PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Ideas For Tech Segments?

From: cdf123 at cdf123.net (Chris Frederick)
Date: Tue, 21 Oct 2008 23:26:54 -0500
I also like the log analysis, and also looking how to secure your log 
management on the cheap.  I've seen a lot of examples on the net using a 
syslog server to collect logs, but very few on how to secure that 
server, and the data in transit.  If you can sniff the traffic between a 
syslog server and a web server, maybe you can see that there's an 
IDS/IPS installed monitoring that server, and then you could change your 
tactics and focus somewhere else rather than risk detection.  Or seeing 
the logs fly by, you can gain knowledge of what software is installed 
and maybe even be able to tell version info as well.  Syslog-ng is a 
great example of this, since you have to pay for the enterprise version 
to get the ssl encryption options, and a lot of Linux distros come with 
the free version without ssl.

Chris

Paul Asadoorian wrote:

Excellent!  Keep them coming. A few notes:

- I like the idea of doing a tech segment on log analysis on the cheap.
 I've always been a big fan of collecting via syslog to a UNIX host,
then using bash/perl/<insert favorite language here> to parse and alert.
 I've been meaning to play around with SWATCH again too.

- We did a tech segment on evading AV:
http://pauldotcom.com/wiki/index.php/Episode125#Tech_Segment:_Bypassing_Anti-Virus_Software_The_Script-Kiddie_Way

- We've talked about bluetooth quite a bit, but never did a tech segment
on it that I could find.  I thought we did a video on it, but it was an
episode that will forever be lost in the archives.

Keep em' coming!

Cheers,
Paul

xgermx wrote:

Sorry, only two more, I promise.
How about a segment on advanced netcat usage?
What about an Evading AV detection segment?

On Tue, Oct 21, 2008 at 3:51 PM, xgermx <xgermx at gmail.com> wrote:

Also, I'd love to hear a tech segment on Yersinia.

 Yersinia is a network tool designed to take advantage of some
weakeness in different network protocols. It pretends to be a solid
framework for analyzing and testing the deployed networks and systems.

Currently, there are some network protocols implemented, but others
are coming (tell us which one is your preferred). Attacks for the
following network protocols are implemented (but of course you are
free for implementing new ones):

   * Spanning Tree Protocol (STP)
   * Cisco Discovery Protocol (CDP)
   * Dynamic Trunking Protocol (DTP)
   * Dynamic Host Configuration Protocol (DHCP)
   * Hot Standby Router Protocol (HSRP)
   * IEEE 802.1Q
   * IEEE 802.1X
   * Inter-Switch Link Protocol (ISL)
   * VLAN Trunking Protocol (VTP)


http://www.yersinia.net/

On Tue, Oct 21, 2008 at 3:40 PM, wishi <wishinet at googlemail.com> wrote:

Paul Asadoorian schrieb:

So, Larry and I have this discussion every week. What should we be doing
for tech segments?  I'd love to hear your thoughts, and hopefully we can
make it happen.  So, suggest away!

Cheers,
Paul

a segment I always like hearing about is security data visualization.
But that's very huge and not easy to
cover. Maybe you want to have a look at DAVIX
(http://davix.secviz.org/)? :)


Another interesting topic is: mobile phone pentesting - speaking of
smartphones, WiFi, and their TCP/IP and OS specifics.
I guess...
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



------------------------------------------------------------------------

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: