2/21/2013 Recon sometimes is just walking and observing. If you know what...


Recon sometimes is just walking and observing. If you know what...



Recon sometimes is just walking and observing. If you know what to look for you can notice things that are in the wrong place. Vulnerable spots and ways in.

Another good thing to have is a small laptop an iPad. Run a stumbler or signal scanner, stash the laptop or iPad on your pack and just walk. If you find one, mark the spot and return. Try to capture packets and see if you can crack that wireless or bluetooth.

Have a little notebook - I prefer Field Notes - and sketch a quick map of the area and take notes of what you see. Jot down atmospherics: people's behavior, cars, cameras, points of interest, etc.

Do this a few times and if the atmospherics remain the same you know you have the place down and you can start planning.

Remember: On a day-to-day basis, security is mostly about paying attention.


Original Page: http://redteams.net/post/41343604120

Digg it StumbleUpon del.icio.us

2/19/2013 Infosec Reactions

When I hear someone say 0day in the street!







When I found out that admins were logging directly into servers as root 



Digg it StumbleUpon del.icio.us

2/12/2013 Humility....














The first test of a truly great man is his humility. By humility I don't mean doubt of his powers or hesitation in speaking his opinion, but merely an understanding of the relationship of what he can say and what he can do. 

John Ruskin 

Digg it StumbleUpon del.icio.us

2/09/2013 TPB AFK: The Pirate Bay Away From Keyboard


Videos like this need more views ....!


Dear internets!

As much as I am celebrating the upcoming release of the film, it is a time of mixed emotions for me. When I started filming this project in 2008 I had no idea  the launch of the film would sync with my main characters’ prison sentences. They gave me access to their private lives but won’t be able to share the premiere with me.Anakata is currently serving his prison sentence and Peter and Fredrik are wanted. The trial against TPB is proof that the issue around copyright has not been solved.  I hope their story will re-spark the conversation around civil rights in the digital age – beyond the so called Content industries. Let’s work together to find fair solutions to both keep the internet open while protecting everyone’s rights in the digital age.Please join us for the world premiere on Friday 8th and share the film as much as you can! Meanwhile, I’ll be on Reddit doing on AMA  on Thursday February 7th at 20:00CET/14:00 EST to answer any questions about the film.More soon,Simon.
Digg it StumbleUpon del.icio.us

Debian bugs #800000 and #1000000 contest

reading quickly my email i found this 
As the bug #700000 mark was turned on February 7th 2013, Debian
developers and contributors need yet another new challenge.

So, for the fourth time, a small contest has been set up. It
is very simple: please place a bet (one per person) about the day bugs
#800000 and #1000000 will be reported.

The winner(s) will be the person(s) placing her|his|their bet as close
as possible to the real moment bug #800000 and #1000000 are reported.

There is nothing to win but the pride of being the person who
predicted our bug report rate for the next months|years, just what
René Mayorga won twice for bugs #500000 and #600000 and an obscure
french DD won for bug #700000.

The bet page is a wiki page: http://wiki.debian.org/800000thBugContest

It will be closed on April 30th 2013 (if I remember doing so!). Bets
will be kept statically until bug #800000 is reported.

Please note that bets for bug #1000000 placed back in 2008 and 2010
are kept on this page. Do not modify that section but record your bet
in "Bets for bug #1000000, placed after bug #700000, in 2013".
Digg it StumbleUpon del.icio.us

2/06/2013 Moving Inside from Red Teams's blog

I was reading my feed,one of my favorites is redteams.net is really a peaceful reading ...i really enjoy this post ,so copy and paste :



Moving inside



What I usually plan first is the recon of the network. These are complex things. Modern networks, even on small to medium organizations, can have a lot of complexity and security features built in. Plan a stealthy recon. Depending on how much time you have try to move slowly. Do not set any alarms. Add each potentially good system you find to an overall map of the network as you know it. Record their names, IP address, OS, apps running, etc. The idea is to have as much information in front of you on the whiteboard as possible, then plan the next phase: where to go and what to extract. Plan the egress routes and the protocols you’ll use to egress the information. Set different servers ready to receive the data (encrypted of course since it’s proprietary of your customer). Have fallback servers as well: Mr. Murphy is always present.
http://redteams.net/post/42025232223/moving-inside

    Digg it StumbleUpon del.icio.us

    Have you Watched This Chapter ?

    Yes,as you know i've been watching Person of Interest for the last two seasons,based on a fictional
    history about a software genius and a Ex-Cia operative  work together to prevent crimes before they can happen the creator of this is Jonathan Nolan.

