security.crudtastic.com

Security Nerd Stuff

Browsing Posts published in June, 2010

Security Related Websites

June 29, 2010 ash No comments

I was browsing through some of the SANS advisory board emails this morning and it made me think of a few sites that I like to regularly visit. So I thought I’d share some of them with you. Please note, this is by no means my complete list of sites (it’s far from it) and some of these sites may be of little/no interest to some of you, but these are more or less my daily security sites that I do a quick check on (most of them have RSS feeds to make life a lot easier).

Vulnerability Searches

http://www.securityfocus.com/bid

http://packetstormsecurity.org/

http://www.exploit-db.com/

http://sebug.net/

http://inj3ct0r.com/

http://www.exploit-db.com

http://www.vs-db.info/

 

Misc Sites

http://backtrack.offensive-security.com/index.php/Tools

http://isc.sans.edu

http://www.darknet.org.uk/

http://pentestmonkey.net/

http://carnal0wnage.attackresearch.com/

http://packetlife.net/library/cheat-sheets/

http://www.theregister.co.uk/

http://www.darkreading.com/

http://www.f-secure.com/weblog/

http://www.secsocial.com/blog/

http://www.chris-mohan.com/

http://sockpuppetsecurity.com/

http://www.skullsecurity.org/wiki/index.php/Passwords

http://www.security-database.com/

http://michaeldaw.org/sql-injection-cheat-sheet

http://zone-h.org/

http://taosecurity.blogspot.com/

I may post some other sites in the near future .. ones that are targeted at a specific purpose (like citrix, or SCCM etc.)

I hope you find these sites a little bit useful :)

Information , ,
Read more

Android – Exchange – Failed to create account

June 22, 2010 ash 5 comments

So I got a new HTC phone with Android – Awesome! Well .. yes and no :(

I went to set the email component up for Exchange 2010 ActiveSync and it all fell apart on me. I’ve spent the last 3 days bashing my head against a wall until all of 5 minutes ago. Everytime I set the account up it would authorise and then turn around and give me an error of “Failed to create the account. Please try again later”. LAME!!

So after a lot of googling I came up with nothing .. talk of SSL certificates and so on .. I bought an SSL cert, installed it .. nothing :(

Then I decided to think straight .. I looked at the Windows Event logs and saw a bunch of errors – the one in particular that cracked this case for me was the event id 1053 for MSExchange Activesync. It basically said that the account didnt have permission. What?? The account is a Domain Admin!! BZZZT!!! That’s the problem!! STUPID!! Apparently that is an AD Protected Group and it will never work.

So enough blabbering already .. How did I fix it!

There is an awesome post at http://blog.nick.mackechnie.co.nz/post/2009/11/20/Exchange-2010-Active-Sync-Issue.aspx which explains this all very well! The basics are though

  1. Log onto Domain Controller
  2. Start AD Users and Computers
  3. Click on View – Advanced Features
  4. Double-click on the user who’s account wont work with ActiveSync
  5. Go to the security tab and then select the advanced button
  6. Select Exchange Servers, and tick the Include inheritable permissions toggle then Apply and OK.
  7. Reconfigure your phone and walk away happy

Anyway .. this isn’t really a security thing .. but I think if it’s annoyed other people as much as it’s annoyed me .. people may want to know how to fix it.

Good luck

Information
Read more

Real World Penetration Testing

June 17, 2010 ash No comments

Yet another awesome email that I received this morning (what a great day it’s been for email – haha)

The guys at Offensive Security have put together a short presentation on a real-world penetration test. The video is super edited to show you just the important bits, but you get the picture of what they’re showing you.

You can see the full blog posting at http://www.offensive-security.com/videos/penetration-testing-in-the-real-world/

I personally have to say that the Offensive Security – Pentesting with Backtrack course was THE best course I have done to date! It was so intense and had an awesome lab to refine your skills in. I have gone from strength to strength since doing this course. I am in the process of rebuilding my testing lab at home so that I can continue to push my newly learnt skills and build upon what these guys have taught me. If there is any thought in your head about this particular course, all I can say is, DO IT! You will not regret it!

Courses, Information, security, tutorial , , , , , ,
Read more

2010 Hacker Olympics

June 17, 2010 ash No comments

Just browsing through my email this morning and came across this little gem :) More info can be found at http://www.smpctf.com/ 

Sounds like an absolute blast if you ask me .. All you kids should sign up for it now!

2010 Hacker Olympics

July 09 2010 to July 11 2010

When: July 9th 7:00PM EST to July 11th 7:00PM EST 2010
Where: Your house? Somewhere on the Internet? At some bar with wifi.. Up to you! ;D
IRC: irc.smashthestack.org #smp / #smpctf
Schedule: smpSchedule
PRE-Registration: Here

Current Statistics:   (101) Registered Teams  (358)  Registered People.

The current roster includes teams from all over the world; Australia, Canada, Argentina, United Kingdom, Russia, United States, Japan, Ukraine, with more signing up every day.

About smpCTF Hacker Olympics Quals

Desc

smpCTF Hacker Olympics 2010 is a contest designed by “hackers” and “security enthusiasts” for the like to battle it out against each other over a caffeine and sugar fueled weekend hacking stuff…

In the smpCTF Hacker Olympics qualifications teams and individuals are put up against other teams from around the globe in the same environment with the same objectives and a mission to accomplish. The qualifications round is designed to separate the true ninjas from the fake pirates in the shadows! The finals will definitely be kiddie free ;D

The top 5 teams from the (1st) first qualifications round of smpCTF Hacker Olympics will move on to the smpCTF Hacker Olympic finals. 1st place team of the first round will receive a HP mini netbook with BackTrack4.

smpCTF Hacker Olympic Finals

In the smpCTF Hacker Olympics finals, the qualifying teams will compete against each other in a head to head wargame/CTF competition against the other qualifying teams.

During the smpCTF finals, each team will be assigned a server, choosen by us at random which they need to protect. Defending this server is crucial in order to safe-guard flags. While not only defending, each team must find an attack other teams servers to steal flags or take complete control over the machine.

Once a server has been completely taken oven by another team, and the owning team can no longer access the machine, game over for that team. During the games each team will gain point’s by successfully defending and attacking and successfully stealing other teams flags. The finals will have a tad bit more restricted rules, soon to be posted.

smp CTF Hacker Olympics rules, descriptions or challenges may change at any time without notice prior to final registration – to be announced.

Check us out on IRC: irc.smashthestack.org #smp / #smpctf
Do you think you have what it takes to compete on a global scale? Come and show the m0nkey what you are made of.. 0days welcome…

Information, security , , ,
Read more

Countdown Timer

Twitter



OpenDNS

Use OpenDNS

Recent Posts

Archives

Calendar

June 2010
M T W T F S S
« May   Jul »
 123456
78910111213
14151617181920
21222324252627
282930  

Tags

LiveFeed

Powered by WordPress Web Design by SRS Solutions © 2010 security.crudtastic.com Design by SRS Solutions