I've been following this story through various news sources and thought it worth sharing for those who may not have seen it. For me it came as a reminder of how technology has become so pervasive throughout our lives, and the implications it can have upon us:

http://nakedsecurity.sophos.com/2012/09/18/bmw-stolen-hacking-kit/

Microsoft should be releasing an "out-of-band" patch for this tomorrow.


Source: http://www.computerworld.com/s/article/9231478/Microsoft_Patch_for_critical_IE_zero_day_bug_coming_Friday?taxonomyId=85

Me too,  I know the feeling. I've been having a go whenever I get the opportunity, which unfortunately isn't as much as I'd like.

However, I do enjoy these challenges as I always learn something from them. 

From the Microsoft Security response Center:


http://blogs.technet.com/b/msrc/archive/2012/09/18/additional-information-about-internet-explorer-and-security-advisory-2757760.aspx

For anyone interested in the Beta test, you can sign up here:

http://hack.me/beta.html

I just thought it worth mentioning that the above resource can also be accessed from the following link as well:

http://html5security.org/

The following covers most of the major ones I'm aware of, although it doesn't include PayPal:

http://blog.bstpierre.org/bug-bounty-programs

There's also crowd sourced testing platforms such as:

https://www.hatforce.com/services

https://hackaserver.com/

http://www.utest.com/

Why can't the AP be secured?

If it's someone whose supposed to be using the AP that is responsible for the questionable behaviour as identified by the ISP, then no wireless security measure is going to help anyhow. 

An acceptable use policy may be some cover from any comeback on yourselves from it's abuse (I'm not a lawyer, so don't take that advice as absolute).

If it's someone that's not supposed to be using it, the problem with any disassociation method is that it will be MAC based as far as I'm aware. Whats to stop them from changing their MAC address and regaining access?

Anyhow, in addition to the advice already given, Aireplay from the Aircrack suite can also achieve this.

If you got to @tmacuk it say's "Follow @twmackenzie - my new account" and "I will not be tweeting from this account anymore - please use @twmackenzie." 

Yes it will be recorded, although you'll have to wait.

When you register the e-mail sent states the following "NOTE: The video of the entire presentation will be published on EH-Net in November. All registrants will be emailed when it is available".

It also has information on how you can help: "This is a free project that could use as much help as you can give. Please follow us on twitter, RT, forward the invite to this webcast, post it to your blogs... anything you can do to help spread the word and help us give back to the security community is greatly appreciated.

@hackmeproject
@elearnsecurity
@ethicalhacker

If you want more direct involvement it wouldn't hurt to ask Armando or Thomas (@TWMacKenzie) directly.

For me personally. it was just about right for my level of learning. I was already aware of many of the resources, but still learned some new ones.


Would you say that someone who followed all advice given would be sufficiently prepared for the OSCP in terms of exploit development? Or would additional resources be required?


With regards to more advanced material,  if enough people contact him about it he seemed willing to do another webinar on the more advanced topics.

You type quicker, was just about to post the same thing. 

Interesting webinar, as always demo gods weren't kind. Joe said he's going to post it anyhow in the meantime, although he's going to do it again for a smoother recording.

g0tmi1k's blog has a good cheat sheet of commands for Basic Linux Privilege Escalation:

http://g0tmi1k.blogspot.co.uk/2011/08/basic-linux-privilege-escalation.html

There was also a recent tutorial on here by Jamie.R called Basic Priv Esculation for newbi:

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,9169.0/

I came across this article which would suggest this wouldn't be the case:

http://blog.internetcases.com/2012/09/10/godaddy-outage-limitation-liability-clause-terms-of-service/

Obviously there is the potential to lose some customers over this, but I wouldn't expect a mass exodus.

No news, although he did tweet today "My slides are always available at: http://www.slideshare.net/joemccray".

So hopefully the slides for this may make an appearance.