A couple people have asked to see again the photos I used in my presentation last week at BayThreat. It was called “Sharpening the Axe” because I discussed how to be as efficient as possible when pentesting cloud and virtual environments. I thought I should perhaps just post the photos here for convenience. Here are the first two, showing efficiency in modern sailing with an the International A-Class Catamaran. Both are a custom Bimare XJ built by Ben Hall.
Downwind, North American Championships in Islamorada, Florida
Visually stunning footage from Tactical Support, Strike Fighter Squadron 204 (VFA-204 “River Rattlers”), in the F/A-18A+ (including adversary training markings) at Naval Air Station Whidbey Island (NASWI)
Both Sanders and Stewart are former employees of the city Public Health Department. Each took hundreds of bribes of $100 to $200 apiece from restaurant managers and owners in 2007 and 2008 in exchange for allowing them to pass their food safety manager exams, District Attorney George Gascón said.
[…]
Gascón said the managers and owners who allegedly bribed Stewart and Sanders would not be prosecuted because many of them thought the payments were legitimate fees. For many of the managers and owners, English was their second language, the district attorney said.
“We believe that the greater culpability goes to the public employees,” Gascón said.
That policy, of course, encourages the managers and owners to turn in corrupt inspectors.
Metasploit contributor pello brings us a new auxiliary module, dns_fuzzer.rb. As part of testing, I threw this module against three different DNS resolvers to just watch the traffic, and promptly crashed one of targets. Clearly, grown-up DNS servers shouldn’t fall over in the face of malformed traffic delivered at regular Internet speeds, so if you’re feeling like hunting for remote 0-day for fame and fortune, you could do worse than starting with this module.
Whatevz. Fame and fortune from testing quality with a fuzzer is so 2000-and-late. Let’s see some destroy_foreign_cyberarmy.rb module action.
The other is to create and submit resource scripts
There’s exactly one rc script in there right now (thanks Mubix!), but if you have a resource script that you’d like to share, please feel free to submit it via a pull request to our GitHub repository — especially if your favorite resource script does something novel and interesting with modules, targets, or something we haven’t thought of yet.
a blog about the poetry of information security, since 1995
