Archive for the ‘training’ Category
Thursday, October 27th, 2011
TinEye is a great service that you can use to search for similar photos on the web. You provide a photo and it compares it to its database looking for similar and modified images.
You can use TinEye to quickly spot fake accounts on social networking sites.
For example. I received this LinkedIn network request the other day.
Not only have I never worked with a “Jennifer Gray”, her profile photo looks like it may be a stock photo. TinEye returned 4 results for stock photography.
Looks like this account may be a recruiting bot or something.
TinEye can also be used to verify the authenticity of a photo and to see if it is a repost or duplicate of another photo. It even has Firefox and Chrome plugins!
Tags: accounts, attempts, bad, engieering, fake, guys, identify, mrb0t, plugin, plugins, profiles, social, spot, tineye, users
Posted in insight, protips, training | 2 Comments »
Sunday, January 23rd, 2011
For the last several barcamps, and the last two toorcons I’ve been presenting to large and small groups about the neat things that can be done with kinesics. I keep all the historic material (yes, including that spreadsheet) HERE.
I’ve found an organization out of San Francisco that does kinesics training, and based on all the feedback I’ve gotten from doing my talks over the last few years – people really dig this stuff. I thought it would be cool to have the pros come down and drop some knowledge on us all.
I’ve managed to arrange a training scenario with Humintell – 4 hours of clasroom training for $250 per person. We need at least 20 people to nail everything down so they’ll come see us down here in San Diego. Currently I have 13 people who have expressed interest in the class.
The idea is that I’ll arrange for the location (going to aim for Intuit, where we do barcamp) and the interested people, and they come to the location to do a 4 hour talk/workshop on a Saturday.
If this sounds in any way interesting, please email me or leave a comment! We’re getting really close to the target figure!
Tags: class, dan, kinesics, peoplehacking, tentler, training, viss, vissago
Posted in insight, training | 2 Comments »
Thursday, July 22nd, 2010
So when I get a new phone, I immediately want to try to get as much access on it as possible (read: root it). Custom roms are wonderful, but in the case of the HTC Incredible I don’t think there are custom roms (yet).
After I rooted my HTC Incredible I started doing searches in the market for interesting things. I found some neat wireless utilities, I found a file manager that lets you browse SMB fileshares on the lan (NEAT.), I found a packetsniffer, and some more interesting tools.
The light came on over my head when I realized “Wait, a packet sniffer AND a wireless access point? .. can .. I sniff.. the wifi with this?!”. As it turns out the answer is yes – it takes some fenagling, and if you do it in the wrong order one application stomps the other (I’ve already written the author of the packet capture application about this but have not gotten a response yet).
Here is a quick walkthrough on how to turn an HTC Incredible into a rogue wireless access point:
- Root the phone. This can be done by visiting http://unrevoked.com/recovery/, downloading the app, and running it.
- Once the phone is rooted, go to the market, and install the wifi tether application: Be aware though, that with the HTC incredible there are additional steps to get this application to work (see their wiki page: http://code.google.com/p/android-wifi-tether/)
- Install the packet capture application. This also will need additional steps after the installation. (http://sites.google.com/site/androidarts/packet-sniffer)
- Once you have the packet sniffer installed, configure it to log to a file instead of a sql database. I wasn’t able to find the actual database this thing logs to, but the text file appears right at the root of the sdcard. It looks just like the ‘live’ output though, which I don’t think is a proper format. It doesn’t log raw traffic at all.
- Don’t start the sniffer or wifi tether yet – they must be configured beforehand.
- Go back to wifi-tether and configure the SSID. Name it something which will attract people in search of free wifi. Linksys. Dlink. Netgear. 2WIRE858. The SSID of a target network, perhaps. Again, do not turn on tethering here yet.
- Open up the packet sniffer again, and go to the ‘wifi capture’ section, then enable the capture, and if you’d like, enable logging packets to the screen.
