Where has that cloud server been?

Recently I've wanted to beef up my malware analysis capabilities for the malicious hosts list. I wanted some "burner servers" spread across various providers and countries to grab samples. Being, as always, the-researcher-on-a-budget, I've become intricately familiar with the folks over at lowendbox.com and the deals they post. Now, as one can expect, with cheap providers, you find some diamonds in the rough... and you also find some providers that are worth exactly what you paid for them.

Inserting the real world into your information security training exercises

Pop quiz hot shot...

It's a chaotic Thursday afternoon. A series of bombs have gone off across your city paralyzing local transportation and infrastructure. You and co workers are trying to get information about loved ones and friends but your Internet link seems to keep going down. Local law enforcement has just entered your operations center saying that they're evacuating the building due to a suspicious van that's sitting unattended across the street...

...and you just got word that your website was defaced.

What do you do?

WebLabyrinth featured on PaulDotCom Security Weekly

For those of you who haven't been following the project, WebLabyrinth has gone through some changes and has had some new reporting and alerting features added to it. Recently, it was featured on a Technical Segment on PaulDotCom Security Weekly Episode 240 which was posted to YouTube your viewing pleasure.

Getting OSSEC and Debian Squeeze's dependency based booting to play nicely

Debian Squeeze was released last month and one of the new features was the faster dependancy based booting. However, if you attempt to upgrade your 5.0/lenny installation and you are running OSSEC, the bitchin free host-based intrusion detection sytem, the upgrade process doesn't go without a hitch: During the upgrade, the process to upgrade the System V init scripts barfs:

New Tool: WebLabyrinth

Honeypots: Useful? Useless? Or something in between?

While catching up on my podcasts, I was listening to PaulDotCom Security Weekly Episode 220. During the news stories they talked about an article in Network World regarding the effectiveness of honeypots in the Enterprise and how they were the best thing since sliced bread.

Metasploit on Android

So, I've been kind of pissed that the iphone seeminly had more robust potential as a pentesting platform, compared to Android. In a, shall we say, moment of discomfort, I shitcanned AT&T for Sprint and got a Galaxy S phone. And of course, there's no native port of Metasploit yet.

If you're in my boat, fear not, there is a solution: Chroot'd ubuntu. Just follow the instructions at http://bit.ly/g2jQmz to get yourself a functional Ubuntu environment, then load it up with your tools of choice. Metasploit works quite well!

Metasploit... on an Apple IIe?!

What happened to ICanStalkU?

As some of you may have noticed, ICanStalkU was down for a while, and came back with a new look and a few less features. For those of wondering what happened, lets set the wayback machine to last Wednesday, October 20th:

e-Mail: "This is a notice that your OAuth token for ICanStalkU has been suspended from interacting with the Twitter API."

Ben: "Oh, for %#$& sake..."

Northeastern University IEEE Presentation

I was recently was asked to do a presentation regarding Information Security for his alma mater's IEEE. I believe that death by PowerPoint is one of the most painful ways to go out, so I tried to keep it light while staying on the subject manner.


Subscribe to Mayhemic Labs RSS