Offensive Countermeasures: The Art Of Active Defense: SANSFIRE June 15-16, Blackhat USA July 27-28 & 29-30
Defensive Countermeasures: Foundations for Becoming A Devious Defender: Blackhat USA July 27-28 & 29-30
Check out the entire PaulDotCom crew at BsidesRI June 14-15th!
Sponsored By:
Follow Us On:
HackNakedtv would like to welcome CIO.com as a sponsor!
In this episode we talk about MySQL and what it means to you. We discuss things that CIOs need to know and we also talk about Thermo Nuclear War and obscure Aliens References!!
Links for this week:
Firefox thinking of killing Java!
To view all Hack Naked TV episodes, please visit http://hacknaked.tv
Join us for Episode 261 with Brian Kennish, former Googler, DoubleClick Engineer and founder of disconnect.me the online tracker blocker to talk Privacy and Tracking.
Be sure to join our IRC channel or sit back and enjoy it live via the link below:
NOTE: The video will play the most recent show up until we are live!
Episode 7:
In this episode we talk about the SSL attacks, Mac worms and how I will not do another story about Twitter account hacking.
Links for this Episode:
To view all Hack Naked TV episodes, please visit http://hacknaked.tv
Paul, Darren, and Jack bat around the stories for the week:
Episode 260 Part 2 Direct Audio Download
Episode Hosts:
Tune in to Pauldotcom Security Weekly TV episodes on our Bliptv channel.
Video Feeds:
Jennifer Granick Interview:
Raphael Mudge, author of Armitage, a front-end tool for Metasploit:
Episode 260 Part 1 Direct Audio Download
Episode Hosts:
Tune in to Pauldotcom Security Weekly TV episodes on our Bliptv channel.
Video Feeds:
All defense and offense professionals (essentially all of us) should tune in live tonight for Episode 260 with Jennifer Granick, former Civil Liberties Director at the EFF and Raphael "fastandeasyhacking" Mudge, who will give us an overview of his Armitage Attack Management gui for Metasploit.
Be sure to join our IRC channel - Jack Daniel indicated he will be taking questions for Jennifer during the interview - or sit back and enjoy it live via the link below:
NOTE: The video will play the most recent show up until we are live!
Episode 6:
Wow.. SSL Nailed again, BING!!!! You have malware! And, lost NHS records!
Links for this Episode:
To view all Hack Naked TV episodes, please visit http://hacknaked.tv
Drunken Security News:
Episode 259 Part 2 Direct Audio Download
Episode Hosts:
Tune in to Pauldotcom Security Weekly TV episodes on our Bliptv channel.
Video Feeds:
Dino Dai Zovi Interview:
Elie Bursztein talks about An Analysis of Private Browsing Modes in Modern Browsers:
Episode 259 Part 1 Direct Audio Download
Episode Hosts:
Tune in to Pauldotcom Security Weekly TV episodes on our Bliptv channel.
Video Feeds:
Some folks are just doing it right. Not using their admin credentials for everyday activities. While this is a best practice, it doesn't prevent the exploitation of domain administrator privileges, it just makes it harder. At some point, the domain administrator is going to have to, well, administer to the domain. It's at that point that we want to catch the victim using their Domain Administrator credentials.
The scenario is this. You've used a tool such as NBTEnum to enumerate Domain Admin account names. You've also managed to gain Local Administrator credentials by dumping and cracking the hashes of a vulnerable system on the network. Like most of corporate America, the target organization is using a universal Local Administrator account across most of their enterprise. You are able to freely move around the network, gaining access to individual systems. While this is fairly deep penetration, you want the keys to the kingdom, or as Josh Wright would call them, the "family jewels": Domain Administrator. What the organization is doing right, is not using their Domain Admin credentials for daily activities. This makes things a little tougher. You know it's only a matter of time until you find the right system to elevate your privileges, but it's late in the pentest and time is of the essence. Enter the following command, the Domain Process Crawler:
FOR /F %i in (ips.txt) DO @echo [+] %i && @tasklist /V /S %i /U user /P password 2>NUL > output.txt && FOR /F %n in (names.txt) DO @type output.txt | findstr %n > NUL && echo [!] %n was found running a process on %i && pause
What this command does, is take a file containing a list of ip addresses (ips.txt) and runs tasklist against each one, redirecting the output to a text file (output.txt). For each ip, the command checks the output for the existence of a string matching one of a list of usernames from another text file (names.txt). If it finds a match, it reports the match to the user and pauses, giving the user the option to continue. Here's what it looks like in action:
With this command, you can easily crawl an entire domain for a running process executed by one of the Domain Administrator accounts you discovered via NBTEnum. When you find one, simply psexec your way to the system as Local Administrator, impersonate the Domain Administrator using the token on the box, and create your own shiny, new Domain Administrator credentials. If you have the Metasploit Framework installed on the system and want to take it a step further, you could use msfcli to automagically psexec yourself a shell when the command finds the right process, rather than pause.
Like the scenario states, there is some work to be done before this command is useful. You'll need an initial shell and a little luck. But as most seasoned pentesters know, getting shell is only the beginning. It's what is done after shell that sets the men apart from the boys.
I've got to give a shout out to carnal0wnage for introducing me to some of the ideas that led to this. Thanks man.
