now browsing by tag
As noted before, like in this post, I am a huge fan of RSS feeds, but I also love instructional videos, demo videos, and other similar stuff.
I’ve been toying around the idea of doing video tutorials of attacking vulnerable distributions, like those found on VulnHub, and documenting the process that I go through. Maybe some other things, like various CTF challenges as well. I’m trying to get an idea, how people would react to seeing such videos posted here/on youtube.
If you have any opinions on this, please shoot me an email, and let me know if you think I should do some videos on vulnerability discussion topics and vulnerability videos.
Just wanted to post a quick update. The class has been moved back a week, to July 18.
About the Class:
Location: Denhac 700 Kalamath Street
Time: 11am – 4pm
Source: Software Freedom School
Class: Penetrations and Remediations
Date: July 11, 2015, 11AM – 4PM
Location: Denhac, 700 Kalamath St, Denver, CO 80204 [ Google Maps ]
See the post at SFS:
The past two years have been some of the craziest times in computer security. It is now common for major vulnerabilities to have a pretty name attached to them (thanks PR), vulnerabilities have been found in some of our (previously) most trusted protocols (SSL), and huge vulnerabilities are occurring each day.
Mike has been working primarily on the “blue-team” side of things, that is, the defense side. A lot of times we don’t see the same thing that the “red-team” sees when they are attacking our servers, and a lot of the time, we don’t know the real impact that some of the vulnerabilities have on the systems we have been trusted to defend.
Mike is going to provide a blue-teamers view, on red-team attacks, using recent vulnerabilities. We want the defense, to see the same stuff that the attackers see. Then, we will take steps in securing systems, to be safe, or minimize the effect of attacks that are coming in.
Mike will provide a DVD with some images of vulnerable machines, and VirtualBox that will allow you to run these vulnerable machines, and play with them, so you can see the effects, first hand.
About the teacher:
Mike Harris is passionate about Security, Free Software, and Educating our community.
He is certified as a CISSP, GCIH, GISP, CCNA-Security, CCNA, RHCT, and RHCSA. Mike has additional technical certifications which include Digital Forensics Examiner, Network Protocol Analyst, Project+, Linux+, and A+. He will soon graduate with a Bachelor of Science in Information Technology – Security.
Mike has built a CSIRT from the ground-up, including a secure infrastructure using Linux systems (Red Hat and Ubuntu). Mike has extensive knowledge as a Technology Security Auditor conducting assessments, measuring vulnerabilities, security posture on internal and external networks, and account activities for insider threats and abuse.
He is one of the founders and a former board member of TinkerMill, a non-profit organization dedicated to furthering the knowledge of our kids, adults, businesses, and municipalities in the use of high tech with the incorporation of creativity and art. He is also a Red Team Member of the Rocky Mountain Regional Collegiate Cyber Defense Competition.
Nothing is more frustrating, than a researcher, programmer, tester, or any other similar position attempting to document a bug, and when attempting to re-create the situation, you are unable to replicate. Testing a theory about a bad installer in Fedora 21 today, and just my luck, I was unable to reproduce the problem I was encountering on my desktop, in my virtual environment.
I spent this last weekend, attempting to install/re-install the latest Fedora Linux release. I have already backed up all my data, and done everything I need to do, in order to prep for the re-install. I figure my situation is not super unique, but probably a little more complicated than the average users’ install.
Read the rest of this page »
A scary new statistic out about why it is important to maintain security within your organization. Please contact us to help you ensure that your company isn’t being actively attacked, and to secure not only your exterior, but your internal systems as well.
Here is a short quote from the article:
In a rapidly shifting attack landscape against the backdrop of a hackers’ black market worth billions, if you wait to pentest — you lose.
Still, unless required by law, too many companies and organizations only do a penetration test when they have to.
Often, it’s because they need to comply with regulations or they’ve been told they need to prove they’re secure, in which case it’s a checklist security audit by the numbers.
Most unfortunately, too many only do a penetration test after they’ve been scorched: When hackers have successfully gotten in, executed a payload, and made off with valuable IP, records, customer PII, and cost the company more than it probably knows or can calculate.