I realize BT3 is out, but this is an awesome video to get the word out a bit on what it can do. MUST SEE
http://www.offensive-security.com/movies/bt3teaser/bt3teaser.html
http://www.offensive-security.com/movies/bt3teaser/bt3teaser.html
Tuesday, September 30, 2008
Skype 4.0 fixes it's self
Finally the new version allows you to go into "Classic Compact View". Might download it and install it tonight. Anyone wanna give it a test?
Skype 4.0 beta 2 gives you more say | Software news, tips and opinions from Download.com editors - Download.com
Skype 4.0 beta 2 gives you more say | Software news, tips and opinions from Download.com editors - Download.com
Updates to Process Monitor and Zoomit. Sweet
Mark's stuff is awesome. Yes, even though he works under the corporate umbrella of Microsoft.
Sysinternals Site Discussion : Updates: Process Monitor v2.0, ZoomIt v2.11, Sigcheck v1.54, Contig v1.55 | A new Mark's Blog post: The Case of the Sloooow System | New Vista Springboard webcast
Sysinternals Site Discussion : Updates: Process Monitor v2.0, ZoomIt v2.11, Sigcheck v1.54, Contig v1.55 | A new Mark's Blog post: The Case of the Sloooow System | New Vista Springboard webcast
Process Monitor v2.0:
This major update to Process Monitor adds real-time TCP and UDP
monitoring to its existing process, thread, DLL, file system and
registry monitoring. You can now see the TCP and UDP activity processes
performed, including the operation (e.g. connect, send, receive), local
and remote IP addresses and DNS names, and operation transfer lengths.
On Windows Vista, Process Monitor also collects thread stacks for
network operations.
Shmoo Mailing Lists
Find a roomate at ShmooCon, find DC Geeks, or work on HostAP
https://lists.shmoo.com/mailman/listinfo
https://lists.shmoo.com/mailman/listinfo
Clickjacking
Finally I found a good description of Clickjacking, and find it hilarious that I used to play this game on people in High School making it impossible for them to push the button. This is just a reversal of that concept plus invisibility.
Snipped from:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9115818&intsrc=hm_ts_head
Snipped from:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9115818&intsrc=hm_ts_head
What is clickjacking? Good question. Getting to an answer, though, is a little tough, since Hansen and Grossman are keeping virtually all details confidential, at least for now. Here's how Grossman put it to Computerworld last Friday:
"Think of any button on any Web site that you can get to appear between the browser walls. Wire transfers on banks, Digg buttons, CPC advertising banners, Netflix queue.... The list is virtually endless, and these are relatively harmless examples. Next, consider that an attack can invisibly hover these buttons below the users' mouse, so that when they click on something they visually see, they actually are clicking on something the attacker wants them to."
Yet another saved password location
SQL Server 2005 Management password extraction - Easy as pie... Apple pie
http://blog.didierstevens.com/2008/09/29/quickpost-sql-server-2005-management-studio-and-password-management/
http://blog.didierstevens.com/2008/09/29/quickpost-sql-server-2005-management-studio-and-password-management/
Monday, September 29, 2008
Make an video avatar
Make a video avatar suitable for any forum. Just submit, time and download:
http://www.vtubetools.com/gifmaker/
http://www.vtubetools.com/gifmaker/
Apple Ultracompact USB Power Adapter Exchange Program
Broke it already? Well, they have a recall going on. Check it out.
https://supportform.apple.com/200809/
https://supportform.apple.com/200809/
MobaLiveCD - Portable LiveCD Virtualization
Boot a LiveCD anywhere on any windows box, without having to install VMware:
http://mobalivecd.mobatek.net/en/index.php
http://mobalivecd.mobatek.net/en/index.php
Step by step - Make your own Wordpress theme
This post is geared to a few friends who I know are currently in a transitional period:
http://themetation.com/2008/07/14/how-to-create-wordpress-themes-from-scratch-part-1/
http://themetation.com/2008/07/14/how-to-create-wordpress-themes-from-scratch-part-1/
RSnake's XSS Cheatsheet
http://ha.ckers.org/xss.html
also, definitely check out CAL9000 OWASP Project: http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
also, definitely check out CAL9000 OWASP Project: http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
Useful Wallpaper
Here is a Linux CLI reference as a wallpaper that is actually designed well
http://www.gnome-look.org/content/preview.php?preview=1&id=88383&file1=88383-1.png&file2=&file3=&name=Linux-Unix+command+guide
http://www.gnome-look.org/content/preview.php?preview=1&id=88383&file1=88383-1.png&file2=&file3=&name=Linux-Unix+command+guide
Virus Total
If you haven't been here yet, it's a great place to check a file to see if it is a virus, you can also see some basic PE data:
http://www.virustotal.com/
http://www.virustotal.com/
Youtube now allowing 1GB files. Woot
Not like I actually posted Youtube videos, but hey. Cool beans
http://lifehacker.com/5056485/youtube-bumps-video-clip-upload-size-to-1gb
http://lifehacker.com/5056485/youtube-bumps-video-clip-upload-size-to-1gb
(IN)SECURE Magazine Issue 18 is out
Started printing this on Friday not realizing that it's over 100 pages of color... Oops, glad it's not my dime... Thank you 700 billion dollar bailout. ;-)
http://www.net-security.org/insecuremag.php
http://www.net-security.org/insecuremag.php
Automated? SQL Injection Framework
Something I don't like about the word Automated and "SQL Injection" together.
http://www.darknet.org.uk/2008/09/bsql-hacker-automated-sql-injection-framework/
http://www.darknet.org.uk/2008/09/bsql-hacker-automated-sql-injection-framework/
IP Address Regular Expression
http://riskable.com/2008/09/17/tip-regular-expression-to-match-any-ip-address-in-foxyproxy
https?://[1-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.*
https?://[1-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.*
Pyrit
http://code.google.com/p/pyrit/
Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK,
the protocol that today de-facto protects public WIFI-airspace. The
project's goal is to estimate the real-world security provided by these
protocols. Pyrit does not provide binary files or wordlists and does
not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool.Pyrit's implementation allows to create massive databases,
pre-computing part of the WPA/WPA2-PSK authentication phase in a
space-time-tradeoff. The performance gain for real-world-attacks is in
the range of three orders of magnitude which urges for re-consideration
of the protocol's security. Exploiting the computational power of GPUs,
Pyrit is currently by far the most powerful attack against one of the world's most used security-protocols.
Wednesday, September 24, 2008
My Links
So this is where I will blog about things I find on the internet that I think is interesting and it won't contain much more than a link, embed and maybe a few comments.