If you're in to doing things the hard way and enjoy juggling shells, ;-) take a look at this post by mubix.
As always, enjoy!!
Don't miss Episode 259 with Dino Dai Zovi and Elie Bursztein!
Dino will bring us up to speed on all of his latest exploits and Elie will give us an overview of the problems with Privacy Mode in popular web browsers.
Be prepared for another excellent show, and enjoy it live via the link below:
NOTE: The video will play the most recent show up until we are live!
Episode 5:
The "John sucks at vacation" edition. In this episode we talk about Android Malware, scary BIOS rootkits and OCR following you in the parking lot.
Links for this Episode:
To view all Hack Naked TV episodes, please visit http://hacknaked.tv
Episode 4:
In this episode we look at freedoms post 911, we talk more about CAs and we discuss the update to firesheep.
Links for this Episode:
To view all Hack Naked TV episodes, please visit http://hacknaked.tv
Paul, Larry, Jack, and the gang talks about the latest news for the week, including APT, cyber criminals, SSL, and how to pick a good password (Just kidding, we actually did talk about stuff that you may care about):
Episode 258 Part 2 Direct Audio Download
Episode Hosts:
Tune in to Pauldotcom Security Weekly TV episodes on our Bliptv channel.
Video Feeds:
Alex Hutton Interview:
Chris Greer - The Commoditization of Malware Distribution:
Episode 258 Part 1 Direct Audio Download
Episode Hosts:
Tune in to Pauldotcom Security Weekly TV episodes on our Bliptv channel.
Video Feeds:
Drunken Security News for episode 257 features SSL certs gone wild, attacking the PHY layer, undercovering social media, and more!:
Episode 257 Part 2 Direct Audio Download
Episode Hosts:
Tune in to Pauldotcom Security Weekly TV episodes on our Bliptv channel.
Video Feeds:
Episode 3:
In this edition I learn how to find a quite place in a crowded airport to do the recording. We also discuss hacking, idiots, RDP, EvilCore and SQLMap scripts for bypassing WAFs. Oh yes! And there is Vanilla Ice. You cant beat that. Links for this show include:
To view all Hack Naked TV episodes, please visit http://hacknaked.tv
In this episode's first part we interview Don Bailey on Hacking Cars with "War Texting":
Then onto Hacking Prisons with John Strauchs, Tiffany Rad, & Teague Newman:
We also talk about "Sneakers"!
Episode 257 Part 1 Direct Audio Download
Episode Hosts:
Tune in to Pauldotcom Security Weekly TV episodes on our Bliptv channel.
Video Feeds:
Be sure to catch Episode 258 with Alex "I believe in metrics" Hutton and Chris "Crime pays - a lot" Grier.
Alex will be by to tell us about his latest venture and focus since leaving Verizon Business, while Chris takes us through the excellent research presented recently at USENIX Security '11.
Be prepared for another excellent show, and enjoy it live via the link below:
NOTE: The video will play the most recent show up until we are live!
In this episode we talk about M$, porn, DigiNotor, Banks, responsibility and beer. Links for this show include:
Episode 2:
To view all Hack Naked TV episodes, please visit http://hacknaked.tv
We are very excited to announce the very first episode of the newly re-branded "Hack Naked TV"! World renowned security expert and SANS instructor John Strand (a.k.a. "Wasted Strand") is the star of this weekly show that will update you on the latest information security news and hacking techniques. These short 5-10 minute videos will include John's take on the latest information security topics, including protocol weaknesses, data breaches, vulnerabilities, exploits, and penetration testing with sticks and marshmallows.
Episode 1:
Stay tuned for more fabulous episodes, keep track of John Strand's bad hair styles and what's happening in the security community!
We'll be podcasting from Larry's secret hideout tomorrow night with a special 'Criminal Edition' of PaulDotCom Security Weekly - featuring car thieves and jailbreakers*! Its a typical episode consisting of our usual plethora of guests, more technical content than probably most other podcasts combined, and the occasional hijinks.
Episode 257 will feature:
- Don Bailey, of iSEC Partners, the Zoombaker hacker and sometime Carmen Sandiego tracker will be on to talk GSM and wireless hacking.
- Core Security's Teague Newman, ELCnetwork's Tiffany Rad and John "Sneakers" Strauchs who will give us an overview of their recent talk on significant vulnerabilities in PLCs used in correctional facilities.
Watch the PaulDotCom crew live at Larry's Barn, via the link below:
NOTE: The video will play the most recent show up until we are live!
In Part 2 we discuss Apache DoS, HP problems, UPnP hacking tool, no black and white security, customizing Nessus scanners, Paul agrees with Gartner, Senior moments with Jack Daniel
Episode 256 Part 2 Direct Audio Download
Episode Hosts:
Tune in to Pauldotcom Security Weekly TV episodes on our Bliptv channel.
Video Feeds:
Mark Russinovich is a Technical Fellow in Windows Azure, Microsoft's cloud operating system group. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006 and is author of the high tech thriller Zero Day: A Novel. We interview Mark in this segment, and kill some bugs:
Episode 256 Part 1 Direct Audio Download
Episode Hosts:
Tune in to Pauldotcom Security Weekly TV episodes on our Bliptv channel.
Video Feeds: