Head on over to http://www.securabit.com to listen to episode 4. We had a few audio hiccups, but overall I think it came out great.
We have forums/IRC up as well, and hope the community starts building up.
I just got done doing a podcast with the guys at secthis.com, whom I met at Shmoocon this past weekend (although there were so many faces and once you have a few drinks it’s a little hard to remember that many faces) which ran about an hour. I had a lot of fun discussing a variety of issues with them. I’m glad they let me connect up and throw in my 2 cents.
Once it’s all edited up you’ll find it at http://www.secthis.com.
We’re only two days away! It seems this conference just gets better each year it runs. I wonder if there will be a bigger venue next year, haha.
The live show is ~9pm Friday and should be really fun. We’re having some very cool guests. It will be the last time I will be having alcohol until after my surgery unfortunately, but I will enjoy it.
If you or anyone you know has an extra Shmoocon ticket I would like to get Christine in. There only seems to be one left on ebay worth pursuing and I don’t know if I will be at the computer in 4 hours to take a shot at it.
I’ve setup a page on the site located here and am actively looking for volunteers. I think we’re going to setup a separate IRC room and create a mailing list, and figure out what other ways we’ll all need to communicate.
Right now I am in need of the following:
- Trustworthy people to volunteer admin time on the project once it’s up and running.
- Volunteers to provide input and configuration work to get the servers how we want them to be. We have to figure out the most secure way to allow people to hack them, and also how to restore them back to a baseline within a reasonable amount of time.
- Legal advice concerning our intention to log some of the activity via a snort sensor.
- Hosting ideas, (CHEAP is good unless we magically stumble into some donations)
- Any other thoughts, input, etc. I’m open to anything.
Thanks!
I spent most of the weekend at the Hak5 house playing rock band, and devising up new stuff to work on.
The current project is going to be a “hackme” network of sorts, where we’ll invite people from the community to participate in various penetration testing type events. We will most likely start off with a Capture the Flag scenario and work from there. This designed to test penetration skills for good, not evil.
If you can offer any help feel free to let me know on the IRC (I’m Hak5Chris there) or just email/comment.
As I will be having a lot more hands on with Snort once I assume my new role at work in a couple of weeks, I decided I needed to beef up my library, so I picked up Jay Beale’s Snort Toolkit book off of Amazon.
It starts out explaining what IDS/IPS are and then jumps into Snort 2.6 covering everything from installation to advanced deployment and rules. The entire kitchen sink.
I’ll post a full review of the book once I read it cover to cover.
Family
I will have my family in town for most of next week, which should be relatively fun. They’re definitely going to get a major tour of the area.
CISSP
I had to delay my CISSP exam until the end of July due to an unscheduled trip that came up last week. On the upside I get to cram some more before I drive up to Northern Virginia and take it.
The past week included one CISSP study group session, installing Ubuntu 7.04 “Feisty” on my spare hard drive, and the usual weekend partying/cooking out.
I’ve been using the latest Ubuntu release since early Saturday morning, and I have to say I am impressed. If my parents lived closer than a 10 hour drive from me I might actually consider switching them over to this, although I think we’re at least a few releases away from it being a smooth enough experience for them.
I had never really run a Linux desktop for more than a week or two as my primary desktop OS before, and I believe this one is going to stay for quite a long time. Beryl/Compiz makes things look nice and shiny, as well as providing functionality.
StumbleUpon has come through once again with an interesting tutorial on how to get started with picking locks. I now have something to keep me entertained at work tonight, as the entire site is chock full of good information on lockpicking. I might as well add a new skill or two to myself eh?
Work on the possible podcast progresses. I am working on a little project that I think might provide for an interesting commentary.
More later!
Today was just wrapping things up. We checked out of our hotel rooms and stopped by the con, I ducked in on a couple of the presentations going on, and picked up DVDs of the presentations I found to be the most interesting, or most useful for why we were sent there by our command. The plan is to use these to prepare up a full report and perhaps some sort of training to our peers.
What was interesting was that the presentations themselves, while great, were actually not the meat of the conference. It was all about meeting and talking with other people who work in the industry, and actually care about what they do. It felt so awesome to be surrounded by people who actually understood their field, and weren’t in it just for the paycheck (although paychecks are definitely a reason).
I’m definitely going next year.
Day Two was more about DC than it was Shmoocon. We managed to hit up some of the presentations while also making sure to visit with the various vendors and talk with some real security gurus at the same time.
Unlike the first day, this was more about one presentation for me than any of the others.
I write this now, having slept from approximately 4am to 8:30am, but we’ll get to that in a minute or two
Registration was supposed to start at 1pm according to the guide, but it was more like 1:40ish. In any event Andy and I were all set by 2pm and collected some vendor swag, had an appetizer upstairs at the Pub built into the hotel, and hung out till things kicked off at 3:30pm.
Opening comments were by the Shmoo group staff, I forget the guy’s name now but i’ll get it later. He was decently entertaining, and basically is the founder of this thing, so he drives the flow of everything. I’m going to summarize each speaker:
