By Fyodor Yarachkin
To clear up a common misunderstanding, this Fyodor is not the same Fyodor as the author of Nmap.
XProbe-NG was written to discover a rouge server in a network of the major Taiwanese internet provider. It turned out that XProbe was not sufficient to handle all the application level stuff that was going on in this case.
However doing level 7 probes introduced two problems:
- Bandwidth – Having to send far more data
- Time – Making sure you finish in time
Other motivations for XProbe-NG include:
- Scanning other protocols then IP only
- Bulk scanning
- Probing “en-route” systems
- Migration to IPv6
- Honeypots/nets
- Improving precision
Read more…
By Frank Breedijk – During Hack in the Box Amsterdam I had the opportunity to sit down with its founder and CEO Dhillon Andrew Kannabhiran. I asked him about the Hack in the Box organisation, the conferences and why it was located in Amsterdam.
Q: What is Hack in the Box?
A: There is not simple answer to that, but let me give it a try. There are two parts to the Hack in the Box: the websites and the conferences. But mostly HitB is a group of people bundled in a not-for-profit organisation.
Read more…
By Roelof Temmingh
Maltego is like a box of Lego’s, but then for open source information gathering. Open source information gather refers to gathering information that is publicly available on the Internet.
Maltego has release version 3.0 about two weeks ago , and I previously blogged about the preview at Black Hat EU. Paterva has added quite a few new features, the most interesting is NER, Named Entity Recognition. NER gets text and marks entities like person names / companies / phone numbers. NER can be used to get to a big brother scenario where SMS, radio signals and web pages are constantly monitored for named entities.
Roelof demoed NER by trying to find the winner of the Fifa World Cup. He searched for all websites containing the phrases: FIF, “win the world cup”. Het found the top 50 sites that contained the phrases and got the urls on these sites. NER was run against these urls.
Using Maltego Paterva come up with the prediction that Brazil will win the World Championship.
Read more…
By Mark Curphey
Mark starts of by giving a very funny overview of his very impressive career. He currently has a non-security security job at Microsoft running the MSDN subscription services department. Being away from security has given him room to think about information security more.
His talk is about 10 crazy ideas that might change the state of information security. These ideas all cost little money, but may have a big impact.
#1 – Adopt Chinese Medicine Business Model
In China the doctor gets paid to keep you healthy, not to cure you. There are currently actually two companies that are experimenting with this business model.
#2 – Stop Human Pattern Matching
Humans seen things they expect so see. The brain is wired to see what it is expecting to see. This is why optical illusions work, which was demonstrated to the audience with two illusions. Security people do his all the time. I have XSS, this is going to happen, this vulnerability will cause this worm.
#3 – Community Driven Statistical modelling
An example of this is http://freerisk.org. It allows people to input and consume financial modelling data. In the security world there is no data that will give us some predictable model of how security behaves. Wine quality can actually be captured in a formula: Wine Quality = 12.145 + 0.00117 * winter rainfall + 0.0614 average growing season – 0.00386 harverst rainfall. Where is the equivalent of security? Rubbish you say? Well, the formula for wine quality is actually used in the field now
Read more…
Into the sepia night, a Creative Commons Attribution Non-Commercial No-Derivative-Works (2.0) image from thelightningman's photostream
I recently became familiar with the concept of lightning talks and want to make you familiar as well. Basically a lightning talk is an opportunity for a presenter to present on his topic for a short time.
This short time frame (between 5 and 15 minutes) has some interesting effects. First of all it forces the presenter be brief and to the point otherwise his timeslot will be over before he knows is. Second of all it means that the audience is more willing to listen to a topic they would otherwise not be interested in. Don’t worry if you don’t like what you are hearing, there will be another subject in a couple of minutes. This is also reflected in the acceptance criteria for lightning talks. Sometimes it is enough just to edit a wiki page, sometime there is a small selection process based on a two paragraph talk outline.
Last but not least lightning talks are a great opportunity for people to present if they do not feel up to presenting a full talk or have not yet got enough material for a full talk.
Want to try it yourself?
At the moment both BruCon and Hack in the Box Amsterdam have lightning talk slots open. Both conferences will waive the entrance fees for those speakers participating in the lightning talks and they might even buy you a beer afterward.
I know I will be trying my luck at both conference and I hope to see you there.
