Head on over to http://www.securabit.com to download the first episode of our security podcast. We recorded Friday night, and I am having a little trouble getting it to show up in iTunes right now. It might be an additional 24-48 hours since I have to change the RSS I submitted to them to the feedburner one, once they activate it to begin with.
I’ve started a wiki at wiki.securabit.com. I’m looking for people who want to help make this thing special. The idea behind it is a security oriented reference wiki for everything hands on in our industry. Tutorials and HOWTO guides for everything from secure programming to configuring your routers or whatever securely, etc. I want to keep the focus pretty narrow so that it’s a technical, factual reference, that isn’t very long winded. Short and to the point is the goal here. If you’re interested in helping out please let us know.
I started playing around with Tabula Rasa yesterday. I think it’ll keep me occupied for a couple months while I wait for some more good Xbox 360 releases. It’s definitely a good bit of fun, but not something I can get addicted to.
- Playing with Win Server 2008 and hanging around the IRC. #
Powered by Twitter Tools.
I am trying to put together a proper hacking toolkit after reading an article on hackaday encouraging people to come up with the perfect hacker workbench.
I already ordered my oscilloscope kit today, it’s a PC based one, not a full fledged scope, but I think I will be happy with it as it’s been 4 years since I used a real one and this is a cheap entry level thing to get started.
What would you buy? Here’s the article with the comments.
We did some filming last night and today for the next episode of Hak.5, my segment went off fairly well although I think I should’ve touched more on IDA Pro since it’s the most mainstream of the decompiling programs out there as far as I hear. I covered a Crackme posted at http://www.learnsecurityonline.com using .NET Reflector to break it open and find the password. It’s pretty fun. Learning more of the hands on stuff always helps my big picture view of network security.
In regards to the Hakme project, I acquired the CTF server from Will and will be getting that thing loaded up, and the appropriate people access to it tomorrow. It’s a pretty decent right to launch the project with, and hopefully we outgrow it while being able to afford a replacement.
That’s all for now.
I think I was using Hackme just as a placeholder. The project will be officially called hakme. We’re looking to get everyone on the same page, so I am going to get a subforum setup on the hak5 forums. Anyone who wants to be a part of this, email me at cgerlingjr at gmail and let me know. We have a very good idea of what we want to do, it’s going to stay simple till things are up and running.
Primarily, we need to figure out hosting, soon.
-Chris
I’ve setup a page on the site located here and am actively looking for volunteers. I think we’re going to setup a separate IRC room and create a mailing list, and figure out what other ways we’ll all need to communicate.
Right now I am in need of the following:
- Trustworthy people to volunteer admin time on the project once it’s up and running.
- Volunteers to provide input and configuration work to get the servers how we want them to be. We have to figure out the most secure way to allow people to hack them, and also how to restore them back to a baseline within a reasonable amount of time.
- Legal advice concerning our intention to log some of the activity via a snort sensor.
- Hosting ideas, (CHEAP is good unless we magically stumble into some donations)
- Any other thoughts, input, etc. I’m open to anything.
Thanks!
I spent most of the weekend at the Hak5 house playing rock band, and devising up new stuff to work on.
The current project is going to be a “hackme” network of sorts, where we’ll invite people from the community to participate in various penetration testing type events. We will most likely start off with a Capture the Flag scenario and work from there. This designed to test penetration skills for good, not evil.
If you can offer any help feel free to let me know on the IRC (I’m Hak5Chris there) or just email/comment.
In the latest Hak.5 episode I demonstrated the Nokia 770 internet tablet in more detail than on the live show this past summer. The show notes are here: http://wiki.hak5.org/wiki/Episode_3×05#Nokia_770_Hacks and should help you get through the process.
Once the N800/810 drop in price they will be the obvious replacements due to better hardware and software.
I went awhile without an update. The Ubuntu article before this was actually written about a week ago, but I had not gotten a chance to get on and publish it, and did end up publishing it a little incomplete, which is why I am going to do another update in a few weeks on Ubuntu.
The past two weeks have been pretty busy for me, both professionally and personally. I’ve been studying for Linux+, GCIH, CISSP, and now CEH. The basic plan is to have CEH and GCIH done by the end of next week if I hear back from EC-Council soon enough. I’m also looking at switching to AMU from Strayer because I feel their program will be a better fit for me.
I did a little packet analysis at home the other night for someone in an IRC room I frequent. A sysadmin from a university came in and was having trouble identifying some traffic on his network. A quick check of the pcap file that he sent me revealed it was simply CUPS traffic, whether or not it was authorized was another story since he did not appear to know what CUPS was, but did mention that his network had both Windows and Linux workstations. It was fun in any case.
Among the many projects I have, is a desire to setup another computer dedicated to running some virtualized servers in VMware Server, probably a bunch of Ubuntu LAMP setups from their server cd. The idea would be to go a route similar to how LSO (learnsecurityonline.com) does their capture the flag contests. Perhaps I will email them and ask how they set their boxes up, whether it is in a VM or not.