- Hit the phones ‘home’ button to exit without stopping the packet capture tool, and re-open the wifi tethering tool. Once in the tethering tool, enable tethering.
- Hit home again, and go re open the packet capture tool. If anybody connects, wifi tether will tell you in the status bar at the top of the display, and you will start seeing arp traffic and dhcp traffic scroll in the live feed window as you would with any other packet sniffer.
There are several caveats to this though:
- This tool appears to not capture raw packets. You can do this from a terminal using TCPdump if you feel so inclined – the packet capture tool installation instructions have you install a new version of tcpdump. You should be able to use this to capture raw traffic and not just clear text
- Packet capture has to be running before wifi tether – if you try to do it the other way around wifi tether will hang and you’ll have to kill it.
- This will also capture all the traffic from your phone to the internet, so if you’re trying to do a bunch of stuff on your phone while running a rogue access point, it will muddy your results.
This has been a fairly simple howto – you creative types will easily be able to find more interesting things to do with this.
My wishlist after figuring this out? – An app that acts like airodump – I want to see clients probing for networks so that I can “give them what they want”. I also want this packet capture tool to log raw data, not just plaintext stuff. Now that this is possible, I wish for tools like drifnet, dsniff, and others of that sort to become available on the android platform. The objective here would be to use this during a pen test as a tool to capture data, then bring it back to the labs for analysis.
Tags: 802.11, 802.11a, 802.11b/g, 802.11n, access, audit, auditing, dan, hack, incredible, pen, penetration, point, rogue, root, tentler, test, testing, viss, vissago htc, wifi, wireless
Posted in insight, review, technology, training | No Comments »
Wednesday, May 19th, 2010
Tags: brown, dan, derren, examples, hypnosis, hypnotism, language, neuro linguistic programming, nlp, tentler, video, videos
Posted in insight, training | 2 Comments »
Monday, February 1st, 2010
In this case, I’ll be arguing:
The easier it gets to write code(scripting, really), the sloppier it gets and the more insecure it gets.
We can see this because of the prevalence of sql injection, cross site scripting and error handling in the ever expanding catalog of new sites appearing on the internet.
I cite this from personal experience. As of late people seem to care more and more for ‘how pretty it is’ and less about what actually happens behind the scenes. I’m reminded of the 90s when video games were stuck in 256 color 320×240, with bleeps and bloops for sound – if you didn’t have a good story people wouldn’t buy your game. Now things are different. All people seem to care about are the graphics, and the story, music, and gameplay is all phoned-in.
These days I see new tools and applications online that in most cases make me shudder. A friend of mine, @quine noticed something – the android foursquare application communicates unencrypted, using apache’s ‘basic’ authentication.
(more…)
Tags: 4sq, 4square, android, apache, auth, basic, foursquare, g1, iphone, packet, sniffing, zipline
Posted in insight, review, technology, training | 1 Comment »
Saturday, June 27th, 2009
I talk shop a lot. I talk to people who are security concious, I talk to people who aren’t, and I talk to people who think that ‘security’ means evil hackers from russia who are going to steal their credit cards. Think of security this way:
You run a shop. In this shop you sell things. Some things are physical, and some things are purely informational. In this store you run, do you put the combination to your back safe on a post it note on the cash register? Do you leave the keys to the front door out where the customers can get at them? Do you lock the safe and doors when you leave? Are there security cameras? Will you know if something gets stolen, or if someone is shoplifting, or if an employee is embezzling? These concepts are exactly the same, and sometimes when it comes to data, they’re far far more important. Data controls all of our financial transactions, for example. Data controls how we do most of our buisness these days. Who *DOESNT* use data for business transactions, banking information – or keeping secret data secret?
I keep saying to folks who I talk shop with: “Security isn’t what you think it is”. This is a perfect example. Tiny flaws in ones security strategy, or even lack of any security can lead to an attacker (or law enforcement or a private investigator) being able to glean information to further their purposes.
