So, just a quick note. monstream00 has just released a buby script that takes nmap results and throws that into burp suite and then spiders those sites.

Check out his work over at his blog: http://monstream00.wordpress.com/2012/01/06/import-nmap-to-burp/

Good stuff and another example for anyone out there learning the ropes with buby.

Code, community buby, burp, nmap

It’s the holiday season once again and you’re trying to think of thoughtful gifts for your information security professional.  You need something that will give him/her a little bit of that hacker feeling, but not require too much time or effort.  Or, maybe just something to take the edge off fighting advanced persistent tigers.

Well, L1pht is here to help!

1. Traditions Black powder pistol kit – $179 to $260
    

   You’re infosec pro will have tremendous fun working with his hands as he puts together this pistol kit. If he keeps all of his fingers, the possibilities are endless.  Now that’s goin’ out in style!

2. Scotch – $75 to $250
   
   
3. A Year of Burp Suite Pro – $299
   If you’re information security professional doesn’t already have a copy of Burp Suite Pro, treat her to a year’s worth the web application hacking enjoyment. After all that scotch they’ll probably get belligerent and want to raise a ruckus. By going pro they’ll get no throttling, one of the best scanners on the planet and so much more. Show someone you love them with Burp!
4. Web Application Hackers Handbook 2nd Edition – $31.11
   
   A great stand alone gift or companion for #3, the Web Application Hackers Handbook is THE goto book for web application security testing.
   
5. Beer – $12 – $50
   Showing you care doesn’t have to break the bank. This will put a smile on that depressed little face. Pick up anything from Great Divide Brewing, Gulden Draak or St. Bernardus to help make someone’s holiday season a bit brighter and the pain a bit duller.

Feel free to drop other gift ideas.

Beer, community fluff, gifts, holidays

I’ve got my training, briefings, hotel all booked up and flight locked in.  It’s finally starting to get real. I can almost feel that 104º F desert heat pouring down on the sidewalk.

This is about the time of year that I start penciling in what talks I want to make.  I know what you’re thinking, “who goes to talks at these things?  Aren’t you supposed to be sleeping off a night of vendor fueled debauchery, prepping for another?”. To that good sirs I remind you that I am not a normal human being. I still attend talks.

So, I should be wheels down at McCarran around 11:30am on July 29th.

First, the party plan:

• Accuvant/Palo Alto – The Crystal Ball -8/3/2011
• Fishnet – Rhumbar [Mirage] – 8/3/2011 9pm to Midnight – I’ve got some friends and know some talented folks at Fishnet, I’ll probably be soaking up their tab most of the night.
• Mandiant – Shadow Bar [Caesars] – 8/3/2011 8pm to 10pm -  Shadow Bar is a chill location, good opportunity to chat with some of the Mandiant guys.
• RSA NetWitness Party – JET [Mirage] – 8/3/2011 – Going to check this out before heading to Fishnet
• Blue Coat Dinner – Ceasars
• EFF theSummit -Rio Pavilion 1 – 8/4/2011 8:30pm – The EFF is a great organization that deserves your support.  Check it out.
• BSidesLV Epic Party!

So far I’m pretty open other than that, let me know what’s going down and where if you want to hang out.

What’s that?  Your not on any of the RSVP lists?  Get on the lists here.

Now for the talks Day 1:

• 10am – 11am // Hacking .Net Applications: The Black Arts
• 1:45pm – 3pm // Server-Side JavaScript Injection: Attacking NoSQL and Node.js
• 3:15pm – 4:30pm // Reverse Engineering Browser Components – Dissecting and Hacking Silverlight, HTML 5 and Flex
• 4:45pm – 6:00pm // Post Memory Corruption Memory Analysis

Day 2:

• 10am – 11am // Don’t Drop the SOAP: Real World Web Service Testing for Web Hackers
• 11:15am – 12:30pm // SSL And The Future Of Authenticity
• 1:45pm – 3:00pm // Crypto for Pentesters (Maybe?)
• 3:15pm – 4:30pm // Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System (The only slot for which I wish I could be in 3 places at once)
• 4:45pm – 6:00pm // Sticking to the Facts: Scientific Study of Static Analysis Tools

Of course, this is likely to change once the BSidesLV schedule is posted.  With a great location like The Artisan (You might remember it from the 2009 Ninja Party) and a speaker list including HD Moore, Moxie, Egyp7, Val Smith and Mudge it’s hard not to bump something you can get on DVD.

I’m really looking forward to the training, I’ll writeup a review post afterward.  Look for it.

community, Travel blackhat, conference

That’s right, L1pht just touched down in the lovely Washington DC area!  I’ll be in town for the better part of a week so if any of you DC area hackers want to get together for a beer let me know via twitter or saintpatrick[at]l1pht.com.

community Conferences

Just a quick post of some of the talks I hope to make during Defcon 17.

Friday

• if (alive @ 10:00) {Welcome to Defcon 17 with Dark Tangent and the Making of & Hacking the DC17 Badge with Joe “Kingpin” Grand, The Dark Tangent} elsif (alive sometime after Welcome to Defcon 17 && time < 11:00) {Binary Obfuscation from the Top-Down: Obfuscating Executables Without Writing Assembly Sean Taylor “Frank2″}
• 13:00 // Maximum CTF: Getting the Most Out of Capture the Flag with Psifertex
• 14:30 // Advanced MySQL Exploitation with Muhaimin Dzulfakar
• 15:00 // Head over to catch the end of ‘Making Fun of Your Malware’ with Michael Ligh & Matthew Richard
• if ((beer + food) < comedy){ 16:00 Three Point Oh. with Johnny Long }

Saturday

• Metasploit Track All Day

Sunday

• 10:00 // Maybe up?  // Managed Code Rootkits – Hooking into Runtime Environments with Erez Metula
• 11:00 // Win at Reversing: Tracing and Sandboxing through Inline Hooking with Nick Harbour
• 14:00 // Slight of Mind: Magic and Social Engineering with Mike Murray and Tyler Reguly
• 15:00 // Confidence Game Theater with cough

community Conferences, Defcon