Wednesday, February 10, 2010
Tuesday, February 02, 2010
Finally found a need for Oinkmaster
I'm sure many of you already know about oinkmaster. Well, I never had a need to use it, and I did today. I am working on a distibuted OSSIM deployment, and I needed to update my snort rules automatically, once a day. After configuring the /etc/oinkmaster.conf file to point to the link for the latest community rules (you can also do the same for the lastest VRT paid for rules) I created this cron job to update my rules, then run a perl script to update correlation, then restart snort and ossim.
Here's the script:
You can get more background on everything on this thread over at the OSSIM forums.
Here's the script:
#/bin/sh/usr/share/oinkmaster/makesidex.pl /etc/snort/rules/ >autodisable.confoinkmaster -C /etc/oinkmaster.conf -C /etc/autodisable.conf -o /etc/snort/rulesperl /usr/share/ossim/scripts/create_sidmap.pl /etc/snort/rules/etc/init.d/ossim-server restart
/etc/init.d/snort restart
You can get more background on everything on this thread over at the OSSIM forums.
Saturday, January 30, 2010
Pentesting With Backtrack
So I started the Pentesting with Backtrack (PWB) course from Offensive Security. So far, I like what I see. It has shown some pretty good info so far, and while I probably won't write a comprehensive review, for the cost ($700) is seems very worth it, especially just to get you out of your own head and get a different perspective on Pen Testing. I hope to improve my personal Pen Testing methodology and learn more about Back Track while doing this course.
Black Hat/Shmoocon/Shmoo Labs
Well, the DC area has a busy week coming up. I unfortunately don't have an employer that will foot the bill for Blackhat DC, but I will be at shmoocon! I am most excited for Shmoo Labs. I have worked with Alien Vault's CTO DK to acquire an OSSIM v2.1 appliance for Shmoo Labs. I'm really excited to learn more about SIM/SEMs and get the opportunity to analyze a real time malicious network. Hopefully we'll get the chance to demo the box to attendees! Bring us t-shirts Alien Vault!
There are also a bunch of good talks at shmoo, especially the keynote "Closing the TLS Authentication Gap." I also am ready to see Larry Pesce speak about his Shmoo Launcher, Ben Smith show us what he's up to with wireless hacking, and the TF2 tourney, which I'll probably enter, but lose famously at!
Finally, the best part about a con like shmoocon is to see some of my friends/acquaintances I've met the past few years at other cons, as well as meet new ones. Make sure to follow me on Twitter, and follow the #shmoocon (and #shmoobus, and possibly #shmooflu ;) hash tags) as you know there will be a few awesome surprises there. And don't forget shmoo-ography (sp?) and the new contest Ghost in the Shellcode (GITS)
See ya at shmoo! and hopefully I'll be doing some live blogging from there... If you can't make it, I hear it will be streamed live on uStream!
There are also a bunch of good talks at shmoo, especially the keynote "Closing the TLS Authentication Gap." I also am ready to see Larry Pesce speak about his Shmoo Launcher, Ben Smith show us what he's up to with wireless hacking, and the TF2 tourney, which I'll probably enter, but lose famously at!
Finally, the best part about a con like shmoocon is to see some of my friends/acquaintances I've met the past few years at other cons, as well as meet new ones. Make sure to follow me on Twitter, and follow the #shmoocon (and #shmoobus, and possibly #shmooflu ;) hash tags) as you know there will be a few awesome surprises there. And don't forget shmoo-ography (sp?) and the new contest Ghost in the Shellcode (GITS)
See ya at shmoo! and hopefully I'll be doing some live blogging from there... If you can't make it, I hear it will be streamed live on uStream!
Wednesday, January 13, 2010
Backtrack, Shmoocon Schedule and Defcon price Increase
Backtrack 4 final is out! (as of yesterday) Woot! Thanks to everyone who puts in hard time creating and maintaining this distro. Download here. New forums and website too! The torrents are the best place to get it right now.
Defcon is going up another $20 to $140, I guess this is to be expected. Another $20 and badge will be twice the cost of the rooms. (Which were more for Defcon 15.)
Finally! Shmoocon schedule up! See you there!
Defcon is going up another $20 to $140, I guess this is to be expected. Another $20 and badge will be twice the cost of the rooms. (Which were more for Defcon 15.)
Finally! Shmoocon schedule up! See you there!
Monday, January 11, 2010
Northeast CCDC
Took me forever to find this link, so here it is for everyone. Info on the 2010 Northeast Collegiate Cyber Defense Competition (NECCDC)
Anyone going?
Anyone going?
Friday, January 08, 2010
RIT SPARSA ISTS this March
SPARSA (RIT's student run Info Sec Club) -- who also ran the CTF at the Rochester Security Summit - to great fanfare I must add -- it preparing for the 7th annual Information Security Talent Search which will take place March 19-21, 2010 at the GCCIS at RIT. I participated as a student in ISTS 5 in 2006 and it was great fun. It similar to CCDC where you have student teams defending, a white team running things, and a Red Team attacking.
I have the honor of being on the Red Team this year and it should be fun! I'm hoping some sweet exploits come out in February/Early March for us to attack with. In the meantime, I'm brushing up on my Metasploit Foo with the Metasploit Unleashed online tutorial over at www.offensive-security.org.
In the meantime, I'm excited to do shmoolabs at shmoo con as well as see friends and meet people I just know online!
I have the honor of being on the Red Team this year and it should be fun! I'm hoping some sweet exploits come out in February/Early March for us to attack with. In the meantime, I'm brushing up on my Metasploit Foo with the Metasploit Unleashed online tutorial over at www.offensive-security.org.
In the meantime, I'm excited to do shmoolabs at shmoo con as well as see friends and meet people I just know online!
Friday, January 01, 2010
Updating BT 4 Pre from remote-exploit repos
I decided to create a VM that I can easily copy following these BT4 forum instructions. I'll update this post and let you know how it went.
Things I'm curious about:
Things I'm curious about:
- How well does the kernel upgrade.
- Can i still easily upgrade Fasttrack?
- will the bt repo's update smoothly?
Subscribe to:
Posts (Atom)
Posts
