http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2010-10-23 00:52:27 - Midnight Research Labs : The site has had some recent hardware updates, so we should be able to run things a little more smoothly and hopefully also a little more stably now We still have the hacker space near Boston, and so to help promote that we re going to try to update and clean up the site a bit http://www.secuobs.com/revue/news/259357.shtmlhttp://www.secuobs.com/revue/news/259357.shtml Secuobs.com : 2010-10-23 00:52:27 - Midnight Research Labs - Backup your laptops, it s already that time of the year again As always we ll be getting a few hackers together to play the pre-qualification round of the Defcon CTF game Every year the competition gets even more fierce, but it s always an amazing experience to play If you re interested in the MRL hacker-space near Boston, http://www.secuobs.com/revue/news/259356.shtmlhttp://www.secuobs.com/revue/news/259356.shtml Secuobs.com : 2010-10-23 00:52:27 - Midnight Research Labs - As part of trying to expand the group and recruit some more members for the hacker space near Boston, we re going to start announcing more of our presentation style meetings Hopefully we can get some more people interested in being part of the space this way This month we re pleased to have Oliver Day speaking http://www.secuobs.com/revue/news/259355.shtmlhttp://www.secuobs.com/revue/news/259355.shtml Secuobs.com : 2010-10-23 00:52:27 - Midnight Research Labs - If you re around for BlackHat Defcon Bsides, you should definitely check out one of Ryan s many presentations He starts at BSides giving a talk titled Multi-Player MetaSploit, and then shortly after that will be doing Arsenal of Tools at BlackHat At Defcon he s also going to be very busy, and will be giving a presentation on Multiplayer http://www.secuobs.com/revue/news/259354.shtmlhttp://www.secuobs.com/revue/news/259354.shtml Secuobs.com : 2010-10-23 00:52:27 - Midnight Research Labs - Here are some of the interesting things that I encountered this year at BlackHat These are mostly talks that I went to, but there are a few things that I just happened to run across in the course of the conference Overall it was a good conference and similar to last year One improvement was http://www.secuobs.com/revue/news/259353.shtmlhttp://www.secuobs.com/revue/news/259353.shtml Secuobs.com : 2010-10-23 00:52:27 - Midnight Research Labs - This year s defcon was a lot of fun, but the overcrowding is a serious flaw which made it very difficult to get into many of the talks especially the good ones I spent a fair amount of time socializing with some of the people I only get to see at con-time, but I still managed http://www.secuobs.com/revue/news/259352.shtmlhttp://www.secuobs.com/revue/news/259352.shtml Secuobs.com : 2010-10-23 00:52:27 - Midnight Research Labs - I m sad to report that due to circumstances outside of our control, the hacker space that we started up over a year ago had to close its doors recently We ll continue to exist as a group and publish new things, but it won t be based around a physical space We have people affiliated with the http://www.secuobs.com/revue/news/259351.shtmlhttp://www.secuobs.com/revue/news/259351.shtml Secuobs.com : 2010-10-23 00:52:27 - Midnight Research Labs - As part of a couple different projects I m working and hoping to release sometime soon , I ve created implemented a simple treemap module for python Code here There are a few python treemap modules already, but I couldn t find a simple one with minimal prerequisites and that implements anything other than the squarified layout Since I couldn t http://www.secuobs.com/revue/news/259350.shtmlhttp://www.secuobs.com/revue/news/259350.shtml Secuobs.com : 2010-10-23 00:52:27 - Midnight Research Labs - This is a treemap graph that shows the binary section sizes for all running user-space processes on a linux box Ubuntu 910 The size of each area corresponds with the size of memory each section uses This in no way reflects the actual physical memory layout, it s merely a representation of the relative sizes of http://www.secuobs.com/revue/news/259349.shtmlhttp://www.secuobs.com/revue/news/259349.shtml Secuobs.com : 2010-05-21 07:14:21 - Midnight Research Labs - If you re using the tac_plus implementation of Cisco s TACACS server and want to do password auditing, I ve written a quick script that will take the config file with all of its users and output a john the ripper compatible password file You can run john directly against this generated file