My first post on the new blog is going to be more of a philosophical rant than a technical entry, but hopefully still enjoyable. I've been having interesting conversations with Ed Skoudis, Peter Silberman and tons of other people informally about these topics for some time, and decided to share some of my thoughts for whatever its worth.

First; security conferences. Originally they were places to meet up with friends you don't see often, exchange ideas, and learn about new things. Increasingly they have become advertising venues for your product, company, or researcher brand name. Now that's not all bad, it helps people move forward, get opportunities and advance the industry but we should try to remember our roots and not lose that sense of discovery and pursuit.

Welcome to the carnal0wnage blog at Attack Research. carnal0wnage and Attack Research decided to join forces in order to better provide you with information about the latest attacks, tools and techniques. If you would like to contribute please email c0arblog@attackresearch.com

Enjoy!

V.

I was explaining some of this to a friend and figured I'd just post it...

If you have ever looked at an exploit module in metasploit most, if not all, will be calling additional libraries to actually "do" what the work for the exploit --this is actually what makes MSF so great.

I'm happy to announce that I'll be speaking at Brucon in September (18-19) on Open Source Information Gathering.

This is an update to my set of talks last year. After a year of doing OSINT work I've revised the methodology and it should be a pretty good update to the previous talk. I'm planning on focusing a lot on Person/Organization Information Gathering (IG) and should be followed by Chris Nickerson talking about Red and Tiger Team Testing(I call it Full Scope testing) aka putting all the "stuff" we found in my talk to actual use.

Here's the video from the Notacon talk. Audio sucks, sorry...blame the video guy.

http://vimeo.com/moogaloop.swf?clip_id=4731117&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1

Full Scope Security Attacking Layer 8: Client-Side Penetration Testing Notacon '09 Edition from FullScopeSecurity on Vimeo.

I'm not dead and I haven't quit blogging, just been tired and busy and working on fairly big change to c0 that I think everyone will enjoy. I was hoping it was going to be ready by now but its not...I do this for free...so you'll just have to wait :-) I'm actually waiting on someone else to do something, and they also do what I'm waiting on for free...vicious cycle...

back to your regularly scheduled ranting and pwning

Happy Two Year Anniversary of carnal0wnage blog!

Wicked Cool Ruby Scripts Book Review

By Steve Pugh

4 stars

Thanks to No Starch Press for my review copy!

From the Description

Wicked Cool Ruby Scripts provides 58 scripts that offer quick solutions to problems like system administration, manipulating images, and managing a website. After getting your feet wet creating simple scripts to automate tasks like file compression and decompression, you'll learn how to create powerful web crawlers, security scripts, and full-fledged libraries and applications, as well as how to:

I don't read too many programming books and I don't usually finish the programming books I do try to read. I ended up getting sidetracked trying out the code and never finish the books. I know excuses, excuses... I also didn't have a programming book review criteria like I do for regular tech books.

Gray Hat Python: Python Programming for Hackers and Reverse Engineers (Paperback)
by Justin Seitz

Publisher Description