PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Topics For Discussion - Episode 200

From: jackadaniel at gmail.com (Jack Daniel)
Date: Wed, 21 Apr 2010 09:58:15 -0400
Since it keeps coming up on the show (although one step removed), how
about trying to get Cormac Herley on to talk about his "Rational
rejection of security advice" paper?  (That was behind an RSnake post
and the Globe passwords article).

Jack


On 4/21/10, Bugbear <gbugbear at gmail.com> wrote:

python fu +1

Malware analysis is near and dear to my heart and Lenny always does a great
job

On Wed, Apr 21, 2010 at 7:45 AM, Sherwyn <infolookup at gmail.com> wrote:

I would be interested in hearing Lenny Zeltser among others talk about
building a low cost malware analysis lab, and the value this can add to an
origination by having such a resource.

I work for a University and too many times key machines are infected and
the protocol is to either clean the infection or reimage the machine
without really understanding the infection.
Infolookup
http://infolookup.securegossip.com
www.twitter.com/infolookup


-----Original Message-----
From: Paul Asadoorian <paul at pauldotcom.com>
Date: Tue, 20 Apr 2010 17:11:38
To: PaulDotCom Security Weekly Mailing
List<pauldotcom at mail.pauldotcom.com>
Subject: Re: [Pauldotcom] Topics For Discussion - Episode 200

Thanks all, great suggestions so far. Lots of Metasploit stuff right off
the bat, so I will look to include something special on Metasploit (no
promises until I talk to the team, especially Carlos :)

Keep em' comin'!

Cheers,
Paul

On 4/20/10 3:55 PM, Craig Freyman wrote:

My vote is privilege escalation. There is obviously getsystem in
Metasploit, but what other techniques are used? Most of what I have
found is on the "at" command which requires admin rights to run. Just
wondering what other things a skilled attacker would do outside of
Metasploit.

On Tue, Apr 20, 2010 at 12:45 PM, Butturini, Russell
<Russell.Butturini at healthways.com
<mailto:Russell.Butturini at healthways.com>> wrote:

? ? I would like to hear a round table discussion of where Metasploit
? ? can fit in an enterprise environment. ?I know what my organization
? ? does with it, but would love to hear some more ideas.

? ? -----Original Message-----
? ? From: pauldotcom-bounces at mail.pauldotcom.com
? ? <mailto:pauldotcom-bounces at mail.pauldotcom.com>
? ? [mailto:pauldotcom-bounces at mail.pauldotcom.com
? ? <mailto:pauldotcom-bounces at mail.pauldotcom.com>] On Behalf Of Paul
? ? Asadoorian
? ? Sent: Tuesday, April 20, 2010 1:41 PM
? ? To: PaulDotCom Security Weekly Mailing List
? ? Subject: [Pauldotcom] Topics For Discussion - Episode 200

? ? Hi All:

? ? I wanted to solicit the members of this list to get some topics for
? ? episode 200. ?We are planning on podcasting all day (June 4, 2010
? ? 9am-5pm) so I would like suggestions for:

? ? - Debates
? ? - Discussions
? ? - "Round Tables" or panel discussion
? ? - Technical topics
? ? - Computer equipment you would like to see destroyed (not my iPad!)

? ? Please also include any guests you'd like us to try and get to
discuss
? ? stuff too. ?These can be non-technical topics (like "passwords") or
more
? ? technical things (like "post-exploitation").

? ? Thank you in advance for your feedback and keep up the great
discussion
? ? on this list!

? ? Cheers,
? ? Paul

? ? PS. I would also be interesting in hearing suggestions for Beer or
? ? cigars and promise to include a full review on the show! :)

? ? --
? ? Paul Asadoorian
? ? PaulDotCom Enterprises
? ? Web: http://pauldotcom.com
? ? Phone: 401.829.9552
? ? _______________________________________________
? ? Pauldotcom mailing list
? ? Pauldotcom at mail.pauldotcom.com
<mailto:Pauldotcom at mail.pauldotcom.com>
? ? http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
? ? Main Web Site: http://pauldotcom.com



******************************************************************************
? ? This email contains confidential and proprietary information and is
? ? not to be used or disclosed to anyone other than the named recipient
? ? of this email,
? ? and is to be used only for the intended purpose of this
communication.

******************************************************************************
? ? _______________________________________________
? ? Pauldotcom mailing list
? ? Pauldotcom at mail.pauldotcom.com
<mailto:Pauldotcom at mail.pauldotcom.com>
? ? http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
? ? Main Web Site: http://pauldotcom.com




_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


--
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



-- 
Sent from my mobile device

______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://www.linkedin.com/in/jackadaniel
http://blog.uncommonsensesecurity.com
Previous By Date Next
Previous By Thread Next

Current thread: