I’ve been digging through some PHP files that are trying very hard to hide what they are doing. Basically, the PHP code is base64 encoded and then compressed. The blob of random text is then stuffed into a PHP file which calls eval(gzinflate(base64_decode(“BLOB OF TEXT”))); to decode it and execute it on the web server. While it obscures what the … Read More
Metasploit Breaks into SkyNet!
Metasploit has successfully broken into Skynet thanks to Comodo, RSA, MySQL and Stuxnet! Here is the output from msfconsole after updating today. Rock on guys.
Desktop Blog Editors
I’ve been grumbling to myself about writing blog posts using the web interface in WordPress for quite some time, but I’ve never really done much about it. Today I spent some time chatting with David Pratt, a colleague of mine, about our blogs. David runs the Data Management Wonk blog and I liked how his blog posts look when they … Read More
Data Ownership, Governance and Controls
A friend of mine asked a question on Facebook that went something like this. Who owns your company’s data? The politically correct answer is that the business owns the data and IT manages it for them. That’s nice in theory, but is it really true? Does your company have a data governance group (run by the business) that actually sets … Read More
Reconnoiter Updated
I spent some time today and fixed some seriously messed up regular expressions in Reconnoiter. Basically, Google made a bunch of changes to their search results and added AJAX all over the place. To deal with this, I changed the submitted user agent to Lynx and then updated the regex accordingly. Changes with regex were made to usernameGen.py and username_gen.rb … Read More
Latest Happenings and Upcoming Events
Things have been really busy lately. First off, my Mentor session for SANS Security 504 started on September 21st. We are at the halfway point right now and leading this has been incredible. It seems whenever I need to present or teach something I learn more than anyone else. Plus teaching is just fun! Particularly when it is about stuff … Read More
Preparing for Incident Response
Having a solid incident response capability isn’t an accident. It’s the result of focused preparation, training and culture. Incidents come at unexpected times, frequently with little warning, and can have a severe impact on an organization. It’s during these times that inadequate planning, documentation and missing tools become painfully apparent. That high level incident response plan that made the auditor … Read More
Submitted Speaking Proposal to the UTOS Conference 2010
Last year I was able to speak at the Utah Open Source Conference on building a security toolkit with open source software. I just finished submitting my proposal for this year entitled “Metasploit: Free, Powerful, Flexible”. Being able to present at UTOSC 2009 was an absolute blast and I hope that my presentation is accepted this year as well. The … Read More
Reconnoiter Updated with Metasploit Module
Just a quick note today. I finished working on a Metasploit module to create usernames the same way that the other two scripts in Reconnoiter does. However, this module is able to search Yahoo or Google and does not require separate scripts to do so. It also provides the option to use msfweb to get a web interface to run … Read More
Learning from BP’s Response to the Gulf Disaster
One of the most disheartening things about the Gulf of Mexico disaster is to watch BP, the government and other involved parties appear to make up their response as they go along. Aren’t oil companies required to plan for failures and how to recover from them? As it turns out yes, they are. Tonight I found the official “Regional Oil … Read More