August 27th, 2009 by bl4ckc4t

First Look Training Series are Live Training sessions that provide an exposure to the training subjects available through EC-Council. I had the opportunity to attend the recently scheduled sessions sponsored by EC-Council and enjoyed the refresher course for myself, but definitely a good taste of whats to come for others. Each session was delivered with an actual class module to fill a 2 hour presentation by the lead trainers.

The first session was the renowned Certified Ethical Hacker (C|EH) program instructed by Tim Pierson. He demonstrated live Arp Poisoning, Fake Certificate Injection and showed how Alternate Data Streams are being deployed by Hackers.

As a Certified Ethical Hacker I am quite familiar with these subjects, but as always it’s a good practice to keep current with other approaches. For individuals interested in the C|EH program, the delivery of this session demonstrated what type of information would be gained if you were to attend the full 5 day course.

The second session was the EC-Council Certified Security Analyst (E|CSA) instructed by Eric Reed. He demonstrated a Live Assessment and attack against Wireless Security (WEP Cracking, FMS and Korek attacks). The demonstration consisted of the use of a variety of penetration tools, for example Kismet, AirCrack-ng just to name a few.

Both instructors presented these subjects live online very well for a 2 hour session, which was easy to comprehend and keeping you wanting to know more. You could only imagine the classroom experience with the real-time interaction and hands-on labs would be.

This approach by EC-Council to demonstrate a taste of how and what is to be expected with the course they offer is an excellent idea. They are offering these First Look sessions complimentary and are available upon registration.

To learn more about EC-Council | First Look Training Series, visit the link at EC-Council | First Look Training Series

August 17th, 2009 by bl4ckc4t

From the Internet to the iPod, technologies are transforming our society and empowering us as speakers, citizens, creators, and consumers. When our freedoms in the networked world come under attack, the Electronic Frontier Foundation (EFF) is the first line of defense.

EFF is a donor-funded nonprofit group of passionate people – lawyers, technologists, volunteers, and visionaries – who depend on your support to continue successfully defending your digital rights.

BlackHat is where I approached the booth and finally had the opportunity to join the fight and support the continued effort EFF is making in our digital world.

To learn more about EFF visit the link at www.eff.org

August 10th, 2009 by bl4ckc4t

The post released by Kelly Jackson Higgins of DarkReading.com highlighted the event of the disruption to services on social networks (Twitter & Facebook), due to DDOS attacks. It always seems to amaze me of the mindset of attackers that target individuals in an attempt to silence them. Did they not put any thought into the attack before executing? Knowing a DDOS attack would only temporarily cripple a service and to target the attack in such a manner would be logged at the end point and raise exposure. You’d think if the intention was not to expose the message the individual has to say, you’d find a more discrete attack and do a bit more research to stay low key.

As a comment made on the post at DarkReading.com “using a A-bomb to kill a fly. And getting the fly all the attention he could ever want.“, my point exactly. From an isolated message to small community to a now world wide public message. Good Job, NOT!

The full article at DDoS Attacks On Twitter, Facebook Result Of Massive Attack On One Person

August 5th, 2009 by bl4ckc4t

As a native San Franciscan, I walk the streets passing these Parking Meters everyday and thought to myself that its only a matter of time when these electronic meters will get reversed engineered. The day had come when Joe Grand (aka Kingpin) and team got together one day to take on that challenge.

Joe presented their venture on the reconnaissance and research of the history, design and schematics for the devices. It’s always amazing on how much information can be found online and through social engineering. With the information gathered and the skill sets applied, they were able to attack and manipulate the security on the Smart Card that tracked the transactions allowing the meter to register the total time allotted based on the available funds. The manipulation of the Smart Cards varied from unlimited monies to non-deducting funds. The presentation was informative and intriguing in perspective to the capabilities that can be done with the right skill sets and motivation.

August 4th, 2009 by bl4ckc4t

The days of the Adobe vulnerability is still a sega of 0-day. Matt Richards presented the break down of the vulnerability and events leading up to a partial disclosure from Adobe on February 19. He discussed the analysis of the samples from the 0-day attacks and its possible correlations from attackers discussed in the recent paper “Tracking GhostNet: Investigating a Cyber Espionage Network”.

I sat and walked away from this presentation with a question of “What If?” in the back of my mind. The thought of some of these 0-day vulnerabilities and attacks may be linked with international Cyber Esionage Networks and how un-prepared we really are in the US, if ever we were to enter the world of Cyber Warfare. This is just one of the discussions at Defcon that raised awareness of activities that are occurring in our world of Cyberspace.

Here is a link to a report that documents the GhostNet – a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.

Tracking GhostNet: Investigating a Cyber Espionage Network