Upcomming Conference Plans

For the remainder of this year (2013) and the beginning of the next (2014), here is a short list of the conferences I plan on attending (and possibly presenting at).

2013:

(* maybe *) HackerHalted (Sept 19-21) (Atlanta, GA)
DerbyCon (Sept 27-29) (Louisville, KY)
BsidesATL (Oct ???) (Atlanta, GA)
(* maybe *) East Tennessee Cyber Security Summit (Oct 23-24) (Knoxville, TN)
SkyDogCon (Oct 26-28) (Nashville, TN)

2014:

ShmooCon (Feb 15-17) (Washington D.C.)

Any suggestions for additional (cheap/free) local (driving distance from Knoxville, TN) conferences which I should attend?

General

Building a New Pentest Lab

A while back I decided that I was going to start a personal infosec “re-education” process during which I hope to learn new tools/techniques, polish up on the abilities I already have, and enhance any areas where I may be lacking. In order to facilitate this, I needed a work area. As with any project (woodworking, automotive, or information security), having the proper work area can make a huge difference in one’s ability to succeed in their endeavors.

For my information security “re-education” project, one key part of my “work area” needed to be a wide variety or operating systems to target/test against. There are a few different approaches I could have taken to achieve this:

1) Use what is available.

Look around your house/office. You probably have a few older Windows/Unix systems which you do not use on a regular basis. Odds are you also have a personal printer and/or other network attached devices. All of those make excellent targets.

2) Use what you can borrow.

Much like the previous option, but in this one, you should ask around with friends/family/etc… to see if anyone has any old/unused hardware/system which they can loan/give you. If lucky, you can obtain some good (possibly rare) equipment this way.

3) Use a simple virtualization approach.

Since you probably do not have access to lots of unused desktops/laptops/etc.. on which to install your desired target operating systems, you should look into virtualization. There are several good virtualization solutions available to use (and in most cases, the software itself is free).

Any of these solutions can be easily setup/installed on a personal laptop/desktop. Depending on the number of “guest” operating systems you wish to install and run at one time, you may encounter resource contention.

4) Build a full virtualization solution.

If the previous option does not provide you with the options/flexibility/resources that you need, you can always build a system solely dedicated to running your “guest” operating systems. This option may require the expenditure of additional money in order to build your new virtualization host system.

Note: The above options/approaches are NOT mutually exclusive. You can make use of any/all of them as needed/desired.

The approach I decided to take was a combination of #1 and #4. I first took inventory of all the systems I had connected to my home network (laptops, desktops, printers, etc…) and then to house/host all of the other “test/target” systems I thought I would/may need, I decided to build a dedicated virtualization host. For this I decided to go with VMWare’s ESXi server. The reason I chose ESXi, is that I have had some experience with it in the past, I can easily get the parts to quickly build a decent system, and it is free.

Below is my shopping list of parts I bought to build my system:

($189.99) Seagate Desktop HDD 4 TB SATA 6Gb/s NCQ 64MB Cache 3.5-Inch Internal Bare Drive ST4000DM000 ($78.99) Silverstone Tek Micro-ATX Mini-DTX, Mini-ITX Mini Tower Plastic with Aluminum Accent Computer Cases PS07B (Black) ($17.99) Lite-On Super AllWrite 24X SATA DVD+/-RW Dual Layer Drive - Bulk - IHAS124-04 (Black) ($168.99) SUPERMICRO MBD-X9SCM-F-O LGA 1155 Intel C204 Micro ATX Intel Xeon E3 Server Motherboard ($279.99) Kingston Technology ValueRAM 32GB Kit (4 x 8GB) 1600MHz DDR3 ECC CL11 DIMM with TS Intel Desktop Memory KVR16E11K4/32I ($233.99) Intel Xeon Qc E3-1230 Processor ($59.99) Corsair Builder Series CX 600 Watt ATX/EPS 80 PLUS (CX600) ----------------- TOTAL COST = $1029.93
All of the parts were purchased from Amazon.com (mostly because I have an Amazon Prime account and thus did not have to pay for shipping).

As can be seen, the total cost of the system was just over $1000. I may have been able to shave some $$$ off of the cost by reusing some of my old/surplus hardware, but I opted to go with all new equipment.

