tturner

Pretty much none of my original plans from 2013:

OSWP was extremely disappointing and I just couldn’t get motivated for it. I really would not recommend this course unless you just wanted to learn aircrack and had someone paying for it.

OSCP – Yeah, I’m not sure if this will ever happen. Personal life just doesn’t allow me the time I’d need to…[Read more]

I’ll be at BsidesLV and DC21. Looking forward to seeing those of you I’ve met before and new faces as well!

I’ll be seeing Owen tomorrow. I will see if I can convince him to share a torrent for the videos and let him know you guys are interested.

I can help you there. 🙂

I may even have an available position very soon. Shoot me a PM.

In the meantime check out:

http://hackucf.org/blog/ (they welcome non-students and are VERY active and friendly)

https://www.owasp.org/index.php/Orlando (I run the chapter)

http://dc407.com/ (I am fairly active, but this group is floundering a bit due to…[Read more]

Wow. This is gold. or platinum. Great stuff. Thanks for sharing guys, I’d heard mention on twitter but not checked it it out til now and am glad I did. Anything web services is so rare to find. (Talking about Axis2, not the intro)

You may want to check out https://www.youtube.com/watch?v=XR6Sxe3wlDE and the  other videos on the Paterva channel. I believe this one goes through creating your own transforms and may be helpful. I have not used Rapleaf myself so YMMV. Work/Life is pretty crazy right now but when I get a sec I’ll try it out and followup on this thread. May be a…[Read more]

Have you looked at https://github.com/cmlh/Maltego-Rapleaf ?

Internal scans can be done by any “qualified” internal security person. PCI does not define what qualified means but I suspect the day will come when they start requiring internal folks to become ISA or PCIP. Your QSA determines whether this is being properly managed, not the council. Yes, much room for interpretation. Welcome to PCI.

External…[Read more]

@ajohnson wrote:

I know what you mean. TTurner’s signature alone motivates me 8)

They are like Pokemon… Gotta Catch ‘Em All! I have a problem, I really do. Is there a Certaholics Anonymous? (CA – Infosec Acronym Collision Alert!)

But seriously this is one of the friendliest, most helpful communities I’ve been a privilege of being part of and…[Read more]

@hayabusa wrote:

@tturner – Unfortunately, won’t be. But one of these days, if I ever run into you, Ill take you up on it, for sure!   😉

I’ll probably do DefCon/BsidesLV, DerbyCon, and OWASP AppSec USA (NYC) this year as well. 🙂

That’s awesome both of you! Such an accomplishment, and I’m really excited for you! Major congratulations are in order. If either of you will be at SANS Orlando or B-Sides Orlando in March/April look me up and I’ll buy you a beer. 🙂

http://infiltratecon.com/training.html ?

There are tons of hints both on the twitter feeds as well as the questions that are asked in the game posting. Just dive in and it will start falling into place. 🙂

There IS an easier way. Only took me 2 tries. Use your tools to aid your eyes. 🙂 What’s disappointing is how I got one of the later flags. Not sure I did it the right way, felt like cheating but got the answer. ;P

Thanks Andrew it looks interesting. Just not sure how crazy I am about shooting all my vulnerabilities up to a cloud service. I’d welcome something like this internally though.

I touched on some of these issues in a recent blog post (mostly focused on vuln mgmt lifecycle and how current products don’t really meet our needs) http://sentinel24.com/blog/vuln-mgmt-lie/

It’s really a shame that the vuln scan vendors missed the boat here. If you purchase additional expensive tools like RedSeal you can start painting the…[Read more]

@Hudson185 wrote:

Using backtrack 5 R3 with vpn is much more secure …

More secure than what? a soggy napkin? If you want secure, run a stripped down gentoo or *BSD box with only the bare necessities, no compiler, services disabled, FDE, etc. BT5 not only runs as root (yes you can change but, I run a BT5 VM with a locked down user and su when I…[Read more]

NAT vs bridged doesnt matter for wireless, thats just the wired virtual network. For wifi sniffing in a VM you MUST use a USB adapter. Only other option is install baremetal OS, but chances are you are going to want a card compatible with your wifi tools and will probably end up buying a USB ALFA or TPLINK anyway.

You forgot “Perform normal computing tasks as a non-privileged user and use runas or sudo when higher privileges are required”

I’ve found taking this step prevents a huge number of infections

There’s a big difference between collecting and alerting. My preference is to collect as much data as feasible and then filter the data set down to a manageable level. I would rarely condone collecting less data but almost always recommend trimming alertable events, tuning, and filtering so as to not DOS the analyst. You can always expand your…[Read more]