(more…)
Tags: cyber, detective, digital, recon, reconnaissance
Posted in insight, review, training | No Comments »
Thursday, January 1st, 2009
I thought that doing security101 at places like oggis may have been a tactical mistake because I want people to actually learn and benefit from some of this stuff, so having the discussion broken by the wait staff frequently simply murdered all the momentum the discussion had and the event turned into a hacking 101 lab where I just demonstrated attacks.
That being the case doing a security101 class in an actual classroom environment where I can have the attendees comfortable and perhaps even have a projector would likely be far far better. Phelan was gracious enough to let me usurp the january installment of refreshsd to give my security101 talk in a more meaningful and more formal environment. Refresh this month is on the 13th – see refreshsd.org for details, or see the meetup group.
Here is my proposed curriculum:
Basic networking
- How do computers talk?
- what is a packet?
- whats IN a packet?
clear text versus encryption (http, ftp, dns)
how websites pass information around
How to tell if the site you’re on is passing your information encrypted or not.
Some network voodoo – watching the stream
-driftnet
-dsniff
-watching dns queries
(the next three may or may not be permitted depending on qualcomms network configuration)
basic man in the middle example
faking ssl certs
changing dns
Hope to see you all there!
Tags: 101, class, course, hacking, refresh, refreshsd, san diego, sd, sec101, security, security101, teaching
Posted in insight, training | No Comments »
Tuesday, December 9th, 2008
Again I find myself in a postion where I am in need of full time work. I was able to sustain myself as a full time freelancer for 8 months (not too shabby!), but now it seems the market is drying up and while not for a lack of effort on my part to find sales people or to promote myself by basically bribing people with a 10% commission I’ve not been able to get enough business to sustain myself any longer. I’ll not go into any of the nasty business of clients who decided they didn’t feel like paying me, or clients that had me draw up proposals only to vanish into the ether – because this post is about fun stuff!
All that being said – I like to be clever. I like to use ingenuity to do basically what everyone else does but put a fancy little twist on it. Historically when someone is looking for a job, they will hit some job search sites like monster and dice and then send their resume to people – never knowing if it gets seen with human eyes, or ever gets any attention. Who knows? Does your resume even get read? If it does, how soon? Wouldnt it be nice to see the time correlation between when you sent your resume to someone and when they actually looked at it – or even if they looked at it at all?
(more…)
Tags: apache, grep, grepping, howto, information, log, reporting, reports, visibility
Posted in insight, training | No Comments »
Wednesday, November 26th, 2008
So security101 went fairly well – people didn’t show up until later, and I had spent too much time screwing aroung with ettercap and MITM attacks to have enough battery to complete the entirety of the talk with all the examples I had hoped for.
Some of the attendees ended up asking lots of questions so the ‘flow’ I had envisioned sort of went out the window – but I’d much rather have people interested and actively asking me questions: It shows interest. I’d rather have interest then have them all silent while I blather on and on.
We all ended up at my place afterwards and I was giving short demos on MITM dns tomfoolery, rewriting all queries for microsoft.com to linux.com, and doing SSL MITM attacks against hotmail using ettercap. Pretty fun stuff!
I’ll be holding the class again for anybody that missed it the first time and wants to have it again, but I haven’t chosen a date yet.
If you’re interested in a date, please leave a comment! I’d like to hold the class when more people can attend.
Tags: postmorem, sec101, security101, training
Posted in insight, rants, review, speculation, training | No Comments »
Tuesday, November 25th, 2008
Tonight I’ll be hosting a free Security 101 session at Oggis in Mission Valley.
Here is a brief list of subjects I intend to touch on:
- Networking and host/laptop/workstation configurations, and tools
- Local Firewalls
- Running Services
- Apps to manage inbound and outbound traffic
- Transmitting data: encrypted versus clear text
- Differences between WPA and WEP
- .. and some live examples!
Hope to see everyone there!
Tags: san diego, sec101, security, security101, training
Posted in training | No Comments »
