DEFCON 19 Presentations
As you all should know already, Defcon 19, the biggest Hacking conference in the world, has ended a few days ago.
Luckily for those of us who didn't go, here are the event presentations, so we can study them. There are almost 600 MBs of presentations, which will give us a long time reading 
Link: http://good.net/dl/k4r3lj/DEFCON19/
There's only one simultaneous download per IP. Patience 
Bye!
Free Malware and Cybercrime lecture (Onsite and Online)
Keeping up with the series of Free Computer Security Courses, Cristian Borghello (Director of the Segu-Info community) will give a free lecture about Malware y cibercrimen at the offices of Mkit Argentina, presenting the Full course that will start on August 24th
The lecture will take place next monday, August 15th, from 6:30 PM to 8:30 PM ( GMT -3, Argentina) with both Onsite and Online attendance.
- To attend in Online mode you can enter 30 minutes before the start of the lecture. In that link there's a "LiveMeeting waiting lobby" and when the event starts you will automatically enter the event.
- To attend in Onsite mode at the City of Buenos Aires, since seating is limited, you must pre-register by sending and email to cursos[AT]segu-info.com.ar. There you will find out how to access the lecture.
To view the event Online you will need a LiveMeeting Plugin (Windows Installer) that I recommend having installed before the event starts. If you use Mac/OS or Linux you must install JAVA JRE 1.6 and when you access the event you will be able to install Office Live Meeting Web Access and access without problems.
Besides, we're riffling half a scholarship for those who win the challenge published in the 175th Segu-Info Newsletter.
Source: Segu-Info
Free Hands-On Ethical Hacking Course (Onsite and Online)
Just like we did in April, this time we again launch with Mkit Argentina a Free Ethical Hacking course.
Unlike last time, this time there will be a 2-day course and will include new topics!
I must underline that when I say hands-on.....I mean HANDS-ON
Instead of just simply see the teacher demonstrating, you will be able to do the practice with your own computer. When you register for the course you will receive information regarding pre-requisites (virtual machines, tools, etc) to be able to do the practices.
Agenda:
- Internet hacking:
- Active and Passive Reconnaissance
- Vulnerability Scanning
- Network Hacking
- Phishing
- Man-In-The-Middle
- Application Hacking:
- Exploiting
- SQL Injection y XSS
- Is it free?: Of course!
- Fecha y hora: Martes 5 de Abril de 2011, de 18:30 a 21:30 hs (GMT-3, hora de Buenos Aires)
- Where will it be?: Mkit Argentina, City of Buenos Aires. Limited seatings for Onsite assistants
- Will it be streamed?: Yes, but there are also limited seatings for Online assistants
- Will you give certificates?: Yes, printed for Onsite assistants and Digital for Online Assistants
- Will I really learn something?: Definitely!!! This is a TRULY hands-on course and like the popular voice says, "you learn by braking"
Those who are interested Los interesados (I hope there are many of you!!) must register at the following link:
http://www.mkit.com.ar/cursogratuito/
See you there!!
In Fraganti – Case #6, Major drugstore chain, Buenos Aires city
To the side of the main entrance of one of the stores belonging to this major drugstore chain, there is a monitor that constantly shows information for the customer, promotions and so.
Tne other day I was walking by and I ran into the following scene:
For those of you who haven't realized what was showing up in the screen yet, here is a close-up:
In front of the presentation there was a login screen to the following server:
"popeye.[DomainDeleted].com.ar"
I believe that the client machine would connect to this server to download the daily presentation to show, or something like that.
Of course that this server is located in the private network, there is no public record named like that (I checked). So the situation didn't look very promising, since the discovered information wasn't good enough to investigate since there was no way I could access the private network where these computers were located.
However, the next day I walked by the store again and I ran into the following situation:
Again, a close-up for those of you who hadn't discovered the problem yet:
The computer connects to the network through Wi-Fi !!
The store's front face, with little to null possible supervision (due to its physical location, with its back to the staff) connects to the network with a wireless connection, allowing an attacker to do several attacks, such as:
- Denial of Service
- WEP-WPA key cracking (I didn't check the network type, but I could have turned on my phone and checked)
- Sniffing
- And the best of all..... A Rogue AP!!
By taking the following steps:
- Starting a tool that would allow me to impersonate any Wi-Fi network
- Causing a forced disconnect of the victim computer
- Getting the victim computer to connect to MY AP instead of the real one
- Impersonating the "popeye.[DomainDeleted].com.ar" server
- Waiting for the victim computer to try to connect to that server to ask for the new information to show on screen
I could make the computer screen to show arbitrary information of my choice, and even gaining local access to the computer (through some exploit) and from there enter the store private network.
And the best of all, I could be doing all of this from the bar next door, sipping some delicious coffee and without any risk
Bye!
BarCamp Litoral 2011
This saturday, May 7th will take place the BarCamp Litoral at the city of Santa Fe, Argentina.
There are over 2000 people registered for the event, becoming the Biggest BarCamp in America!!
There will be lectures about Web 2.0 (and web Marketing 2.0), mobile programming, web programming, and many other subjects.
And, of course, as it had to be, Computer Security.
Mkit Argentina will be present as a Sponsor, handing out information about our services and courses in computer security and hacking.
We will also raffle some PIRATE KITS (yup, you've read correctly), scolarships for our hands-on ethical hacking course, and an MP4 player.
On top of that (as if it wasn't enough with ALL the above), we will publish during the event an online challenge that you will have to solve in order to win surprise prizes!!
I personally will be giving 2 lectures, one about Linux security (the same I gave in FLISOL 2011) and another one about Wireless hacking and information theft.
The event promises to be a party, with music, food, drinks, good people, interesting lectures, a live music show and an after party that is going to make the whole city spin
To anybody who can come, I recommend it.
See you there!
Tags
Recent Posts
- Online Nmap Scanner – Scan your network quick and easily
- What’s my IP Address?
- Denial of Service to a Sony Bravia IP TV
- CXO Community – V Identity Management in the Digital Era Conference
- Lock – A simple Linux console locking tool
Archives
- April 2012 (3)
- March 2012 (2)
- February 2012 (1)
- January 2012 (1)
- October 2011 (11)
- September 2011 (13)
- August 2011 (5)
- July 2011 (7)
- June 2011 (8)
- May 2011 (3)
- April 2011 (7)
- March 2011 (2)
- February 2011 (2)
- December 2010 (2)
- November 2010 (5)
- October 2010 (3)
- September 2010 (6)
- August 2010 (3)
- June 2010 (4)
- May 2010 (3)
- April 2010 (3)
- March 2010 (2)
- February 2010 (6)
- January 2010 (16)
- December 2009 (6)
- November 2009 (2)
- October 2009 (7)
- September 2009 (12)
- August 2009 (4)
- July 2009 (4)
- June 2009 (4)
- May 2009 (4)