Wednesday, April 22, 2009

Shotgun Blast 22 April 2009

Quick links of relevant stuff that I'm too lazy to fully comment on

1st up, Robert Graham preaching it on why Cyber Commands will fail.
http://erratasec.blogspot.com/2009/04/why-cyber-commands-fail.html

2. Time for an Internet A-Team...Interview with Joe Stewart on what to do about cyber criminals.
http://voices.washingtonpost.com/securityfix/2009/04/time_for_an_internet_a-team.html?wprss=securityfix

3. Laramies on post exploitation with Meterpreter
http://laramies.blogspot.com/2009/04/meterpreter-post-exploitation-recap.html

4. Frankly disappointing news that any country would make a website against the law and order all ISPs to block it ...Belgium FTW!! Talk about the beginning of a slippery slope into China-like behavior...up next Carnal Blog for having a dissenting opinion.
http://blog.remes-it.be/?p=207
http://blog.rootshell.be/2009/04/22/the-great-firewall-of-belgium/

5. Pulling data and file information from system restore points
http://windowsir.blogspot.com/2009/04/timeline-analysis-xp-restore-points.html

6. Combating the ora_ntlm_stealer technique. Link to the original white paper also in the post.
http://www.slaviks-blog.com/2009/04/22/getting-os-access-using-oracle-database-unprivileged-user/

7. Online metadata extraction with FOCA
http://www.informatica64.com/FOCA/

8. Ahh the "forever-ness" of the internet and how stupid ass questions may bite you in the ass later in life...Professor 0110 FTW!!
http://spool.metasploit.com/pipermail/framework/2009-April/thread.html#start

--EOF--

6 comments:

Anonymous said...

You forgot to mention sqlmap 0.7rc1 release too, http://sqlmap.sourceforge.net ;)

CG said...

isnt there a new version released like every week? meh

ChrisJohnRiley said...

A little harsh on Professor0110 don't you think. We all ask dumb questions at somepoint after all.

You never learn if you never ask ;)

CG said...

@CJR
You're going to make me go all philosophical on this one.

1. Yes everyone needs to learn and ask questions, so I support people asking educated questions after using basic google searches. What i dont support is someone pounding a list about off topic shit that for the most part can be looked up. Several years ago someone set me down and really talked to me about trying to look up the answer myself and not to just quit after 2 seconds of looking or not at all and ask for help.

I was tolerant until i read this:
http://mail.metasploit.com/pipermail/framework/2009-April/009160.html

"Thanks for the reply, Provencher Francis, but I'd rather ask the experts here than waste time looking through Google for a result that I probably won't find."


2. I dont imagine you immediately emailed the list on your current problem with German language support without doing some research on your own first did you?

3. Acting stupid because you're a n00b is losing its ease of use. There are far too many resources out there to be asking questions that are readily found using google.

4. if someone wants to get into pentesting (as he mentioned) they better learn how to do the research, what better time than now to get that person set straight? If you lack the ability to figure shit out for yourself or to ask "the right questions" to help you figure it out then you wont make it very far in this field. I certainly would not hire even a junior person on my team that lacked the ability or will to research the answers to questions before they came to me for help. would you?

nick said...

Maybe I'm "too lazy to do the proper research" myself, but the stupid mailing list archives page is really obnoxious for finding the funny within there. Clifnotes anyone?

I did find this gem before I gave up (from HD to Professor0110 ):

"Whether you intended to be behind a proxy or not, something is MITM'ing your SSL traffic. Either you are behind a proxy, or someone is monitoring all of your SSL traffic.
-HD"

StatlerAndWaldorf said...

Prof 0110 is trolling, and he's subtle. Killfile.