    The Machine

    The Machine is a computer network that monitors surveillance cameras, electronic communications, and audio input. From this data, the Machine is able to accurately predict violent acts. Currently under control of the U.S. Government, its stated job is to foresee terrorist attacks and modify intelligence reports to include this 'relevant' data, allowing the government to forestall terrorist activity. However, the Machine can detect all future violent acts, not just terrorism. At some point in the development of the Machine, Finch created a routine that would pass on the so-called irrelevant numbers to him, via coded messages over a public telephone. Unbeknown to Finch, Ingram also created a routine called "Contingency" on the eve of the government handoff. It is as yet unknown what this program does, or if it is currently active. [1]
    Who hasn't notice this ,surveillance everywhere governments sometimes use this systems to fight  against  terrorist and also civilians like in the movie Enemy of the state...In the last chapter of Person  we could watch and evidence real things like ghost companies,many people know this but nobody wants to say it,cyberweapons....all in this chapter so check it out :D

    Pd:Sorry i couldn't find it in english only. :P

     [1] https://en.wikipedia.org/wiki/Person_of_Interest_(TV_series)

    Digg it StumbleUpon del.icio.us

    2/04/2013 Hacker Wars 1.1

    Hacker wars 1.1 is one video film made by a group of penetration tester it gives a quick review of everyday of pentester life and shows you some roles around a pentest.As we all know Cyberwar is a carreer is for that all have to improve our skills since i have been reading the redteam blog post i've learned important things and tactics,maybe i'm not a profesional penetration tester just a enthusiast of security,but who hasn't noticed computers are everywhere...anyway

      
    Hacker Wars 1.1 from dklinedinst on Vimeo.

    There are tree teams Alpha(spies),Beta(Hacktivists),Delta....check the video and see what happend :D
    Digg it StumbleUpon del.icio.us

    2/02/2013 Google Search with bash


    yesterday i was just curious about lynx and google search engine,so we  can use bash for get quick results   an automate the process,also i want  to filter the url,using sed or awk .


     the first thing is stablish the url for a proper search for this example i wanna to  use this

    http://www.google.com/search?q=keywordforsearchhere&start=pagenumberhere
    
    where the search?q= interpret the proper keyword. and &start= is the number of page,as a text browser i use lynx followed of -dump and -listonly options,lynx provide many command line options but for this test i just use the above -dump for formatted output of the default document and -listonly that show only the list of links.

    for the first test  i use  keyword=house and page=1

    lynx "http://www.google.com/search?q=house&start=1" -dump -listonly
    

    it gives a result like in the pastie

    http://pastie.org/private/jlaakeglj0fsfga27tmoqg
    the final result :
    lynx "http://www.google.com/search?q=house&start=1" -dump -listonly | grep 'url?q=' | cut -d ' ' -f4 | sed 's/http:\/\/www.google.com\/url?q=//' | sed 's/\(&sa=\).*//' 
    finally :
    #!/bin/bash 
    #Google search using bash tools
    #we need $1 the keyword 
    count=0 #page number
    
    while [ "$count" -le 200 ]
    do
        lynx "http://www.google.com/search?q=$1&start=$count" -dump -listonly | grep 'url?q=' | cut -d ' ' -f4 |
        sed 's/http:\/\/www.google.com\/url?q=//' | sed 's/\(&sa=\).*//' 
        count=$(( $count +5 ))
    done
    echo
    
    Ciao
    Digg it StumbleUpon del.icio.us

    2/01/2013 China vs USA

    Always  china vs usa since i've heard about  significant improvement in security to better protect industrial secrets related to new products,is imposible hide facts like this .


    New York Times hit by cyber attack: The New York Times reportedlate Wednesday that it had been the victim of a cyber attack for the last four months while working on a story about Chinese prime minister Wen Jiabao and his business connections.
    According to the report, hackers based in China have been targeting the newspaper’s computer systems and and working to get passwords associated with the publication’s reporters and other employees. The Times shared information on the attacks with the FBI and eventually tracked the source of the attacks. No consumer data was taken from the site, the report said.
    Twitter has a brief outage: Twitter confirmed that some users were unable to access the service Thursday, marking the second time this month that the micro-blogging service has been hit with an outage.
    The company said on its status blog that it was working to resolve the issue. Compuware’s Outage Analyzer tool indicated that users across North America and Europe may have been affected by the problem, but it’s not clear how many of the site’s estimated 200 million active users were unable to reach the service.
    The service was also temporarily unavailable on Inauguration Day, Jan. 21.
    Showrooming shoppers don’t always buy online: Brick-and-mortar retailers may be seeing early success with efforts to combat “showrooming” — the habit of shoppers who look at products in stores but then buy those products online at a lower price.
    Data released Thursday by the Pew Internet and American Life Project  showed that nearly half of those who consulted their mobile phones for online prices, 46 percent, ended up in line at the cash register — an 11-point increase from 2011.
    Just 12 percent of those surveyed left stores to buy the products online, said Pew research associate Aaron Smith. He said that the survey didn’t delve into the shoppers’ motivations but that he thinks new retailer efforts, such as online price-matching, may have contributed to rise in in-store purchasing.
    Cyberwarfare  is  growing up fastly,all goverments are entering to the game but what happend with Colombia,supposedly  there is a  CERT... https://twitter.com/colCERT

    Docs:
    https://www.dnp.gov.co/LinkClick.aspx?fileticket=-lf5n8mSOuM%3D&tabid=1260

    http://programa.gobiernoenlinea.gov.co/apc-aa-files/5854534aee4eee4102f0bd5ca294791f/DisenodeunCSIRTColombiano.pdf


    Where can i report a vulnerability?
    Is ColCert an acronym(just kidding)?
    What does it stand for ?
    Is most than a twitter account ?
    Is there any plan for take this out there ?...


    Digg it StumbleUpon del.icio.us