RE: HackFest Series: Need IDS Forensic Team Members
cryptworks are you coming to the next Fest at UAT? Once you get setup let me know, okay? Thanks for the offer to help. www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis | hackfest.obnosis.com (503)754-4452 January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security Forensics @ UAT 1/10/09 12-3PM Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue [XP/Vista Pill] & stay happily ignorant. From: lisakach...@obnosis.com To: plug-discuss@lists.plug.phoenix.az.us Subject: RE: HackFest Series: Need IDS Forensic Team Members Date: Tue, 23 Dec 2008 21:06:49 + Actually, we mostly need people willing to man the DEFENSE (and forensics) side of the HackFest. We have more than a few who a unstoppable with exploit tech, so we need the important part which consists of: 1) honeypots 2) keyloggers 3) IDS [snort tiger and tripwire] to give us a full report on what was done. So the full game is: A) They get us. B) We report what they got. C) Everyone discusses how we might have defended against the attack. Having machines available to host the fest, would include breaking them in select ways, to allow such things as: 1) SSH exploits, telnet access 2) NFS 3) adjacent router encroachment 4) web systems including insecure DocumentRoot, Directories, CGIs, and Mysql without a root password. I can build a system in 2 hours to do all this (say a gentoo build right out of the box) but it would be fun for everyone to have more complete forensics about the exploits, and pit themselves against various distros and builders? www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis | hackfest.obnosis.com (503)754-4452 January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security Forensics @ UAT 1/10/09 12-3PM Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue [XP/Vista Pill] & stay happily ignorant. > Date: Mon, 22 Dec 2008 21:39:58 -0700 > From: cryptwo...@gmail.com > To: plug-discuss@lists.plug.phoenix.az.us > Subject: Re: HackFest Series: Need IDS Forensic Team Members > > I have been wanting to biild up a machine, come jan I might have the > funds to get the last parts. Once up I might be willing to let > hackfest have a go before I run it live > > On 12/22/08, Ryan Rix wrote: > > On Monday 22 December 2008 4:20:01 pm Lisa Kachold wrote: > >> We need more people willing to build and man honeypots, IDS and complete > >> forensics post fest! The challenge is to find all the attack vectors and > >> prove encroachment via logs ad loggers for presentation and educational > >> contunium after each flag. > >> > >> Please email me if interested. > > > > I am currently configuring a server under fedora 10... I can create a Xen VM > > for a honeypot, so long as my main server is left untouched by intruders, > > when > > time allows. There is nothing sensitive on the main server, and probably > > will > > not be -- just hosting a wordpress blog and a few other toys -- but I would > > just rather have it that way and not have to worry about cleaning kernel > > rootkits out and such ;) ), I am on winter break right now and will have > > ample > > time to do such things (maybe take part in a few hackfest series' as well) > > > > If this ends up happening would someone be willing to help me set up the > > honeypot? (I should be able to set up the Xen environment myself with > > tutorials, etc) > > > > Thanks and best, > > Ryan Rix > > --- > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > -- > Sent from my mobile device > > A mouse trap, placed on top of your alarm clock, will prevent you from > rolling over and going back to sleep after you hit the snooze button. > > Stephen > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss It’s the same Hotmail®. If by “same” you mean up to 70% faster. Get your account now. _ It’s the same Hotmail®. If by “same” you mean up to 70% faster. http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_broad1_122008--- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
RE: HackFest Series: Need IDS Forensic Team Members
Actually, we mostly need people willing to man the DEFENSE (and forensics) side of the HackFest. We have more than a few who a unstoppable with exploit tech, so we need the important part which consists of: 1) honeypots 2) keyloggers 3) IDS [snort tiger and tripwire] to give us a full report on what was done. So the full game is: A) They get us. B) We report what they got. C) Everyone discusses how we might have defended against the attack. Having machines available to host the fest, would include breaking them in select ways, to allow such things as: 1) SSH exploits, telnet access 2) NFS 3) adjacent router encroachment 4) web systems including insecure DocumentRoot, Directories, CGIs, and Mysql without a root password. I can build a system in 2 hours to do all this (say a gentoo build right out of the box) but it would be fun for everyone to have more complete forensics about the exploits, and pit themselves against various distros and builders? www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis | hackfest.obnosis.com (503)754-4452 January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security Forensics @ UAT 1/10/09 12-3PM Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue [XP/Vista Pill] & stay happily ignorant. > Date: Mon, 22 Dec 2008 21:39:58 -0700 > From: cryptwo...