[Pauldotcom] Ideas For Tech Segments?
cdf123 at cdf123.net
Wed Oct 22 04:26:54 UTC 2008
I also like the log analysis, and also looking how to secure your log
management on the cheap. I've seen a lot of examples on the net using a
syslog server to collect logs, but very few on how to secure that
server, and the data in transit. If you can sniff the traffic between a
syslog server and a web server, maybe you can see that there's an
IDS/IPS installed monitoring that server, and then you could change your
tactics and focus somewhere else rather than risk detection. Or seeing
the logs fly by, you can gain knowledge of what software is installed
and maybe even be able to tell version info as well. Syslog-ng is a
great example of this, since you have to pay for the enterprise version
to get the ssl encryption options, and a lot of Linux distros come with
the free version without ssl.
Paul Asadoorian wrote:
> Excellent! Keep them coming. A few notes:
> - I like the idea of doing a tech segment on log analysis on the cheap.
> I've always been a big fan of collecting via syslog to a UNIX host,
> then using bash/perl/<insert favorite language here> to parse and alert.
> I've been meaning to play around with SWATCH again too.
> - We did a tech segment on evading AV:
> - We've talked about bluetooth quite a bit, but never did a tech segment
> on it that I could find. I thought we did a video on it, but it was an
> episode that will forever be lost in the archives.
> Keep em' coming!
> xgermx wrote:
>> Sorry, only two more, I promise.
>> How about a segment on advanced netcat usage?
>> What about an Evading AV detection segment?
>> On Tue, Oct 21, 2008 at 3:51 PM, xgermx <xgermx at gmail.com> wrote:
>>> Also, I'd love to hear a tech segment on Yersinia.
>>> Yersinia is a network tool designed to take advantage of some
>>> weakeness in different network protocols. It pretends to be a solid
>>> framework for analyzing and testing the deployed networks and systems.
>>> Currently, there are some network protocols implemented, but others
>>> are coming (tell us which one is your preferred). Attacks for the
>>> following network protocols are implemented (but of course you are
>>> free for implementing new ones):
>>> * Spanning Tree Protocol (STP)
>>> * Cisco Discovery Protocol (CDP)
>>> * Dynamic Trunking Protocol (DTP)
>>> * Dynamic Host Configuration Protocol (DHCP)
>>> * Hot Standby Router Protocol (HSRP)
>>> * IEEE 802.1Q
>>> * IEEE 802.1X
>>> * Inter-Switch Link Protocol (ISL)
>>> * VLAN Trunking Protocol (VTP)
>>> On Tue, Oct 21, 2008 at 3:40 PM, wishi <wishinet at googlemail.com> wrote:
>>>> Paul Asadoorian schrieb:
>>>>> So, Larry and I have this discussion every week. What should we be doing
>>>>> for tech segments? I'd love to hear your thoughts, and hopefully we can
>>>>> make it happen. So, suggest away!
>>>> a segment I always like hearing about is security data visualization.
>>>> But that's very huge and not easy to
>>>> cover. Maybe you want to have a look at DAVIX
>>>> (http://davix.secviz.org/)? :)
>>>> Another interesting topic is: mobile phone pentesting - speaking of
>>>> smartphones, WiFi, and their TCP/IP and OS specifics.
>>>> I guess...
>>>> Pauldotcom mailing list
>>>> Pauldotcom at mail.pauldotcom.com
>>>> Main Web Site: http://pauldotcom.com
>> Pauldotcom mailing list
>> Pauldotcom at mail.pauldotcom.com
>> Main Web Site: http://pauldotcom.com
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> Main Web Site: http://pauldotcom.com
More information about the Pauldotcom