SecuraBit

Before It Bytes!

BsidesROC(ked)!

I had the pleasure of attending BsidesROC this past Saturday in Rochester, NY while visiting family.  The only previous experience I’d had with Bsides was in Las Vegas last summer, and I must say out of the many small conferences I have been to over the last couple of years, these guys did a very impressive job!  The conference consisted of two tracks with a total of 15 talks.

Here’s a rundown of the events:

  • The Rochester chapter of TOOOL was kept very busy with a constant flow of lock pickers, both new and veteran, and managed to sell out of the kits they had available.
  • Interlock, the local hackerspace was also there and had a number of great projects to show off.  I always love seeing hackerspaces at conferences!
  • Hacker Battleship, a unique play on the CTF which was really fun for the 24 who participated.  Someone SQL injected the scoreboard too 😉

There were just over 200 attendees and everything flowed very smoothly.  The event had the feeling of something that just happened there every weekend, and there were flying SHARKS! Albeit without laser beams for the safety of all present of course. 😉

Some other misc stats:

  • The 3D badges took approximately 50 hours to print and were awesome!
  • 3129 DHCP leases were handed out throughout the day.
  • 6 flying sharks and fish, including one flying red angry bird.

Looking forward to next year!

Wireshark Export HTTP objects

In the first episode of SecuraTip, I showed viewers how to extract files from pcaps using a very manual method, and using an automated method with NetworkMiner. The purpose of this was to show the drastic difference between the two methods.

As Doug Burks and CIDSecurity mentioned on Twitter and YouTube there is an easier method for pulling out files from pcaps using Wireshark verse the manual process I showed. Though there is a major limitation that I will speak more of at the end.

CID

DB

Wireshark HTTP object export options

1. Open the pcap with Wireshark.

2. Choose File –> Export Objects –> HTTP

export

*While I chose HTTP for this, you may need to choose a different option like SMB to correspond with the type of traffic you are dealing with.

3. You will now be presented a list of files that you can save out directly from the HTTP sessions.

files

4. Simply press Save As and you know have the file.

Now as you can tell if you have watched the SecuraTip episode, there are some limitations here. For instance we do not see the files 1.txt and 2.txt that we saw when looking at the PCAP with NetworkMiner. The reason for this is that WireShark is just pulling files from HTTP Sessions. 1.txt and 2.txt were in the same pcap but were transferred via FTP instead of HTTP. As far as I know there is not automated way to pull FTP files transferred directly in Wireshark. Please correct me if I am wrong there. NetworkMiner doesn’t care what protocol or service was used, if the file was transferred in the clear, then it will try to extract it.

As we all know, there are many ways to attack any problem in IT. Do you have a different technique other than what is described here or in the video? Let us know.

SecuraTip Episode 1: NetworkMiner


In the first episode of SecuraTip we learn how to extract files from a pcap using NetworkMiner.

Additionally this episode also shows some of the other features of NetworkMiner, and the manual process of carving files from a pcap using Wireshark.

We’ve included both YouTube and MP4 formats.

Thanks to @TekDefense

SecuraBit Episode 117: The Internet is on Fire!

SecuraBit Episode 117: The Internet is on Fire!

March 27th, 2013

Hosts

Guests

Topics

  • Hack.RVA events, news, and RVAsec badges!

  • CTF is being put together for offline.  Register at http://securabit.com/ctf/

  • Security Awareness training

    • Who should provide more than just basic training?

    • Security Vendors

    • Security focused organizations?

News Items

Upcoming events

Links

 

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405

iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

SecuraBit Episode 116: SWAT, BacNET, and Privacy!

Hosts


Guests


Topics

  • NetIQ
  • Internet History
  • Privacy and Social Media
  • Egypt’s revolution
  • Data management and risk in the cloud
  • Building Automation
  • BacNET protocol dissection
  • Shmoocon, RSA, and upcoming cons!
  • The PenLab is back up!
  • CTF Pre-registration for RVAsec 2013 will be coming soon!


News Items

Upcoming events


Links


Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

 

SecuraBit Episode 115: Aaaand we’re back!

Hosts


Topics


Upcoming events

Links


Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

SecuraByte Episode 07: RVASec CFP and CTF!

After nearly 4 years dormant, we’re bringing back the SecuraByte!  These are designed to cover things that can’t wait for our normal podcast cycle.  In our 7th iteration, we interview Jake Kouns regarding the RVAsec security conference he is organizing in Richmond, VA which will be hosted again at VCU!

Host:

Guest:

What you need to know:

  • RVASec Call for Papers ends February 4th @ 11:59PM.  Get your submissions in now!
  • We expand on some more details regarding the Capture the Flag event that will be at the conference.
  • Forensics training announced today!  Only 12 seats so register now!
  • 2 day conference this year.  Parking and nourishment are included.

Links:

SecuraBit Episode 114: Quick and Dirty!

Hosts


Topics

  • News
  • The Lab


News Items (no particular favoritism of non source links)


The Lab

  • CTF at RVASec
  • Lab upgrades and changes.


Upcoming events

Links


Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

SecuraBit Episode 113: Medical Madness!

Hosts


Guests

  • Christopher Burgess – @burgessct – http://www.burgessct.com/

Topics

  • The state of security in Medical.
  • Social movements.
  • Lab Stuff


News Items


Upcoming events

Links


Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

 

SecuraBit Episode 112: Protect All the Secrets!

 

Hosts

Guests

Topics

 

 

News Items

 

Upcoming events

 

Links

 

 

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast –http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available –http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8