@gmail.com > To: plug-discuss@lists.plug.phoenix.az.us > Subject: Re: HackFest Series: Need IDS Forensic Team Members > > I have been wanting to biild up a machine, come jan I might have the > funds to get the last parts. Once up I might be willing to let > hackfest have a go before I run it live > > On 12/22/08, Ryan Rix wrote: > > On Monday 22 December 2008 4:20:01 pm Lisa Kachold wrote: > >> We need more people willing to build and man honeypots, IDS and complete > >> forensics post fest! The challenge is to find all the attack vectors and > >> prove encroachment via logs ad loggers for presentation and educational > >> contunium after each flag. > >> > >> Please email me if interested. > > > > I am currently configuring a server under fedora 10... I can create a Xen VM > > for a honeypot, so long as my main server is left untouched by intruders, > > when > > time allows. There is nothing sensitive on the main server, and probably > > will > > not be -- just hosting a wordpress blog and a few other toys -- but I would > > just rather have it that way and not have to worry about cleaning kernel > > rootkits out and such ;) ), I am on winter break right now and will have > > ample > > time to do such things (maybe take part in a few hackfest series' as well) > > > > If this ends up happening would someone be willing to help me set up the > > honeypot? (I should be able to set up the Xen environment myself with > > tutorials, etc) > > > > Thanks and best, > > Ryan Rix > > --- > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > -- > Sent from my mobile device > > A mouse trap, placed on top of your alarm clock, will prevent you from > rolling over and going back to sleep after you hit the snooze button. > > Stephen > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss _ It’s the same Hotmail®. If by “same” you mean up to 70% faster. http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_broad1_122008--- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: HackFest Series: Need IDS Forensic Team Members
I would be happy to house a honeypot On Mon, 2008-12-22 at 23:20 +, Lisa Kachold wrote: > We need more people willing to build and man honeypots, IDS and complete > forensics post fest! The challenge is to find all the attack vectors and > prove encroachment via logs ad loggers for presentation and educational > contunium after each flag. > > Please email me if interested. > Obnosis.com BlackBerry Message > > -Original Message- > From: Jamie Shackles > > Date: Sun, 21 Dec 2008 20:06:50 > To: > Subject: Wifi help with Sabayon? > > > I just put Sabayon on my laptop. I have Broadcom for wirless with an intell > pro wireless card. Any ideas on how to get my wireless to work? > > I'm really new to this, so any help would be great. > > ~ Jamie > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: HackFest Series: Need IDS Forensic Team Members
I have been wanting to biild up a machine, come jan I might have the funds to get the last parts. Once up I might be willing to let hackfest have a go before I run it live On 12/22/08, Ryan Rix wrote: > On Monday 22 December 2008 4:20:01 pm Lisa Kachold wrote: >> We need more people willing to build and man honeypots, IDS and complete >> forensics post fest! The challenge is to find all the attack vectors and >> prove encroachment via logs ad loggers for presentation and educational >> contunium after each flag. >> >> Please email me if interested. > > I am currently configuring a server under fedora 10... I can create a Xen VM > for a honeypot, so long as my main server is left untouched by intruders, > when > time allows. There is nothing sensitive on the main server, and probably > will > not be -- just hosting a wordpress blog and a few other toys -- but I would > just rather have it that way and not have to worry about cleaning kernel > rootkits out and such ;) ), I am on winter break right now and will have > ample > time to do such things (maybe take part in a few hackfest series' as well) > > If this ends up happening would someone be willing to help me set up the > honeypot? (I should be able to set up the Xen environment myself with > tutorials, etc) > > Thanks and best, > Ryan Rix > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- Sent from my mobile device A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: HackFest Series: Need IDS Forensic Team Members
On Monday 22 December 2008 4:20:01 pm Lisa Kachold wrote: > We need more people willing to build and man honeypots, IDS and complete > forensics post fest! The challenge is to find all the attack vectors and > prove encroachment via logs ad loggers for presentation and educational > contunium after each flag. > > Please email me if interested. I am currently configuring a server under fedora 10... I can create a Xen VM for a honeypot, so long as my main server is left untouched by intruders, when time allows. There is nothing sensitive on the main server, and probably will not be -- just hosting a wordpress blog and a few other toys -- but I would just rather have it that way and not have to worry about cleaning kernel rootkits out and such ;) ), I am on winter break right now and will have ample time to do such things (maybe take part in a few hackfest series' as well) If this ends up happening would someone be willing to help me set up the honeypot? (I should be able to set up the Xen environment myself with tutorials, etc) Thanks and best, Ryan Rix --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
HackFest Series: Need IDS Forensic Team Members
We need more people willing to build and man honeypots, IDS and complete forensics post fest! The challenge is to find all the attack vectors and prove encroachment via logs ad loggers for presentation and educational contunium after each flag. Please email me if interested. Obnosis.com BlackBerry Message -Original Message- From: Jamie Shackles Date: Sun, 21 Dec 2008 20:06:50 To: Subject: Wifi help with Sabayon? I just put Sabayon on my laptop. I have Broadcom for wirless with an intell pro wireless card. Any ideas on how to get my wireless to work? I'm really new to this, so any help would be great. ~ Jamie --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
