Penetration Testers Rapidly Becoming Narrow Minded

December 31, 2010 in In the News, Information Security by trevelyn

Read this: http://carnal0wnage.attackresearch.com/node/440 He’s got some good points, but there are a few things overlooked. To write something like this post, he should have backed it up with better examples and real stats. Originally, pen testing was a simulation of what real attackers would do. Then it became more about validating vuln scan/assessment results. Now its essentially about compliance check boxing. (PCI) I’m pretty sure these PCI “compliance checks” don’t assess the (most of the time “extreme”) stupidity of the employees or even owners / administrators of the hardware. Those who author said compliance checks really believe that social engineering,
read more

WEAKERTHAN 3 Update

December 30, 2010 in Information Security, Programming, Updates, WeakNet Linux by trevelyn

Thank you all for the supportive Emails, I really do appreciate your enthusiasm! :) I had a free day today and decided to re-begin development for WeakNet Linux – WEAKERTHAN 3. First I grabbed Debian Squeeze (which for some reason I keep calling “Cheese”) minimal, rm’ed the initial work I did with Ubuntu, and removed even more junk. I got a nice compiled kernel (WT3) from version 2.6.36. I patched it all up for packet injection/fragmentation/channel hopping, etc for wireless radios and tested it; all is good! I had to downgrade Libevent for Fragroute to install properly. Libevent dropped a
read more

Phone Losers of America – The Book.

December 22, 2010 in Information Security, Phone Phreaking, WiFi Hacking by trevelyn

I should have written this a while ago, but I finished reading the book written by Brad Carter himself. Why I Bought This Book (3 of them actually) My first thoughts about exploring our digital world were almost haunting. It was about 2002, or so, and I was molded into what society wanted me to be; scared. Horror stories from the news channels, “Freedom Downtime,” old text files, and more all beat any thoughts of exploring out of me in fear of being beaten by law enforcement, or worse, thrown in prison (to which I am actually highly allergic to,
read more

Setting up PostGRESQL for Metasploit Unleashed

December 20, 2010 in Information Security, Programming, Systems Administration, WeakNet Linux by trevelyn

A while back, people were Emailing me about postGRESQL issues and Metasploit when I released WEAKERTHAN 1.0 I looked into it, but never gave it as much time as I should have. Finding good, up-to-date documentation on installing and configuring PostGRESQL is rough. the command postgres is gone. If you find that somewhere and think, “hey, maybe i just need to install more stuff?…“; don’t. It’s now simply psql now. I started breezing through the Metasploit Unleashed Course, and am simply using Debian Squeeze. To use the db_create command is deprecated according to msfconsole so ignore it in the MSFU
read more

Postfix, SpamCop and SpamAssassin!

December 20, 2010 in Information Security, Systems Administration by trevelyn

Switching servers made me realize that GoDaddy actually did quite a good job at cutting out the spam from my Inbox. As per this post: http://weaknetlabs.com/main/?p=50 I had to figure out a way to stop the spam! I searched Google for a while and found this site, which worked perfectly for me: http://www.debuntu.org/postfix-and-pamassassin-how-to-filter-spam Then I realized that this method only appends a string to the subject “[***** SPAM *****],” which is lame. I found in my filters that I could make the whole div red if the subject contained the string. This was a little better and easier to delete
read more