Laboratory B Burlington's Community HackerSpace

27Nov/130

Bitcoinage Discussion!

Posted by Jesse Krembs

Laboratory B hosted a bit of coin meetup last week and the local alt weekly (more like just awesome weekly) did a write up about it!

In Vermont, Users of "Cryptocurrency" Bitcoin Are Few But Committed

 Last week, in a small, subterranean workspace near downtown Burlington, a group of tech-savvy Vermonters held an open forum on a topic that’s attracted a great deal of attention lately: Bitcoin. Early adopters of the “cryptocurrency” believe it has the potential to upend the entire global economy.....
Also Laboratory B has some cool "I use bitcoin" t-shirts if you need one.
Filed under: awesome, Crime, event No Comments
19Feb/120

Transparency Grenade

Posted by Jesse Krembs

The lack of Corporate and Governmental transparency has been a topic of much controversy in recent years, yet our only tool for encouraging greater openness is the slow, tedious process of policy reform. 

Presented in the form of a Soviet F1 Hand Grenade, the Transparency Grenade is an iconic cure for these frustrations, making the process of leaking information from closed meetings as easy as pulling a pin. 

Equipped with a tiny computer, microphone and powerful wireless antenna, the Transparency Grenade captures network traffic and audio at the site and securely and anonymously streams it to a dedicated server where it is mined for information. Email fragments, HTML pages, images and voice extracted from this data are then presented on an online, public map, shown at the location of the detonation. 

Whether trusted employee, civil servant or concerned citizen, greater openness was never so close at hand..

...And Idea who's time has come!


Filed under: Crime No Comments
2May/110

Insecure Defaults Lead to Mass Open Proxies in China |  InfoSec Resources

Posted by Jesse Krembs

Insecure Defaults Lead to Mass Open Proxies in China |  InfoSec Resources.

Oh this is handy..

Filed under: art, botnet, cons, Crime, fail, fun No Comments
7Apr/110

A little trick to extract stored FTP details – DigiNinja

Posted by Jesse Krembs

A little trick to extract stored FTP details - DigiNinja.

You are on a test and pop a box which has an FTP client on it. On investigation you find it has credentials stored but the boxes they are for aren't in scope. Knowing the passwords could be reused on other boxes that are in scope you really want to collect them.

You could try grabbing the credentials file and trying to crack it but this might be an easier way...

Set up an FTP server on your machine then modify the hosts file on your popped box to point all the hosts with credentials to your machine. Then start a TCP sniffer on your machine and ask the client to connect.

The client will find the server and send the credentials which you can simply pull out of the packet capture.

This will also work with other plain text protocols such as HTTP basic auth and POP3 as long as you can get your own "fake" server to respond with enough initial info to trigger the details to be sent.

That is a cute little trick isn't it!

 

 

Filed under: art, Crime, fun No Comments
7Mar/110

Libyan IP space..

Posted by Jesse Krembs

# Country: LIBYAN ARAB JAMAHIRIYA # ISO Code: LY # Total Networks: 5 # Total Subnets: 299,008
41.74.64.0/20
41.208.64.0/18
41.252.0.0/14
62.68.32.0/19
62.240.32.0/19

via .

Just saying..
nmap -sn -PE -PA21,23,80,3389 --traceroute 41.74.64.0/20 41.208.64.0/18 41.252.0.0/14 62.68.32.0/19 62.240.32.0/19

Filed under: art, Crime, cyberwar, event, fail, fun No Comments
21Feb/110

Cryptome: More HBGary

Posted by Jesse Krembs

Always wonder what the big boys of InfoSec sound like when they are talking to each other and in the office. Now's your chance visit the HBGary pages of Cryptome.

14Feb/110

Stuxnet Source Code on GitHub

Posted by admin

The publically released source code for the Stuxnet botnet has been decompiled and posted on GitHub. This stuff never ceases to amaze me!

https://github.com/Laurelai/decompile-dump

Filed under: botnet, Crime No Comments
14Feb/110

Cryptome: HBGary Federal

Posted by Jesse Krembs

Cryptome has broken down the HBGary data dump for review.

HBG-Anon-WL.zip       HBGary Anonymous and Wikileaks                   February 13, 2011 (317KB)
HBG-VE-IR.zip         HBGary Venezuela and Iran                        February 13, 2011 (697KB)
HBG-EC-APT.zip        HBGary E-Crime and Advanced Persistent Threats   February 13, 2011 (554KB)
HBG-JHU-APL.zip       HBGary Secure Applied Physics Lab                February 13, 2011 (874KB)

HBG-NSA.zip           HBGary National Security Agreements              February 13, 2011 (1.3MB)
HBG-TENPP.pdf         HBGary Targeting Exelon Nuclear Power Plant      February 13, 2011
HBG-CIRC.zip          HBGary Corporate Information Spying Cell         February 13, 2011 (288KB)
HBG-TMC.zip           HBGary Threat Monitoring Center                  February 13, 2011 (792KB)
HBG-EA.zip            HBGary Exploitation Assessment                   February 13, 2011 (712KB)

HBG-SMSR.zip          HBGary Social Media Security Reset               February 12, 2011 (5.5MB)
HBG-ETT.zip           HBGary Emerging Threats and Trends 2011          February 12, 2011 (4.2MB)
dodi-3305-01.pdf      National Intelligence University                 February 12, 2011

HBG-LE-Intel.zip      HBGary Scoutvision Law Enforcement-Intel Cases   February 11, 2011 (6.7MB)
HBG-SME.zip           HBGary Social Media Exploitation                 February 11, 2011 (5.8MB)
HBG-APT.zip           HBGary Advanced Persistent Threat                February 11, 2011 (3.0MB)
HBG-Mandiant.zip      HBGary Mandiant Advanced Persistent Threat       February 11, 2011 (2.0MB)

HBG-McAfee.zip        HBGary McAfee Integration                        February 11, 2011 (1.5MB)
HBG-Aurora.zip        HBGary Aurora Malware Report                     February 11, 2011 (400KB)
HBG-Splunk.zip        HBGary Splunk Brief-IT Management Is Broken      February 11, 2011 (3.2MB)
HBG-TVA.zip           HBGary Topological Vulnerability Analysis        February 11, 2011 (2.4MB)
HBG-Fed-OA.pdf        HBGary Federal Operating Agreement               February 11, 2011
This isn't everything in the HBGary feed, but it certainly is interesting
1Feb/110

Sintered Armorgel is here!

Posted by Jesse Krembs

  The Deliverator belongs to an elite order, a hallowed subcategory. He's
got  esprit up to here. Right now,  he is preparing to carry  out  his third
mission of the night. His uniform  is black as activated charcoal, filtering
the very light out of the air. A bullet will  bounce  off  its  arachnofiber
weave  like  a  wren hitting  a  patio  door, but excess perspiration  wafts
through it  like a breeze through a freshly napalmed  forest. Where his body
has  bony extremities,  the suit  has sintered armorgel:  feels like  gritty
jello, protects like a stack of telephone books.

28Jan/111

This is how we roll at Lab B!

Posted by Jesse Krembs

Filed under: art, Crime 1 Comment