Thursday, September 5, 2013
Friday, May 24, 2013
Notes on fierce.pl DNS Enumeration script when using KALI LINUX
Notes on fierce.pl DNS enumeration tool written by RSNAKE
If you are running KALI LINUX: you will be missing the default wordlist aka hosts.txt
you can pull down the host list from http://ha.ckers.org/fierce/hosts.txt and if you are lazy just put it in /user/bin/hosts.txt
go to URL http://ha.ckers.org/fierce/hosts.txt
CTRL-A then CTRL-C to copy all
From terminal
ie. vi /usr/bin/hosts.txt
click i
Right click
ESC wq enter
Now... if you want to traverse the subnet more that the default 5 ip addresses up or down, you will need to make a simple correction to the code.
vi /usr/bin/fierce
/verse <
enter
arrow over until you are on top of < then click the letter r and then >
Esc:wq
enter
now -traverse should work correctly.
-H
If you are running KALI LINUX: you will be missing the default wordlist aka hosts.txt
you can pull down the host list from http://ha.ckers.org/fierce/hosts.txt and if you are lazy just put it in /user/bin/hosts.txt
go to URL http://ha.ckers.org/fierce/hosts.txt
CTRL-A then CTRL-C to copy all
From terminal
ie. vi /usr/bin/hosts.txt
click i
Right click
ESC wq enter
Now... if you want to traverse the subnet more that the default 5 ip addresses up or down, you will need to make a simple correction to the code.
vi /usr/bin/fierce
/verse <
enter
arrow over until you are on top of < then click the letter r and then >
Esc:wq
enter
now -traverse should work correctly.
-H
Sunday, April 21, 2013
security links / podcasts / meetups for dfw infosec newcomers
***minor updates 9/11/2017
Twitter:
If you don't use twitter, wipe away your hipster-anti-hipster and sign up! . If you are wondering where to start find me @hhopk, look at the people I am following, and follow some or all of them.
Training/Videos:
Irongeek's Hacking Illustrated (Adrian Crenshaw's library of Conference presentations)
securitytube.net/ (long standing list of excellent training video)
https://www.cybrary.it/ Cybrary, courses and whitepapers on Secuirty
securitytube.net/ (long standing list of excellent training video)
https://www.cybrary.it/ Cybrary, courses and whitepapers on Secuirty
Meetups / Chapter meetings (DFW area):
UTDallas Computer Security Group: Excellent documents and technical presentations:
https://csg.utdallas.edu/
**runs the gamut of high to low tech.. don’t get discouraged, but don’t start with “reverse Engineering”… look at Network Security / Penetration Testing / Pivoting ·
North Texas Cyber Security Group (NTCSG) @
https://www.meetup.com/NTXCSG/
Security bSides DFW
http://www.securitybsides.com/w/page/118353951/DFW_2017
DC214 (Defcon local chapter)
http://dc214.org/
Dallas Hackers Associations (DHA) @Dallas_Hackers
http://www.meetup.com/Dallas-Hackers-Association/
Plano Maker/Hacker Space @theroxyd
http://www.thelab.ms/
Cloud Security Alliance:
https://chapters.cloudsecurityalliance.org/dfwtexas/2011/05/31/welcome-to-the-cloud-security-alliance-north-texas-chapter-dfw/
https://chapters.cloudsecurityalliance.org/dfwtexas/2011/05/31/welcome-to-the-cloud-security-alliance-north-texas-chapter-dfw/
DevOpsDays DFW 2017
https://www.devopsdays.org/events/2017-dallas/
https://www.devopsdays.org/events/2017-dallas/
OWASP Dallas meet-ups
https://www.owasp.org/index.php/Dallas
https://www.owasp.org/index.php/Dallas
Cryptoparty
http://wtftacos.com/?p=6
http://wtftacos.com/?p=6
2600
tx2600.info
tx2600.info
Dallas Makerspace
www.dallasmakerspace.org
www.dallasmakerspace.org
Podcasts:
Risky Business Podcast:
http://risky.biz/netcasts/risky-business
http://risky.biz/netcasts/risky-business
Info Risk Today Podcast (nice, short)
https://itunes.apple.com/us/podcast/info-risk-today-podcast/id504643144
Southern Fried Security:
http://www.southernfriedsecurity.com/
https://itunes.apple.com/us/podcast/info-risk-today-podcast/id504643144
Southern Fried Security:
http://www.southernfriedsecurity.com/
Social-Engineer:
http://www.social-engineer.org/podcast/
http://www.social-engineer.org/podcast/
Security Weekly (formerly Pauldotcom)
http://securityweekly.com/podcasts
http://securityweekly.com/podcasts
Silver Bullet Podcast:
http://www.cigital.com/silver-bullet/
Security Advisor Alliance
http://securityadvisoralliance.com/podcast/
http://www.cigital.com/silver-bullet/
Security Advisor Alliance
http://securityadvisoralliance.com/podcast/
Network Security:
http://netsecpodcast.com/
http://netsecpodcast.com/
Exotic Liability: (basically off the air)
http://www.exoticliability.libsyn.com/webpage/category/podcasts
GrumpySec Podcast:
http://www.grumpysec.com/
Down the Security RabbitHole:
http://podcast.wh1t3rabbit.net/
DevOps Cafe:
http://devopscafe.org/
http://www.exoticliability.libsyn.com/webpage/category/podcasts
GrumpySec Podcast:
http://www.grumpysec.com/
Down the Security RabbitHole:
http://podcast.wh1t3rabbit.net/
DevOps Cafe:
http://devopscafe.org/
Security / DevOps Mailing lists:
DC214 (DFW Locals):
http://list.unspecific.com/mailman/listinfo/dc214
tx2600 (DFW Locals)
214_subscribe [at NO spam] tx2600.info with the subject of 'subscribe'.
DevOps Weekly:
http://www.devopsweekly.com/
Daily Dave:
http://seclists.org/dailydave/
Security Metrics:
http://www.securitymetrics.org/mailing-list.html
SIRA (Society for Information Risk Analysts)
http://lists.societyinforisk.org/mailman/listinfo/sira
Bugtraq:
http://www.securityfocus.com/
http://list.unspecific.com/mailman/listinfo/dc214
tx2600 (DFW Locals)
214_subscribe [at NO spam] tx2600.info with the subject of 'subscribe'.
DevOps Weekly:
http://www.devopsweekly.com/
Daily Dave:
http://seclists.org/dailydave/
Security Metrics:
http://www.securitymetrics.org/mailing-list.html
SIRA (Society for Information Risk Analysts)
http://lists.societyinforisk.org/mailman/listinfo/sira
Bugtraq:
http://www.securityfocus.com/
Full Disclosure:
http://seclists.org/fulldisclosure/
http://seclists.org/fulldisclosure/
Cisco:
http://tools.cisco.com/security/center/home.x
OSS:
http://www.openwall.com/lists/oss-security/
If you want your site added here or know one I am missing hit me up at @hhopk on ze tweetz
http://tools.cisco.com/security/center/home.x
OSS:
http://www.openwall.com/lists/oss-security/
Blogs:
Fun tools:
https://censys.io/
https://www.shodan.io/
https://riddler.io/
https://www.threatcrowd.org/
https://community.riskiq.com
https://www.threatminer.org/
https://www.shodan.io/
https://riddler.io/
https://www.threatcrowd.org/
https://community.riskiq.com
https://www.threatminer.org/
challenges: (WIP)
infoseclabs • infoseclabs.net
If you want your site added here or know one I am missing hit me up at @hhopk on ze tweetz
Sunday, March 10, 2013
Who really profits from vulnerable Java?
What another Java update? They are almost as frequent as blogs complaining about Java updates.
However, few seem to consider the real value of theses vulnerabilities and their subsequent patches. Value to? consumers? fuzzers? Security?
People seem to be looking right past the profit model for java exploits to Oracle. I hear often in the infosec community "it would suck to Oracle" or "why dont they clean up their filthu bug ridden code.?"
To put it simply , they profit from every patch release. They load up the not so savvy consumers with bloatware, adware, and just plain crap with each Java update. I am still trying to find the exact relationship between Ask and Oracle. And what the per install payout is.
going Pro Se to Dissolve a Writ Of Garnishment concluded
ill save you the essay.
Feb 15th was my court date, and I won. The judge only needed to hear that 100% of funds in the account were mine and mine only.
case law supports that my parent did have bare legal title to the funds, but the true owner is the signor who maintains equitable ownership. The attorney from Regent & Associates had nothing to say.
thanks to my wife, Google Scholar, and my father inlaw for their moral support.
Subscribe to:
Posts (Atom)