SecuraBit

Before It Bytes!

SecuraBit Episode 55: 10000 Tubes of KY and a Case of Dog Biscuits!

Sponsored by Sunbelt Software! Creators of the Sunbelt CWSandbox, for all your malware analysis needs! Visit their website for more details!

Hosts:
Anthony Gartner @anthonygartner http://anthonygartner.com
Christopher Mills @thechrisam
Chris Gerling @chrisgerling
Andrew Borel @andrew_secbit

Missing Hosts:
Jason Mueller – @securabit_jay

Guests:
Joshua Wright – @joswr1ght http://www.willhackforsushi.com/

– Josh talks about the MiFi hack
– Bluetooth Hacking
– Barcode scanner hacking including the Bluetooth scanner hacks
– SANS SEC617 SEC617 Course
– 617BIT Discount Code for $500 off the vLive! Course
– Upcoming courses taught by Josh Wright http://www.sans.org/security-training/instructors_upcoming.php?id=97
– Pentest summit – Baltimore, MD – Josh will be speaking there.  His talk will be about essential crypto for pentesters.  http://www.sans.org/pen-testing-summit-2010/

General topics:
Mcafee Released a failed (fubar) virus definition Discussion thread
Gmail authentication code stolen
Someone we know was owned

Links:
http://www.willhackforsushi.com/
SEC617 Course
http://www.sans.org/security-training/instructors_upcoming.php?id=97
Bruce Schneier’s book list
Dark Reading – Taking Penetration Testing In-House

Chat with us on IRC at irc.freenode.net #securabit

SecuraBit Episode 40: Paul WHO????

SecuraBit Episode 40 – Paul “Pauldotcom” Asadoorian
Renaud script to go from Nmap to Nessus
Interview with Paul Asadoorian (PaulDotCom/Tenable/Nessus)
Intro Questions:
  • Who are you, and what are you doing on THIS podcast?
  • Tell us about the PaulDotCom podcast (I’ve talked to SecuraBit listeners who have never heard of PDC)
  • How long have you been using Nessus?
  • When did you start working for Tenable?
  • What is your role at Tenable?
Nessus Questions:
  • What’s new in this version of Nessus?
  • Are changes driven primarily by Tenable, or the community?
  • What does Nessus use for a scanning engine?
  • How does Nessus interact and work with Nmap?
  • Explain Nessus licensing and what an individual vs a corp is entitled to.
  • How much is a license?
  • Cost of proffesional feed = $1200.00/year
  • Home feed no longer a delay, no SCADA plugins
  • How does Nessus differ from OpenVAS?
  • Can you use the OpenVAS repo with Nessus?
  • Talk about the extensibility of Nessus. (Scripting, etc)
  • How does Nessus work with OVAL definitions? How does this help for FDCC compliance?
  • Does tenable have any dedicated appliances for enterprise scanning and monitoring based on nessus?
Implementation and Operation questions (How Paul Does Things):
  • Do you place scanning servers on each segment of the network, or do you scan through zone-to-zone firewalls? Why?
  • Is there a practical limit to the number of deices that can be scanned by one scanning server? Or is it just a time tradeoff?
  • How often do you scan (and re-scan) a network?
  • How do you handle the results (and avoid dropping a 300 page Nessus report on the server guys and saying FIX IT)
  • Are results parse-able and able to be fed into compliance and risk management tools?
Other Questions:
  • When is the next PaulDotCom episode?
  • What are the topics/guests?
  • What is your favorite beer?
Hosts:
Anthony Gartner  AnthonyGartner.com @anthonygartner
Christopher Mills @thechrisam
Andrew Borel @andrew_secbit
Ed Smiley – @edsmiley
Guest:
Paul Asadoorian – @pauldotcom – http://www.pauldotcom.com
Links:
Tenable Network Security Blog and Podcast – http://blog.tenablesecurity.com/

SecuraBit Episode 37: Mapping Networks with Fyodor and NMAP

SecuraBit Episode 37 – Mapping Networks with Fyodor and NMAP
NMAP 5 with Gordon “Fyodor” Lyon
* How did Nmap start?
* What’s new in Nmap 5?
* Whe kind of legal issues have you faced in regards to NMAP?
* Where did the handle Fyodor start?
* Will there be a second edition of Nmap book? (below) no second e yet or planned
* Where is NMAP Going?
* Where do you see Nmap Scripts (NSE) going, possibly doing a community repo?
* Will scans for mobile devices in future releases?
* Why lua vs. python or ruby or something else?
Find the answers to these questions and more by listening to the show.

After our interview we cover DEFCON and the Podcasters meetup.

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – http://www.anthonygartner.com – @anthonygartner
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Christopher Mills – http://www.packetsense.net – @thechrisam
Andrew Borel – @andrew_secbit
Jason Mueller – @securabit_jay
Rob Fuller – Mubix – http://www.room362.com – @Mubix

Guest:
Gordon “Fyodor” Lyon – http://insecure.org/fyodor/

Links:
NMAP 5 – http://nmap.org/5/
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning – http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=sr_1_1?ie=UTF8&qid=1250122655&sr=8-1
New ‘ping sweep’ – http://carnal0wnage.attackresearch.com/node/373
The Programming Language Lua – http://www.lua.org/
WordPress 2.8.4 Security Release – http://wordpress.org/development/2009/08/2-8-4-security-release/