Now that I had my ESXi server built, I need to populate it with various “guest” operating systems. First, I started by installing a couple old Windows XP and Vista licenses I had, but I needed more operating systems than that. Luckily for me, there are lots of free VMs and operating systems available: Debian, Ubuntu, Fedora, Mint, etc… In addition, there are great “target” operating systems available as well:

Metasploitable 2
Damn Vulnerable Web Application
Search on “http://vulnhub.com/” for additional targets.

If I needed additional Windows guests, I could:

Download any available “trials” from the Microsoft website.
Purchase a MSDN Operating System subscription.

I also need “Hacker” boxes to perform all of my scans from. For this I could either build my own system, follow one of the many guide on the internet to build a pentest windows/linux machine, or simply download one of the prebuilt systems. Here again, there are LOTS of options to choose from. Personally, I like Kali (the new version of BackTrack).

Well, that is a quick overview of my pentest lab. If you have any comments/questions/suggestions, please feel free to contact and/or leave a comment below.

General Lab, Pentest, Tool

So Many Toys, So Little Time…

While cleaning up my office, I found a few toys gathering dust. I guess it is time to dust them off and see what fun I can have with them.

RaspberryPi (purchased from Element14)
Wifi Pinapple Mark IV (purchased from Hak5)
USB Rubber Ducky (purchased from Hak5)

Tech toys I still want to buy: (any recommendations would be appreciated)

cell phone jammer
handheld police scanner
lock picks / bump keys
an arduino (for a TBD project)

Between working a full-time job, doing after hours consulting, working on various research projects, taking care of my house/yard/property, and spending time with my wife and son, I do not have much free time. Even so, I think it is time to start (possibly slowly) looking into some of the other projects I started but got shelved for one reason or another.

General Tool, Toys

DC865 OSINT Presentation Slides

Here are the slides from my recent OSINT overview presentation at the local DC865 meeting.

General OSINT, Presentation

Phishing with www.SafeLogin.co

As a security consultant and penetration tester, one of my various activities I would have to perform was a phishing exercise.

“Phishing is misrepresentation where the criminal uses social engineering to appear as a trusted identity. They leverage the trust to gain valuable information; usually details of accounts, or enough information to open accounts, obtain loans, or buy goods through e-commerce sites. Up to 5% of users seem to be lured into these attacks, so it can be quite profitable for scammers . many of whom send millions of scam e-mails a day.” — as quoted from OWASP

A few days ago, a colleague pointed me to www.webscript.io and to a simple phishing site he created on it. I took a look and was very impressed by the simplicity of it and how easy it was to set up the phishing site. For a complete writeup on his “Phishing with WebScript.io” experience, check out his site: http://averagesecurityguy.info

This got me thinking, while webscript.io is an amazing site, it is overkill for a simple phishing site. I thought I could create a simple site (just a few back-end scripts, apache, etc…) that could act as a “Proof of Concept” phishing site generator.

…and thus was born: http://www.safelogin.co

www.SafeLogin.co is a bare bones web site which allows a visitor to set up a phisihng site of their very own (only for sites they are legally allowed to, as per the Terms of Use). All they need to provide is a target URL (the site to be cloned) and a unique phishing site name (.safelogin.co). All sites are kept alive for 7 days, at which time all data is erased. www.SafeLogin.co does not (at this time) provide capabilities for sending the phishing emails, that must be handled by the user.

Please take a look and if you experience any issues or have any suggestions, please feel free to let me know.

General SocialEngineering, Tool, Website

Bsides Atlanta 2012 Presentation Slides

I recently had the pleasure of presenting at BSides Atlanta. If you are interested in the slides, they can be seen below.

General LessonsLearned, Pentest, Presentation

I have forgotten more than I now know…

After nearly a decade and a half I have decided to trade my Consultant (Pentester) hat for a programmer and researcher hat. Why would I walk away from the exciting life of pentesting? Honestly there are a few key reasons:

I found myself getting bored performing the same exercises for the same customers and finding the same issues.
I felt my skills were not as sharp as they once were.
I started becoming the “grumpy” person in the office.
With a little one (my 2-year-old son) at the house, I found it hard to be away from my house for weeks at a time.
For those reasons (and possibly others) I decided it was time for me to take a step away for a while to pursue some of my other interests; programming and security research.

I have also decided to, on my own time, go back and re-learn those skills that I may have forgotten as well as learning/improving those new skills and techniques that have come about in the last few years.

Please stay tuned to keep tabs on my re-education process. ;)