Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Net Neutrality Supporters Hammered In Elections

Irongeek_ADC Re:left-wing Huffington Post (402 comments)

Yes, like most people in any sort of political argument. :) Just reread your original post and think how it comes off.

more than 3 years ago
top

Net Neutrality Supporters Hammered In Elections

Irongeek_ADC Re:left-wing Huffington Post (402 comments)

Lovely, accuse someone of an ad hominem, than lay the race card. "Social Science" major?

more than 3 years ago
top

The Hairy State of Linux Filesystems

Irongeek_ADC Re:At least Reiser (187 comments)

Ah, yes. Reiser, It's a killer filesystem.

more than 5 years ago

Submissions

top

Metasploit Class For Charity Videos Online

Irongeek_ADC Irongeek_ADC writes  |  more than 4 years ago

Irongeek_ADC (903018) writes "On May 8th 2010 the
Kentuckiana ISSA held a 7 hour Metasploit class at the Brown hotel in Louisville Ky.Proceeds from the class went to the
Hackers For Charity Food for Work program. The instructors were David "ReL1K" Kennedy, Martin "PureHate" Bos, Elliott "Nullthreat" Cutright, Pwrcycle and Adrian "Irongeek" Crenshaw. I hope you enjoy them, and if you do please consider donating to Johnny Longs' organization. This should be more Metasploit than you can stand!"

Link to Original Source
top

FireTalks from Shmoocon 2010

Irongeek_ADC Irongeek_ADC writes  |  more than 4 years ago

Irongeek_ADC (903018) writes "Grecs and the folks at Shmoo were kind enough to let us record the FireTalks from Shmoocon 2010. Here you will find the presentations of David “ReL1K” Kennedy, Michael “theprez98 Schearer, Marcus J. Carey, Adrian “IronGeek” Crenshaw, Nicholas “aricon” Berthaume, Zero Chaos, Benny "security4all" and Christian “cmlh” Heinrich. The subjects include:
Social Engineering Toolkit v0.4 Overview, SHODAN for Penetration Testers, Influencing Security, Funnypots and Skiddy Baiting, Browser Fingerprinting Using a Stopwatch, Pentoo, Sleephacking 101 – How to Stay Awake for 20 Hours a Day without Turning into a Zombie, Payment Application – Don’t Secure Sh!t (PA-DSS)"

Link to Original Source
top

Nmap 5.00 Released

Irongeek_ADC Irongeek_ADC writes  |  more than 5 years ago

Irongeek_ADC writes "Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 5.00 from http://nmap.org/. This is the first stable release since 4.76 (last September), and the first major release since the 4.50 release in 2007. Dozens of development releases led up to this. Follow the link for more details. Here are the top 5 improvements in Nmap 5: 1. The new Ncat tool aims to be your Swiss Army Knife for data transfer, redirection, and debugging. We released a whole users' guide detailing security testing and network administration tasks it maked easy with Ncat. 2. The addition of the Ndiff scan comparison tool completes Nmap's growth into a whole suite of applications which work together to serve network administrators and security practitioners. Ndiff makes it easy to automatically scan your network daily and report on any changes (systems coming up or going down or changes to the software services they are running). The other two tools now packaged with Nmap itself are Ncat and the much improved Zenmap GUI and results viewer. 3. Nmap performance has improved dramatically. We spent last summer scanning much of the Internet and merging that data with internal enterprise scan logs to determine the most commonly open ports. This allows Nmap to scan fewer ports by default while finding more open ports. We also added a fixed-rate scan engine so you can bypass Nmap's congestion control algorithms and scan at exactly the rate (packets per second) you specify. 4. We released Nmap Network Scanning, the official Nmap guide to network discovery and security scanning. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. More than half the book is available in the free online edition. 5. The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap. All existing scripts have been improved, and 32 new ones added. New scripts include a whole bunch of MSRPC/NetBIOS attacks, queries, and vulnerability probes; open proxy detection; whois and AS number lookup queries; brute force attack scripts against the SNMP and POP3 protocols; and many more. All NSE scripts and modules are described in the new NSE documentation portal."
Link to Original Source
top

Offline Apps: The Future of The Web is the Client?

Irongeek_ADC Irongeek_ADC writes  |  more than 5 years ago

Irongeek_ADC writes "Acidus (Billy Hoffman) came to Outerz0ne 5 this year and gave an awesome talk on some of the security implications of HTML 5, as well as covering a lot of other Web-security-fu. We made a video recording of the talk. Here is his presentation abstract: "Traditional web apps used the browser as a mere terminal to talk with the application running on the web server. Ajax and Web 2.0 shifted the application so that some was running on the client and some of the web server. Now, so-called offline application are web application that work when they aren't connected to the web! Confused? This talk will explore how to attack offline apps with live demos of new attack techniques like client-side SQL Injection and resource manifest hijacking." Fun stuff"
Link to Original Source
top

Changing DHCP Vedor code in Windows?

Irongeek_ADC Irongeek_ADC writes  |  more than 5 years ago

Irongeek_ADC writes "Anyone know how to change the default DHCP vendor code in Windows from "MSFT 5.0" to something else? So far, I can't find it in the registry. I'm trying to create a tool for Windows against OS fingerprinting (OSfuscate): http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-ip-fingerprint-to-confuse-p0f-networkminer-ettercap-nmap-and-other-os-detection-tools I've got some success on TCP level stuff, but if the scanner is on the same LAN and it sees a DHCP request the vendor code gives it away. I know it's sort of a parlor trick security wise, but I think it's sort of cool. I'm testing against NetworkMiner that uses the Fingerbanck/Satori fingerprints."
Link to Original Source
top

Hacker Wargame Server on a Live CD: De-Ice

Irongeek_ADC Irongeek_ADC writes  |  more than 6 years ago

Irongeek_ADC writes "The PenTest LiveCD disks presented by De-ICE.net are fully-functioning servers that provide a safe and secure way to learn and practice Penetration Test skills. Intended to be used in a PenTest Lab, these LiveCDs use Slax as the Linux base Operating System and provide pen-testing scenarios to practice on."
Link to Original Source
top

Finding Promiscuous Sniffers and ARP Poisoners

Irongeek_ADC Irongeek_ADC writes  |  more than 6 years ago

Irongeek_ADC writes "Most of you are familiar with using Ettercap for attacking systems, but what about using it to find attackers? This video tutorial covers using Ettercap to find people sniffing on your network by sending malformed ARP packets that normally only NICs in promiscuous mode will respond to. Also covered are some of the ARP poisoning detection plug-ins that come with Ettercap."
Link to Original Source
top

Irongeek_ADC Irongeek_ADC writes  |  more than 7 years ago

Irongeek_ADC writes "I just noticed this in one of my Adbrite ads. An interstitial ad running on my site for IOSCO (http://oicu-IOSCO.com) seems to be causing the web browser to ask to download a file from http://lawcons.info/ called c.wmf that contains malware. I fear it is trying to use the previously know Windows WMF vulnerabilities to install something. I've contacted Adbrite to get the ad campaign paused. My guess is someone defaced the "International Organization of Securities Commissions" website and inserted the malware. Interesting, and some what disturbing. Guess that's one of the downsides to interstitial ads."

Journals

Irongeek_ADC has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>