 + 2 (=5) I decided to put Karma on the Fon for an ultra portable wifi attack tool. Well, I am by no means the Killer Coding Ninja Monkey that either Dino or Robin Wood are. I scripted my way into it working for one target at a time. The problem? I did all the work on the Fon. You can see where this is going. At DEFCON 15, I brought my scripted up Fon to test it out in the shark infested waters (Wall of Sheep addition?). Got excited to be there, booted the Fon up in my room, connected to the Fon and change a setting. The Fon bricked. No proof that I had done anything, didn’t even get the chance to test it out.

I explained what had happened to my friend Darren Kitchen, and the project really sparked in him. He talked to the Killer Coding Ninja Monkey that I mentioned before, Robin Wood, and before you know it, the project was renewed under a new name “Jasager”, and this time with a better hand at the wheel.

What was the point of this history lesson? If you have idea, and someone else has done it. Take it to the next level, and if you don’t have the time, find a partner who does. Enough history, lets get some information.

Here is the home page of Jasager: http://www.digininja.org/jasager/index.php

HINT: Robin Wood’s main site, while lacking style has some things that you also want to check out. (digininja.org)

If you like reading, here is Darren’s blog post on how to get Jasager going

If you are more of a visual person, check out episode 405 of Hak5

And if you have problems or want to discuss options and configurations with other Jasager users, check out the Jasager Forum

Back to the Furture:

MITM (Man-In-The-Middle) attacks on computer systems have been around since the dawn of time. The natural (rapid) progression of security attacks made it guaranteed that MITM would hit Wireless just as hard. If you have ever talked on a CB Radio, you know the frustration when the kids with the high powered antenna start playing the Mortal Kombat soundtrack over the CB without letting up the talk button. This is a simple example of how Jasager works. It gets in the middle of wireless communications. How do you protect against something like that? I don’t know. I don’t believe that there is a protection for Jasager or Karma (again, released in 2006). Where is Jasager heading? I think that adding the functionality of Karmetasploit (H.D. Moore’s project) to a portable device and then maybe shipping that device like the guys over at Errata Security did with an iPhone, would be one dangerous route. Or putting it in a box like Richard Mogull did. Or in a wall like Larry Pesce did.

To the future? What if I could put this whole project on a USB stick that didn’t do anything but draw power so it could run Jasager + Karmetasploit? Maybe running it on the NeoPwn? The possibilities are endless with this project. For all those feed readers out there, you can keep up with the latest and greatest form Robin Wood and the Jasager project via their RSS feed.