Here s an abbreviated example tacacs-passwd-dumppy http://www.secuobs.com/revue/news/224302.shtmlhttp://www.secuobs.com/revue/news/224302.shtml Secuobs.com : 2010-05-21 07:14:21 - Midnight Research Labs - Copied from the MRLB mailing list Howdy I m pleased to announce that THIS Thursday June 25 at 6 30 PM, Midnight Research Labs Boston will have a special guest speaker Mr James Atkinson, who will be giving if memory serves me correctly his Kill Your Cordless Phone talk This talk will be announced and open to the general public, and WILL REQUIRE http://www.secuobs.com/revue/news/224301.shtmlhttp://www.secuobs.com/revue/news/224301.shtml Secuobs.com : 2009-09-13 11:08:04 - Midnight Research Labs - If you re around Boston this Thursday night, definitely check this interesting presentation from Zach at the Boston NAISG National Information Security Group on Disclosure Samsara or The Endless Responsible Vulnerability Disclosure Debate This is the official meeting page, and details for the time location RSVP can be found there It will be held at the http://www.secuobs.com/revue/news/140473.shtmlhttp://www.secuobs.com/revue/news/140473.shtml Secuobs.com : 2009-09-13 11:08:04 - Midnight Research Labs - This post is long overdue since we ve had these for at at least a couple months now, but I definitely wanted to give props to Jeremy for hooking us up with some cool MRL coins that he had created He has a pretty good blog post on the process of how he created them http://www.secuobs.com/revue/news/140472.shtmlhttp://www.secuobs.com/revue/news/140472.shtml Secuobs.com : 2009-08-26 22:56:59 - Midnight Research Labs - Here s some information on our next MRL Boston meeting coming up this Thursday From the meeting announcement Start 2009 08 27 18 30 End 2009 08 27 20 30 Timezone America New York For our meeting for Thursday, August 27, we ll finally be given the long-awaited Burp Suite presentation by our very own Craig Ingram cji For those of you not familiar with Burp Suite 1 , it s a web application http://www.secuobs.com/revue/news/134874.shtmlhttp://www.secuobs.com/revue/news/134874.shtml Secuobs.com : 2009-08-26 22:56:59 - Midnight Research Labs - Go check out the Network Security Podcast MRL s Zach Lanier aka Quine has been doing some extended guest appearances on the the show recently The NetSec podcast is a good podcast I ve been listening to recently that covers general network security and the relevant current news with insight from some industry veterans http://www.secuobs.com/revue/news/134873.shtmlhttp://www.secuobs.com/revue/news/134873.shtml Secuobs.com : 2009-08-22 01:06:51 - Midnight Research Labs - After a hardware failure on our primary server the day after our secondary went away, we re finally back I m hoping that s the last of the fail for a while, We ll still have a couple of infrastructure changes over the next couple weeks, but hopefully the website should be stable Lots http://www.secuobs.com/revue/news/133284.shtmlhttp://www.secuobs.com/revue/news/133284.shtml Secuobs.com : 2009-08-22 01:06:51 - Midnight Research Labs - Midnight Research Labs Boston will be hosting the Open Security Foundation s inaugural Mangle-A-Thon on September 19, 2009 This free event, broken up into two to three sessions, is a great opportunity to learn about and contribute to the Open Source Vulnerability Database OSVDB , the DataLossDB, and more As an added bonus, the OSF will be http://www.secuobs.com/revue/news/133283.shtmlhttp://www.secuobs.com/revue/news/133283.shtml Secuobs.com : 2009-07-11 23:26:39 - Midnight Research Labs - This is a pretty cool looking website service from the Computer Security Group at UC Santa Barbara that will analyze flash and javascript for malicious content It will actually de obfuscate javascript and pull out the active exploits that it uses I m guessing that it s also doing some dynamic analysis because it is able to http://www.secuobs.com/revue/news/119656.shtmlhttp://www.secuobs.com/revue/news/119656.shtml Secuobs.com : 2009-06-24 09:09:55 - Midnight Research Labs - Copied from the MRLB mailing list Howdy I’m pleased to announce thatTHIS Thursday June 25 at 6:30 PM, Midnight Research Labs Boston willhave a special guest speaker: Mr James Atkinson, who will be givingif memory serves me correctly his “Kill Your Cordless Phone” talk***This talk will be announced and open to the general public, andWILL REQUIRE http://www.secuobs.com/revue/news/113024.shtmlhttp://www.secuobs.com/revue/news/113024.shtml Secuobs.com : 2009-06-17 19:25:22 - Midnight Research