You are viewing badger

badgerblog - CarolinaCon 2013
March 18th, 2013
12:22 am

[Link]

Previous Entry Add to Memories Share Next Entry
CarolinaCon 2013
Went to CarolinaCon 2013 this weekend. As usual a solid learning experience.


CarolinaCon 9 15March 2013
http://carolinacon.org

https://github.com/lockfale/binoculars
http://www.kali.org/
http://docs.kali.org/pdf/kali-book-en.pdf
http://sourceforge.net/projects/rawr-webenum/
http://code.google.com/p/fuzzdb/
http://www.securityninja.co.uk/application-security/improve-your-security-testing-with-the-fuzzdb/
http://www.canhazcode.com/index.php?a=10
http://80legs.com/

Intro to Lock Picking
FALE
lockfale.com

lockpicking101.com - the forum
securitysnobs.com - buy locks
lockpicktools.com - buy picks

Terminal Cornucopia
items readily available in an airport terminal that can make potentially dangerous weapons
sourced after security screening
walk in with cash and a Leatherman P5 (TSA-approved)

basic weapon types
sources
overpriced convenience store/tcotchkes
duty free: fragrance, makeup, booze,
overpriced electronics
overpriced gadgets
overpriced nail/massage
overpriced designer stuff
overpriced sportz
overpriced regional goods - depends entirely on location
overpriced food

items of interest

1scope
2basic attack vectors
3research makeshift weapons
4ID collect materials
5proof of concept builds

where: family bathrooms
#1
double-wall tumbler, Parrot AR drone, Zippo
blowgun: tumbler straw, metal rod from quadcopter, cotton from zippo

#2
magazines, lady liberty fridge magnets, braided leather belts, scoths tape
chucks of liberty
(magazines rolled & taped as handles)
fell apart

version 2: dental floss, a lot of it, instead of cheap crappy leather belts

#3
hair dryer, compression socks, umbrella, braided leather belts, condoms
makes a smallish sling bow


umbrellas are to improvised airports what buffalo were like: you use every part of it

fiberglass shaft, cut down at angle

#5
grabber hand thing
magazines, etc.
crossbow - luggage handle is a collapsible stock

stick with a nail

zippo, disposable lighters, Parrot AR Deone, scotch tape = remote detonator

zippo flint wheel on drone motor, flint resting on on flint from disposable lighter

note: the Brookstone version you can control w/smartphone on wifi. That's scary.

RAWR - Rapid Assesment Web
python for pentesting

Kali Linux

Bing, search
IP:IPaddress
returns all domains associated with that IP address

Saturday
get physical access to the computer, iTunes on, syncing over wifi
encrypt iPhone backup is not turned on
~Library/Appllication Support/MobileSync/

use Metasploit

Manifest.mbdb file
cellebrite.com Commercial product for law enforcement

binoculars
https://github.com/lockfale/binoculars
Sinatra Ruby app
add app def query files to the sqlite folder in binoculars

Apple loves SQLite & so should you because it's so easy to get data out of
default datastore for CoreData

if passcode locked, need to unlock it to back it up

Recover Deleted Items in SQLite
deleted data is present but not query able

how to protect yourself
password, preferably strong
keep phone in possession at all times
back up, encrypt your local backups
keep your computer password protected at all times

BEST PUBLIC LICENSE OF ALL TIME

easier to get to jailbroken devices (because a shell)


Securisearch
Social Security cards, tax forms, credit cards, front&back

80legs.com custom Web searches enterprise engine

twitter.com/NeedaDebitCard

google doesn't care about robots.txt

google diving
do a lot of scrolling, the good stuff seems to be farther down
images "Credit card"
more sizes, visually similar
sort the size by large

"SSN", "creditcard". "social

reverse image search in Google
take a picture of the card, blur out the number, upload, search for similar

intitle:
inurl:
intext:
filetype:
ext:
site:
OR, |
"", .
etc.


DBs
backups
virtual machines

in title:index of Windows filetype (vhd|vmdk|vdi)
in title:index of Windows (vhd|vmdk|vdi)

queries, think direct and indirect
search for related, sometimes google won't index vdi file, but will find related

Google as an FTP search engine
-inurl (http|https) inurl:ftp
14million hits

site:/com:*
does portscanning through google

if Google removes a query return, they link to the DMCA complaint at chillingeffects.org

the DMCA complaints have all the good links

so search site:chillingeffects.org for keywords

awesome Firefox addons
Remove Google Redirects - most awesome ever
Unlinker - http://unlinker.com
DocsOnline Viewer -
FireFTP - http://fireftp.net/
Google Reverse Image Search -

more links in presentation
Google Diggity
Google Hacking for Pen Testers
youtube: Stach & Liu, Johnny Long
online docs
/r/opendirectories
Bing Query Language
other search engineers, Bing, Shdan, Napalm FTP, Docstoc, Pastebin
GHDB

1pm speaker MIA

Low-Hanging Fruit of Pentesting
DNS, crawl, geomap IPs
blindcrawl
fierce

virtual hosting
perl Ritx.pl
Ritx
all the virtual hosts on a given server

headache detection
can't ping
people will track portscans

so do forward lookups on every IP in the DNS range
DNS isn't monitored as much

nmap -sL

load balancers
DNS-based
HTTP-based

active filter detection



Basic Persistent Threats
Collapsed Ring Topology
logical ring for regulatory requirements
BGP Attack from Broadband Subscriber - rare, only seen once
Utility CATV Head End Scenario

Transport Network - Remote Support

basic Layer 2 security problems, never been properly secured

problems recommendations
STP/BPDU BPDU & Root Guard
ARP poisoning
VTP secure VTP
VLAN hopping Dynamic ARP inspection
FHRP limit MACs per port
rogue DHCP server secure FHRP
horiz, vertical pivoting PVLANs, VACLDHCP option 82
L2 NetFlow
Secure Information Flow Trust Relationships

also suggested
whitelist applications
whitelist network trust relationships
whitelist Trusted Information Flows in Monitoring

Tags: , ,

(1 comment | Leave a comment)

Comments
 
[User Picture]
From:badger
Date:March 18th, 2013 12:29 pm (UTC)
(Link)
I thought I had used lj-cut here but apparently I had not, according to someone who later deleted their "There is a nice feature called lj-cut." comment on this entry. For anyone inconvenienced by my I-thought-I-had-used-LJ-cut few minutes last evening, I apologize.
Surrounded By Skulls and Spiders Powered by LiveJournal.com