Join the crew as they interview special guest Marisa Fagan of SECore!
Join us as we talk some lab shop with Mike Bailey and the rest of the crew!
Please visit http://wiki.securabit.com/ShowNotes/EP94 for our show notes!
Please re-download the Steganography file from the original post. The first one was corrupted. It will now export with the proper lowercase key.
Join us as we interview Nick Keuning from GFI about their Sandbox solution!
Our show notes are now housed on our wiki. Please visit this link to view them!
This time around we are giving away books!
The contest officially starts NOW and will run until 11:59PM on 11/19. We will announce winners promptly after that.
Prizes will be awarded to 1st and 2nd place. Everyone else who scores any amount of points will be entitled to a free sticker mailed to them if they so choose.
You can submit as many times as you wish. Please do so under ONE email address. The first person to hit maximum points will win 1st place. The 2nd person to hit maximum points will be 2nd place. If no contestant hits maximum points, we will take the highest two scores, in order of submission if there is a tie.
Submit to our [email protected]
1st place: @binarybitme, completed all 3 challenges and bonus points. Congrats!
2nd place: @zed_0xff, completed all 3 challenges and bonus points. Congrats!
Part 1: Packet Capture Analysis. (2 points)
Please download this file. What is the name of exploit kit being used in this pcap (not the verison, you may include the entire string on that line)? BONUS (1 point): What is the CVE associated with this?
Part 2: Steganography (3 points)
Please download this file. You’ll have to have the answer to part 1 in order to fully finish Part 2. The decryption key will be the main name of the exploit kit all in lower case without spaces, and without the version or anything else on that line in the file (if you email us with what you think it is and it’s close enough i’ll confirm it). Your answer should be the name of the person whose phone number isn’t like the others. BONUS (1 point): Answer the pre-recorded question by emailing us.
Part 3: Reverse Engineering (4 points)
Submit a working key and serial. BONUS (1 point): Write a working keygen with dynamic keys.
Thanks to Syngress and No Starch our winners will receive a book of their choosing! We will provide instructions to the winners.
On this episode we had special guest Christofer Hoff on to discuss Cloud and Virtualized security. We touched on some pretty amazing points and we hope you’ll enjoy this show!
This is a wee bit late but we wanted to post the answers to our challenge that we had up before Derbycon. Fortunately for all, there were enough tickets that nobody actually needed ours.
We had a great time meeting folks and talking security, as well as meeting up with you, our valued listeners on Friday night at Bluegrass Brewing Company (along with fake Russell Crowe!).
Here are the answers to our challenge:
1.) The phrase was “[email protected]” and was inside of a .txt file that was embedded into the PDF we made available. I utilized a program called wbStego which I believe one or two people figured out and used to find the flag.
For #2 and #3, please see this zip file for the source to both.
2.) The username was user “Jonny Doe” and the password was “Louisville”
3.) The phrase was “I want my derbycon ticket!”.
Join us this Friday 9/30 at the Bluegrass Brewing Company @ 10pm eastern time. Come by and grab a beer, hang out, and let us throw stickers at you!
The location is:
Bluegrass Brewing Company
2 Theater Sq, Louisville, KY 40202(502) 568-2224
Here are walking directions as well. It’s 0.5 miles to walk it, and the weather should be decent enough.
**Update: Check out http://blog.tottenkoph.com/2011/09/28/derbycon-meetups/ for more Derbycon meetups! Thanks for the mention!!
If you need to contact us follow us on twitter:
Join us as we interview Saviour Emmanuel Ekiko, author of the Ghost Phisher tool.
Show notes are now at our wiki: http://wiki.securabit.com/ShowNotes/EP90