There has been some talk about using the SMB Relay module in Metasploit and then trying to crack those hashes. I'll spare the links to protect the uninformed.

The SMB Relay module is for doing just what it says, relaying the SMB session back to another host. It used to be the same host but now, post 08-068, you have to pick another system on the network. Doesn't matter what system, just not the same system. (I'll try to cover this in another blog post soon)

I am happy to announce that Carnal0wnage Blog made the top 5 Best Technical Security Blogs for the RSA Social Security Awards

https://365.rsaconference.com/blogs/blogger_meetup/2009/04/06/social-security-awards--the-finalists

Best Technical Security Blog

In previous posts here at Carnal0wnage, CG has diligently covered using MSF and meterpreter to do all kinds of stuff, including grabbing hashes with the Priv extension (Vinnie Liu) and tokens with the Incognito extension (Luke Jennings). These are powerful post-exploitation features that yield invaluable information to the engaging team, therefore the presentation and accessibility of this data becomes an important factor as the scale of the engagement and number of targets grows.

Couple of articles/blog posts worth taking a look at

Info on Ghostnet
http://www.f-secure.com/weblog/archives/00001637.html
*mirrors of the two papers are available above
http://news.bbc.co.uk/2/hi/americas/7970471.stm

I am personally glad when i see people getting pwned via client-sides make the news. Hear me and Vince talk about it a Notacon and DojoSec this month!

From here:
http://infosecurity.us/?p=7343

“Forthcoming legislation would wrest cybersecurity responsibilities from the U.S. Department of Homeland Security and transfer them to the White House, a proposed move that likely will draw objections from industry groups and some conservatives.

So the latest article by Brian Chess didnt stir up quite the controversy that that his pentesting dead in 2009 interview/article but this one is worth a read:

http://securitysa.com/news.aspx?pklNewsId=31945

Its a short article and not near as controversial as the dead in 2009 one but three quotes...

I've enabled comment moderation and captcha. Normally i wouldnt have cared but since I sat thru Val Smith's and Collin's talk twice on what they are doing with that stuff I couldnt let it linger.

sorry for the new hoop to jump through everyone.

if you come across any i missed please let me know.

Here's the video from our Client-Side talk at SOURCE Boston 2009


http://vimeo.com/moogaloop.swf?clip_id=3665163&server=vimeo.com&show_tit...
Full Scope Security Attacking Layer 8: Client-Side Penetration Testing SOURCE Boston Edition from FullScopeSecurity on Vimeo.

You don't have to just take my word for it...

http://g0ne.wordpress.com/2009/03/15/thoughts-on-source-boston/
http://blog.attackresearch.com/?q=node/28

So we just got back from SOURCE Boston. It was by far the best conference I have ever been to from pretty much all perspectives.