We just bought a house so now my commute has gone from 20 minute to usually close to an hour (yea 66). so i've started listening to podcasts to pass the time and hopefully do something worthwhile with 2 hours a day.
I caught two podcasts the other day, cyberspeak and pauldotcom. I had heard of pauldotcom, they came mobbing into shmoocon a couple of years ago in their black t-shirts, but cyberspeak was a suggested podcast when I was subscribing to pauldotcom.
cyberspeak 10 may 2008 was on the Mac Lockpic and basically about flyclear.com. not much to say. i'll be looking into flyclear to help my butt get through the airport.
pauldotcom episode 106 was on some command line nessus for some checks, metasploit and some news. click the link for show notes, which are really handy.
comments on the show:
They used an outdated metasploit command "use -m Sam" which i guess still works, do a "use priv" instead. I had seen the nessus command line stuff. Joe pushed that out in a LearnSecurityOnline newsletter awhile back. They also dumped the hashes into john, thats so old school and not necessary. use pass the hash if you can dump the hashes. and big thanks to Stewart in the token passing #2 post about using "gsecdump -u" to see who's logged in.
Lastly, i'm failing to see the big deal about sslnetcat when its in perl. great for authorized uses on *nix, not so great for pushing a shell back from a compromised windows host unless they have perl installed, which you cant count on. A recompiled cryptcat or even better sbd will probably give you more bank for your so called buck.