Houston's Blog
Monday, January 19, 2015
Sony Thrashed, Insider Threats, North Korea Oh MY!
Monday, August 11, 2014
Digital Attack Map love.
Thursday, September 5, 2013
Friday, May 24, 2013
Notes on fierce.pl DNS Enumeration script when using KALI LINUX
If you are running KALI LINUX: you will be missing the default wordlist aka hosts.txt
you can pull down the host list from http://ha.ckers.org/fierce/hosts.txt and if you are lazy just put it in /user/bin/hosts.txt
go to URL http://ha.ckers.org/fierce/hosts.txt
CTRL-A then CTRL-C to copy all
From terminal
ie. vi /usr/bin/hosts.txt
click i
Right click
ESC wq enter
Now... if you want to traverse the subnet more that the default 5 ip addresses up or down, you will need to make a simple correction to the code.
vi /usr/bin/fierce
/verse <
enter
arrow over until you are on top of < then click the letter r and then >
Esc:wq
enter
now -traverse should work correctly.
-H
Sunday, April 21, 2013
security links / podcasts / meetups for dfw infosec newcomers
***minor updates 9/11/2017
Twitter:
Training/Videos:
securitytube.net/ (long standing list of excellent training video)
https://www.cybrary.it/ Cybrary, courses and whitepapers on Secuirty
Meetups / Chapter meetings (DFW area):
UTDallas Computer Security Group: Excellent documents and technical presentations:
https://csg.utdallas.edu/
**runs the gamut of high to low tech.. don’t get discouraged, but don’t start with “reverse Engineering”… look at Network Security / Penetration Testing / Pivoting ·
North Texas Cyber Security Group (NTCSG) @
https://www.meetup.com/NTXCSG/
Security bSides DFW
http://www.securitybsides.com/w/page/118353951/DFW_2017
DC214 (Defcon local chapter)
http://dc214.org/
Dallas Hackers Associations (DHA) @Dallas_Hackers
http://www.meetup.com/Dallas-Hackers-Association/
Plano Maker/Hacker Space @theroxyd
http://www.thelab.ms/
https://chapters.cloudsecurityalliance.org/dfwtexas/2011/05/31/welcome-to-the-cloud-security-alliance-north-texas-chapter-dfw/
https://www.devopsdays.org/events/2017-dallas/
https://www.owasp.org/index.php/Dallas
http://wtftacos.com/?p=6
tx2600.info
www.dallasmakerspace.org
Podcasts:
http://risky.biz/netcasts/risky-business
https://itunes.apple.com/us/podcast/info-risk-today-podcast/id504643144
Southern Fried Security:
http://www.southernfriedsecurity.com/
http://www.social-engineer.org/podcast/
http://securityweekly.com/podcasts
http://www.cigital.com/silver-bullet/
Security Advisor Alliance
http://securityadvisoralliance.com/podcast/
http://netsecpodcast.com/
http://www.exoticliability.libsyn.com/webpage/category/podcasts
GrumpySec Podcast:
http://www.grumpysec.com/
Down the Security RabbitHole:
http://podcast.wh1t3rabbit.net/
DevOps Cafe:
http://devopscafe.org/
Security / DevOps Mailing lists:
http://list.unspecific.com/mailman/listinfo/dc214
tx2600 (DFW Locals)
214_subscribe [at NO spam] tx2600.info with the subject of 'subscribe'.
DevOps Weekly:
http://www.devopsweekly.com/
Daily Dave:
http://seclists.org/dailydave/
Security Metrics:
http://www.securitymetrics.org/mailing-list.html
SIRA (Society for Information Risk Analysts)
http://lists.societyinforisk.org/mailman/listinfo/sira
Bugtraq:
http://www.securityfocus.com/
http://seclists.org/fulldisclosure/
http://tools.cisco.com/security/center/home.x
OSS:
http://www.openwall.com/lists/oss-security/
Blogs:
Fun tools:
https://censys.io/
https://www.shodan.io/
https://riddler.io/
https://www.threatcrowd.org/
https://community.riskiq.com
https://www.threatminer.org/
https://www.shodan.io/
https://riddler.io/
https://www.threatcrowd.org/
https://community.riskiq.com
https://www.threatminer.org/
challenges: (WIP)
If you want your site added here or know one I am missing hit me up at @hhopk on ze tweetz
Sunday, March 10, 2013
Who really profits from vulnerable Java?
What another Java update? They are almost as frequent as blogs complaining about Java updates.
However, few seem to consider the real value of theses vulnerabilities and their subsequent patches. Value to? consumers? fuzzers? Security?
People seem to be looking right past the profit model for java exploits to Oracle. I hear often in the infosec community "it would suck to Oracle" or "why dont they clean up their filthu bug ridden code.?"
To put it simply , they profit from every patch release. They load up the not so savvy consumers with bloatware, adware, and just plain crap with each Java update. I am still trying to find the exact relationship between Ask and Oracle. And what the per install payout is.
going Pro Se to Dissolve a Writ Of Garnishment concluded
ill save you the essay.
Feb 15th was my court date, and I won. The judge only needed to hear that 100% of funds in the account were mine and mine only.
case law supports that my parent did have bare legal title to the funds, but the true owner is the signor who maintains equitable ownership. The attorney from Regent & Associates had nothing to say.
thanks to my wife, Google Scholar, and my father inlaw for their moral support.