Tuesday, February 28, 2012

RaiderSec First Meeting

Hello Everyone!

I just wanted to thank everyone who came out to the first meeting of RaiderSec! It was great to see everyone there, and I hope the content was interesting and insightful!

If you missed the meeting, or would like the slides, you can find them here. I will also be posting a supplementary blog post describing the basics of Metasploit in more detail for anyone who would want to see it, or get a recap of what we went over in the meeting. Hopefully it will be up in the next week or so.

I know we covered quite a bit of content really quickly at our meeting, but if you ever, ever have any questions please don't hesitate to e-mail me, and I would be more than happy to answer any questions you may have! The goal of the meetings is to learn as much as possible about the field of security, so if there's something on which you may be stuck, or didn't quite understand during the meeting, let me know!

Also, since I was unable to have the disclaimers there today for everyone to sign, you can find them here. If at all possible, please sign and return them to me by the next meeting (scanning and e-mailing is perfectly fine).

I hope everyone has a great Spring Break, and I look forward to seeing everyone at the next meeting!

Brute Force Without a Dictionary Using John The Ripper

If you’re like me (Lance), and playing with, using professionally, or writing list requiring brute-forcing software. You don’t want to waste the hard drive space for massive all-encompassing password lists which have a limited chance of success. Luckily you don’t have to do that at all leveraging some john the ripper and (l/u)nix functionality.

Monday, February 20, 2012

Searching for Devices Using the SHODAN Search Engine

In this post, I'm going to discuss a very useful search engine called SHODAN, as well as introduce the API it offers for development. I will also include a link to a PHP API Wrapper that I wrote that can assist in easily accessing SHODAN from a web application.

Friday, February 10, 2012

ACM Presentation Slides

It was great to see everyone at the ACM meeting yesterday (Feb. 9), and thanks to all who signed up for the group! It's exciting to see such interest in the field of security!

I am working with the ACM officers to get the information of those who registered and will be sending out an e-mail to each of you shortly with information concerning the date and time of the first meeting, and I will also post it to the Meetings page.

After each meeting, I will be sure to upload any slides, notes, or code that I use in the presentation for anyone who would like them. As an example, the PowerPoint slides from last night's meeting can be found here.

Again, thanks to everyone who signed up! I'm excited to get things rolling, and to start exploring the vast field of security with each of you!


Wednesday, February 8, 2012

Setting Up a Virtual Security Lab with VirtualBox

Why Virtualization?

As security enthusiasts, we are constantly pursuing more knowledge of our field. Anytime a new class of vulnerabilities (or even simply a new exploit) surfaces, we are eager to dissect it to figure out how it works, as well as what measures we can take to protect against it. We know that the best way to learn is by doing, for example, by setting up two machines and using one to emulate an attacker and one to emulate the victim. This approach works well, and provides useful, practical information. However, it is not cost or space effective, since one must have two machines to create this scenario, and this approach is also very time consuming since one must re-build the victim OS every time it is breached by the "attacker" in order to have a fresh-start. What we as security hobbyists need is a solution to these problems that allows us to cheaply and easily build isolated machines on the fly with which we are free to experiment without fear of breaking something.