Grey bar Blue bar
Share this:

Tue, 29 Jan 2008

HBN Bootcamp @ Black Hat

Black Hat DC this year is supposed to be "a different kind of Black Hat". There are four tracks over the two days with a special emphasis on wireless and speakers include Chris Wysopal, FX from Phenoelit, Job de Haas, and Adam Laurie. The smaller shows are always good fun and good value for money and DC this year promises to have an excellent line-up of speakers.

As usual training courses are offered on the two days before the briefings begin. Its been a while since we trained at DC but this year we're back with a Bootcamp course. The course is filing up nicely, so we're totally stoked. Like the show, the courses tend to be smaller and more personal so if you've never attended a Hacking By Numbers
'Bootcamp' course before then this is a great opportunity. Bootcamp Edition teaches a method-based approach to hacking into networks and systems over the Internet. The method taught consists of seven distinct phases that each have their own objectives, techniques and tools. Students are provided with fully-configured laptop computers that are used stage-for-stage to complete fifteen different technical exercises. You can learn more or enroll here... otherwise contact us via training@sensepost.com if you'd like some more information.

If nothing else, please be nice to Bradley if you see him at the show. I'd like to suggest that you buy him beer but he can't really handle his alcohol and he's hard enough to tolerate as it is when he's sober...

Sat, 26 Jan 2008

John Heasman is now Blogging..

John is one of the bright guys over at NGS, and judging by his track record will boost the signal to noise ratio in the blogosphere.. You can read him at [aut disce, aut discede]

(of course, in truth.. i woulda linked to the blog just because i love the title (aut disce, aut discede - Either learn or leave))

On working when everyone else is asleep...

This quote reminded of something H always says:

"When opportunity comes... its too late to prepare"

- John Wooden - Hall of Fame Basketball coach

Tue, 15 Jan 2008

Eerie coincidences..

a) its my birthday in a few days

b) Apple just announced the new macbookair..

Coincidence??? i think not!!!

air.PNG

Thu, 10 Jan 2008

Is URL / Variable Name the new Port Number ??

There has been a fair bit of blog buzz about the new SQL Injection worm that ran around infecting sites. I have not looked too deeply into it, but have not yet seen accounts of how the targeting was done. Since the sites do not appear to have been running a common framework i would guess that it was search-engine generated targets based on resource name (like inurl: search.asp)..

For ages we have been telling people that if they had to have a /admin/admin.asp on their internet facing web-app that they would at least help minimize their exposure a little by naming it /admin_[bet_u_dont_find_this]/admin_[another_variable].asp

It at least makes sure that the back-end isnt trivially discovered and hammered on.. (yes this is security through obscurity - but please lets not have this argument unless you mail me with a subject line - "Security by obscurity is useless and here are my banking details to prove it" )

Whats mildly interesting is that considering the possibility of injection targeting through a search for "login.asp", then a simple speedbump would have been naming your resource "login_to_customer_portal.asp". Of course this doesnt make you un-findable, and doesnt protect you from directed attack, but neither did running your SSHD on a non standard port, but we do that anyway to make sure that we dont get hit by the next big SSHD worm..