Delicious is a service for keeping your bookmarks in one place (online), it's social bookmarking.
So let's go with an example; if you have some nicknames from your target, you can search directly on their Delicious profile, all their public links, for example my profile:
Remember that users can mark a link as private, but here is where we can be lucky if they forget to save it as private.
Another way of searching in Delicious, is using target company URL's or IP's, in this example i will use just a standard internal ip:
And look the second result:
The root password in the url :)
In particular cases you can obtain interesting results
Now each plugin is a file, and here is an example of a plugin for gathering all the email addresses:
class email_detect(AttackPlugin):You can find more examples inside the plugin folder, just get your copy via subversion:
for i in a:
svn checkout http://proxystrike.googlecode.com/svn/trunk/ proxystrike-read-only
More information in the wiki, and you can follow updates by deepbit in his new blog
Meterpreter, short for The Meta-Interpreter, is an advanced payload that is included in the Metasploit Framework. Its purpose is to provide complex and advanced features that would otherwise be tedious to implement purely in assembly. The way that it accomplishes this is by allowing developers to write their own extensions in the form of shared ob ject (DLL) ﬁles that can be uploaded and injected into a running process on a target computer after exploitation has occurred. Meterpreter and all of the extensions that it loads are executed entirely from memory and never touch the disk, thus allowing them to execute under the radar of standard Anti-Virus detection.
- cachedump Dump (decrypted) domain hashes from the registry
- hashdump Dump (decrypted) LM and NT hashes from the registry
- hivelist Print list of registry hives
- hivescan Scan for _CMHIVE objects (registry hives)
- lsadump Dump (decrypted) LSA secrets from the registry
- Disable_Audit: Disable auditing, by changing the local security policy
- GetGui: Script for enabling RDP service on target host.
- GetTelnet: this script will enable the Telnet Service on Win2003 and XP, and will install it on Vista and 2008.
- Memdump: Automation for mdd
- WinEnum: Script that will gather a big amount of information about the host
- Scheduleme: this will allow for task scheduling on target host. Will run the commands as System.
- NetEnum: Performs network enumeration, ping sweeps, reverse dns lookups, etc.
- Soundrecorder: Allows you to record sound on the target machine :)
- GetCounterMeasure: this script will identify antivirus,HIPS,HIDS, Firewalls, etc.
Great Job from Carlos del Ojo (deepbit) for this new release
Salaries for information security professionals are high. Over 38% of respondents earn US $100,000 or more per year.
41% of the respondents said their organizations use certifications as a factor when determining salary increases.
The overall mean funding for training was US $2,854 per year with a median of US $2,000 per year.
Digital forensics, intrusion detection, and penetration testing are the technical topics respondents are most interested in learning in 2009.
As of late November 2008, just over 79% of respondents forecast no information security personnel reductions in the next 12 months.
Over 25% of respondents plan to deploy the following technologies in 2009:
- Configuration Management
- SIEM (Security Information and Event Management)
- Storage Security
- Wireless Security Solutions
The best places to find an information security position are in the metro areas of Las Vegas, Nevada; Dallas, Texas; and Washington, DC.
One of the great things about the WarVOX model is that once the data has been gathered, it is archived and available for re-analysis as new signatures, plugins, and tools are developed.
This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system.
*What is the current listing status for [the site in question]?We display the current listing status of a site and also information on how often a site or parts of it were listed in the past.*What happened when Google visited this site?This section includes information on when we analyzed the page, when it was last malicious, what kind of malware we encountered and so fourth. To help web masters clean up their site, we also provide information about the sites that were serving malicious software to users and which sites might have served as intermediaries.*Has this site acted as an intermediary resulting in further distribution of malware?Here we provide information if this site has facilitated the distribution of malicious software in the past. This could be an advertising network or statistics site that accidentally participated in the distribution of malicious software.*Has this site hosted malware?Here we provide information if the the site has hosted malicious software in the past. We also provide information on the victim sites that initiated the distribution of malicious software.
Next March 6th we are throwing a new edition of the FIST Conference here in Barcelona, so if you want to check the program, you can go here
The presentations of the last Black Hat DC conference are available online, here are some interesting talks:
- DNS 2008 and the New (old) Nature of Critical Infrastructure, Dan Kaminsky
- Windows Vista Security Internals, Michael Mukin
- Dissecting web attacks, Val Smith & Colin Ames
"a compilation of custom developed tools that allow penetration testers the ease of advanced penetration techniques in a relatively easy manner"
Fast-Track has tools for MSSQL server, SQL Injection, Metasploit Autopwn Automation, Mass Client Side attacks, exploits and a Payload generator.
The idea is to provide easy and fast to use tools, that will usually take you many steps, or some minor coding on existing tools. I liked the integration with Metasploit payloads.
It's like executing scripts and tools combos :)
You can check a video of the SQLPwnage module in action:
Fast-Track SQLPwnage from David Kennedy on Vimeo
Presentation of Fast-Track at ShmooCon 2009, here
"Pyrit is implementation allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff"
"CUDA is the compute engine in NVIDIA graphics processing units or GPUs, that is accessible to software developers through industry standard programming languages"
The world's fastest cross-platform MD4/MD5/NTLM crackingfor Windows/Mac/Linux
Recession is not a time to pull the cover over and crawl in. It's a time to work harder, work smarter and improve your own development just to maintain your competitiveness.
- hashdump: dump the LanMan and NT hashes from the registry (deobfuscated).
- lsadump: dump the LSA secrets (decrypted) from the registry.
- cachedump: dump any cached domain password hashes from the registry. This will obviously only work if the memory image comes from a machine that was part of a domain.
- Software buyers will be able to buy much safer software. ( with a certificate of code beign free of these 25 bugs)
- Programmers will have tools that consistently measure the security of the software they are writing.
- Colleges will be able to teach secure coding more confidently.
- Employers will be able to ensure they have programmers who can write more secure code.
- Try to measure productivity in output and not in hours. (article)
- Assign tasks to the geeks who are most interested in them, not the ones with the most experience.
- Segregate the corporate, compensatory hierarchy from the leadership hierarchy. Basically this mean that the Geeks will organize in a meritocracy, following the group guru. In my opinion not always will be this way, but a halfway option could be good.
- Allow them to work remotely.
- Don't impose absurd procedures, that consume time.
- Listen to their opinions usually they have very good alternatives or ideas, they are problem solvers and like challenges.
- Don't impose online content control/management, they are the "online generation", if they are productive why to worry if they are chatting or browsing the net. Most of the times they will be reading information that will improve their work and knowledge, and this is good for you.
- Give recognition, most of the business today relay on their work, stop and think again how much of your business relay on their work. Management tend to know the work of the geeks when things goes bad, what about of recognize them when everything goes smooth ?
- Don't burn them, they will leave, they do not tend to stay as other kind of employees.
- Give them the correct equipment, why people don't understand that a 3 year old computer is not adequate for doing the job in conditions? It's true that they work but they performance is awful and that will demotivate the geek. They spend the whole day working with the computer, usually multitasking, go and buy them a good and powerful computer, with a big screen or multiple screen setup, productivity will boost... and remember 19" is not a big screen...
- Let them wear casual clothes in your company, they are not too friends of the tie. But they understand that if the need to go to customer office is necessary to wear the suit.
- Provide them with a creative environment.
- Give them training, they will take advantage of it.