breadtan 's List: Video

his is a common place awareness threat I preach (crying in the wilderness sometimes) among corporate executives and warn is also consistently used by foreign government and corporate spies – I first saw this program air about a year ago, and yes, it is very true.

I worked with this early technology while still operating within the intelligence community – evolving from UHF transmissions, hard lines and switching stations then, to intercepting satellite and land based wireless:

Please watch this, it is scary and can threaten your personal life, family and your business should you become a target.

The first recommendation I make to anyone about to discuss sensitive information, remove the battery from your cell phone at every meeting, or leave the damn phone in the car – The protections you think you have doesn’t matter, anything, ANYTHING wireless, can be hacked and monitored, and quite easily.

A new version of the Browser Exploitation Framework (BeEF) has been released. This new release incorporates both my code from my Security B-Sides update of the ChicagoCon Talk "Cain Beef Hash: Snagging Hashes without Popping Boxes" as well as RSnake and Jabra's modules presented at Defcon. Enclosed in this update are some videos describing how to use the modules that I created which allow for realtime interaction with Metasploit. These modules directly communicate with Metasploit to setup the modules which will be used in further browser exploitation. These videos demonstrate how to use the Samurai WTF distribution's initial setup of BeEF, and to upgrade it to the latest version. Once you are upgraded to the latest version, there are 2 more videos, one to utilize the integration to do "point and click" browser autopwn from a browser hooked via XSS. The other example demonstrates how to leverage a domain's "Local Intranet" policy to capture NTLM/LM Challenge credentials with a static challenge, which can then be turned into usable credentials. The Metasploit code required for this to work is in the 3.3 dev trunk and was added in August after Defcon, so you may need to pull out of the dev trunk to have all of the pieces you need.

This video will show you how to shutdown your computer from anywhere using a texting capable cell phone, Microsoft Outlook and a free account from www.kwiry.com

windd

"Past couple of weeks I've uploaded:
- podcasts from the Center for Education Research in Information Assurance and Security (CERIAS)
- Blackhat 2010 Europe
- Metasploit Class
- Source Boston 2010 "

"People have been asking me to show some basic metasploit and how you use it. I recently did a security show for the Michigan ISSA folks where we showed everyone how to use it. So I figured I would re-hash that as well as build on it to give you a good feel for what you can do. So I created a video (see below) and in the video I show you how to own a box, as well as different commands you can use and how they work. We will use the aurora exploit, with (and without) the meterpreter, keylogging, victim enumeration, timestomp (to mess with a forensic timeline), backdoors, and more!"