http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2011-10-30 23:32:01 - JW Network Consulting : I ve been digging through some PHP files that are trying very hard to hide what they are doing Basically, the PHP code is base64 encoded and then compressed The blob of random text is then stuffed into a PHP file which calls to decode it and execute it on the web server While it obscures http://www.secuobs.com/revue/news/337737.shtmlhttp://www.secuobs.com/revue/news/337737.shtml Secuobs.com : 2011-04-01 17:20:35 - JW Network Consulting - Metasploit has successfully broken into Skynet thanks to Comodo, RSA, MySQL and Stuxnet Here is the output from msfconsole after updating today Rock on guys 0 08 43 03 515 - msfconsole http://www.secuobs.com/revue/news/295701.shtmlhttp://www.secuobs.com/revue/news/295701.shtml Secuobs.com : 2011-01-21 09:44:56 - JW Network Consulting - I ve been grumbling to myself about writing blog posts using the web interface in WordPress for quite some time, but I ve never really done much about it Today I spent some time chatting with David Pratt, a colleague of mine, about our blogs David runs the Data Management Wonk blog and I liked how his http://www.secuobs.com/revue/news/279841.shtmlhttp://www.secuobs.com/revue/news/279841.shtml Secuobs.com : 2011-01-20 07:30:55 - JW Network Consulting - A friend of mine asked a question on Facebook that went something like this Who owns your company s data The politically correct answer is that the business owns the data and IT manages it for them That s nice in theory, but is it really true Does your company have a data governance group run by http://www.secuobs.com/revue/news/279516.shtmlhttp://www.secuobs.com/revue/news/279516.shtml Secuobs.com : 2011-01-18 08:02:27 - JW Network Consulting - I spent some time today and fixed some seriously messed up regular expressions in Reconnoiter Basically, Google made a bunch of changes to their search results and added AJAX all over the place To deal with this, I changed the submitted user agent to Lynx and then updated the regex accordingly Changes with regex were http://www.secuobs.com/revue/news/278865.shtmlhttp://www.secuobs.com/revue/news/278865.shtml Secuobs.com : 2010-10-22 08:37:45 - JW Network Consulting - Things have been really busy lately First off, my Mentor session for SANS Security 504 started on September 21st We are at the halfway point right now and leading this has been incredible It seems whenever I need to present or teach something I learn more than anyone else Plus teaching is just fun Particularly http://www.secuobs.com/revue/news/259147.shtmlhttp://www.secuobs.com/revue/news/259147.shtml Secuobs.com : 2010-07-01 10:28:44 - JW Network Consulting - Having a solid incident response capability isn t an accident It s the result of focused preparation, training and culture Incidents come at unexpected times, frequently with little warning, and can have a severe impact on an organization It s during these times that inadequate planning, documentation and missing tools become painfully apparent That high level incident response http://www.secuobs.com/revue/news/236795.shtmlhttp://www.secuobs.com/revue/news/236795.shtml Secuobs.com : 2010-06-23 19:25:01 - JW Network Consulting - The last week was really busy while I prepared to do my presentation at the Utah Open Source Conference While I was engaged in this process I got a message from Larry Pesce of the Pauldotcom Podcast He had some updates to Reconnoiter and wanted to shoot them over to me He said that he http://www.secuobs.com/revue/news/234256.shtmlhttp://www.secuobs.com/revue/news/234256.shtml Secuobs.com : 2010-06-23 19:25:01 - JW Network Consulting - Today we had a really bad thing that happened, but it ended up not mattering at all One of my clients was busy doing some work and accidentally deleted a directory with about 1 GB of data in it I got a very worried email from them and if it could be restored Fortunately, we http://www.secuobs.com/revue/news/234255.shtmlhttp://www.secuobs.com/revue/news/234255.shtml Secuobs.com : 2010-06-23 19:25:01 - JW Network Consulting - When I first saw this fly by on Twitter ironic I thought it was Rsnake joking around I followed his comment about it over to Vantage Credit Union s web site and saw that sure enough, their customers can do limited banking via Twitter Before I go further, let me state this openly I like and http://www.secuobs.com/revue/news/234254.shtmlhttp://www.secuobs.com/revue/news/234254.shtml Secuobs.com : 2010-06-23 19:25:01 - JW Network Consulting - It has been a busy couple of months, but my posts have been fairly quiet on the blog Between attending the SANS Security 504 Incident Handling class, traveling for work, moving my family and the holidays things have been moving at a rapid pace I m going to be trying to comment more here, but for http://www.secuobs.com/revue/news/234253.shtmlhttp://www.secuobs.com/revue/news/234253.shtml Secuobs.com : 2010-06-23 19:25:01 - JW Network Consulting - So Facebook has made some changes to privacy that I didn t like much Thought I d pass it on The new change is that if one of your friends uses a Facebook application any application and it requests personal information, Facebook will share that information to them without your knowledge So even if you don t want http://www.secuobs.com/revue/news/234252.shtmlhttp://www.secuobs.com/revue/news/234252.shtml Secuobs.com : 2010-06-23 19:25:01 - JW Network Consulting - One of the guys I work with sent me a link to an article on Kings Pride and I decided to post them here Mostly, so I can find them again later when need them later Any how, from Kings Pride here s the details on how to invoke a Java based shell on a NetApp http://www.secuobs.com/revue/news/234251.shtmlhttp://www.secuobs.com/revue/news/234251.shtml Secuobs.com : 2010-06-23 19:25:01 - JW Network Consulting - This is something that I ve really been looking forward to announcing for a while now I will be running a Mentor session for SANS starting on Sept 21 and running until November 23, 2010 We will be meeting once per week for two hours to cover course material, discuss what we ve studied and do some http://www.secuobs.com/revue/news/234250.shtmlhttp://www.secuobs.com/revue/news/234250.shtml Secuobs.com : 2010-06-23 19:25:01 - JW Network Consulting - One of the most disheartening things about the Gulf of Mexico disaster is to watch BP, the government and other involved parties appear to make up their response as they go along Aren t oil companies required to plan for failures and how to recover from them As it turns out yes, they are Tonight I http://www.secuobs.com/revue/news/234249.shtmlhttp://www.secuobs.com/revue/news/234249.shtml Secuobs.com : 2010-06-23 19:25:01 - JW Network Consulting - Just a quick note today I finished working on a Metasploit module to create usernames the same way that the other two scripts in Reconnoiter does However, this module is able to search Yahoo or Google and does not require separate scripts to do so It also provides the option to use msfweb to get http://www.secuobs.com/revue/news/234248.shtmlhttp://www.secuobs.com/revue/news/234248.shtml Secuobs.com : 2010-06-23 19:25:01 - JW Network Consulting - Last year I was able to speak at the Utah Open Source Conference on building a security toolkit with open source software I just finished submitting my proposal for this year entitled Metasploit Free, Powerful, Flexible Being able to present at UTOSC 2009 was an absolute blast and I hope that my presentation is accepted http://www.secuobs.com/revue/news/234247.shtmlhttp://www.secuobs.com/revue/news/234247.shtml