Labs - We talked about this before, and since it’s a pretty interesting projectI thought it would be good to follow up on The remote-exploitorgguys responsible for backtrack released a how-to along withsource-code and parts list, etc, for their wireless keyboard sniffingproject They don’t have fabricated boards yet, but they’re lookinghttp://www.secuobs.com/revue/news/110832.shtmlhttp://www.secuobs.com/revue/news/110832.shtml Secuobs.com : 2009-02-17 03:30:30 - Midnight Research Labs - It is with great excitement that we bring you the latest version ofSEAT SEAT Search Engine Assessment Tool is the next generationinformation digging application geared toward the needs of securityprofessionals SEAT uses information stored in search enginedatabases, cache repositories, and other public resources to scan websites for potential vulnerabilities http://www.secuobs.com/revue/news/62334.shtmlhttp://www.secuobs.com/revue/news/62334.shtml Secuobs.com : 2009-01-24 18:15:33 - Midnight Research Labs - D’oh We had some problems with the MRL server over the last week, butthings are slowly coming back to life The wiki and CVS are stilldown, but most things should be back up for the meantime We’llprobably be migrating again in a few weeks to a more permanentlocation, http://www.secuobs.com/revue/news/54856.shtmlhttp://www.secuobs.com/revue/news/54856.shtml Secuobs.com : 2009-01-24 18:15:33 - Midnight Research Labs - It looks like BotHunter has been busy since the last time I was lookingat them They have a new Live CD to test out the software, and somenew releases with some new features including a GUI that are worthchecking out Here’s the blurb on what bothunter does: BotHunter is apassive http://www.secuobs.com/revue/news/54855.shtmlhttp://www.secuobs.com/revue/news/54855.shtml Secuobs.com : 2009-01-24 18:15:33 - Midnight Research Labs - I have a few smaller tools/scripts I’m going to be posting in the nearfuture on a new hackery page Some of these are random things thatdon’t quite deserve a whole project page, but I still wanted to put ageneral reference together The first thing I’m putting up is a smalltool that http://www.secuobs.com/revue/news/54854.shtmlhttp://www.secuobs.com/revue/news/54854.shtml Secuobs.com : 2009-01-24 18:15:33 - Midnight Research Labs - I don’t want to bore anyone with arbitrary end of yearstatements/predictions, but I did want to acknowledge the milestone2008 was a pretty good year, and we’ve managed to get back into anregular schedule again with meetings twice a month We’re lookingforward to an exciting 2009, and have a couple http://www.secuobs.com/revue/news/54853.shtmlhttp://www.secuobs.com/revue/news/54853.shtml Secuobs.com : 2009-01-24 18:15:33 - Midnight Research Labs - You can’t use it in your plot to take over the world with remote controlrobots yet, but there’s a new 0day in the WowWee Rovio that will allowremote snooping of the audio/video data that comes from the robotOther things you can do remotely are get configuration data, updatethe firmware, and http://www.secuobs.com/revue/news/54852.shtmlhttp://www.secuobs.com/revue/news/54852.shtml Secuobs.com : 2009-01-24 18:15:33 - Midnight Research Labs - It looks like kenshoto is stepping down as the organizer for one of thelargest hacking competitions in the world An announcement has beenmade on the defcon forums for new organizers From the announcement:WANTED: An evil large multinational corporation, or… An nefariousgroup of genius autonomous hackers, or… A shadowy governmentorganization from somewhere in the world TO: Host, http://www.secuobs.com/revue/news/54851.shtmlhttp://www.secuobs.com/revue/news/54851.shtml Secuobs.com : 2009-01-24 18:15:33 - Midnight Research Labs - Here are a few sets of conference videos that are now online: – Hack inthe box - Malaysia videos Day1 — Day 2 Even though it’s a pirate baylink, the videos were linked from the main HITB page, so I’m assumingit’s legit, : – Microsoft’s BlueHat 8 videos Day 1 — http://www.secuobs.com/revue/news/54850.shtmlhttp://www.secuobs.com/revue/news/54850.shtml Secuobs.com : 2009-01-24 18:15:33 - Midnight Research Labs - If you’re using the tac_plus implementation of Cisco’s TACACS+ server andwant to do password auditing, I’ve written a quick script that willtake the config file with all of its users and output a john theripper compatible password file You can run john directly againstthis generated file Here’s an abbreviated example: $/tacacs-passwd-dumppy http://www.secuobs.com/revue/news/54849.shtmlhttp://www.secuobs.com/revue/news/54849.shtml