Bitcoinage Discussion!

Laboratory B hosted a bit of coin meetup last week and the local alt weekly (more like just awesome weekly) did a write up about it!

In Vermont, Users of “Cryptocurrency” Bitcoin Are Few But Committed

 Last week, in a small, subterranean workspace near downtown Burlington, a group of tech-savvy Vermonters held an open forum on a topic that’s attracted a great deal of attention lately: Bitcoin. Early adopters of the “cryptocurrency” believe it has the potential to upend the entire global economy…..
Also Laboratory B has some cool “I use bitcoin” t-shirts if you need one.

Transparency Grenade

The lack of Corporate and Governmental transparency has been a topic of much controversy in recent years, yet our only tool for encouraging greater openness is the slow, tedious process of policy reform. 

Presented in the form of a Soviet F1 Hand Grenade, the Transparency Grenade is an iconic cure for these frustrations, making the process of leaking information from closed meetings as easy as pulling a pin. 

Equipped with a tiny computer, microphone and powerful wireless antenna, the Transparency Grenade captures network traffic and audio at the site and securely and anonymously streams it to a dedicated server where it is mined for information. Email fragments, HTML pages, images and voice extracted from this data are then presented on an online, public map, shown at the location of the detonation. 

Whether trusted employee, civil servant or concerned citizen, greater openness was never so close at hand..

…And Idea who’s time has come!


A little trick to extract stored FTP details – DigiNinja

A little trick to extract stored FTP details – DigiNinja.

You are on a test and pop a box which has an FTP client on it. On investigation you find it has credentials stored but the boxes they are for aren’t in scope. Knowing the passwords could be reused on other boxes that are in scope you really want to collect them.

You could try grabbing the credentials file and trying to crack it but this might be an easier way…

Set up an FTP server on your machine then modify the hosts file on your popped box to point all the hosts with credentials to your machine. Then start a TCP sniffer on your machine and ask the client to connect.

The client will find the server and send the credentials which you can simply pull out of the packet capture.

This will also work with other plain text protocols such as HTTP basic auth and POP3 as long as you can get your own “fake” server to respond with enough initial info to trigger the details to be sent.

That is a cute little trick isn’t it!

 

 

Cryptome: HBGary Federal

Cryptome has broken down the HBGary data dump for review.

HBG-Anon-WL.zip       HBGary Anonymous and Wikileaks                   February 13, 2011 (317KB)
HBG-VE-IR.zip         HBGary Venezuela and Iran                        February 13, 2011 (697KB)
HBG-EC-APT.zip        HBGary E-Crime and Advanced Persistent Threats   February 13, 2011 (554KB)
HBG-JHU-APL.zip       HBGary Secure Applied Physics Lab                February 13, 2011 (874KB)

HBG-NSA.zip           HBGary National Security Agreements              February 13, 2011 (1.3MB)
HBG-TENPP.pdf         HBGary Targeting Exelon Nuclear Power Plant      February 13, 2011
HBG-CIRC.zip          HBGary Corporate Information Spying Cell         February 13, 2011 (288KB)
HBG-TMC.zip           HBGary Threat Monitoring Center                  February 13, 2011 (792KB)
HBG-EA.zip            HBGary Exploitation Assessment                   February 13, 2011 (712KB)

HBG-SMSR.zip          HBGary Social Media Security Reset               February 12, 2011 (5.5MB)
HBG-ETT.zip           HBGary Emerging Threats and Trends 2011          February 12, 2011 (4.2MB)
dodi-3305-01.pdf      National Intelligence University                 February 12, 2011

HBG-LE-Intel.zip      HBGary Scoutvision Law Enforcement-Intel Cases   February 11, 2011 (6.7MB)
HBG-SME.zip           HBGary Social Media Exploitation                 February 11, 2011 (5.8MB)
HBG-APT.zip           HBGary Advanced Persistent Threat                February 11, 2011 (3.0MB)
HBG-Mandiant.zip      HBGary Mandiant Advanced Persistent Threat       February 11, 2011 (2.0MB)

HBG-McAfee.zip        HBGary McAfee Integration                        February 11, 2011 (1.5MB)
HBG-Aurora.zip        HBGary Aurora Malware Report                     February 11, 2011 (400KB)
HBG-Splunk.zip        HBGary Splunk Brief-IT Management Is Broken      February 11, 2011 (3.2MB)
HBG-TVA.zip           HBGary Topological Vulnerability Analysis        February 11, 2011 (2.4MB)
HBG-Fed-OA.pdf        HBGary Federal Operating Agreement               February 11, 2011
This isn't everything in the HBGary feed, but it certainly is interesting

Sintered Armorgel is here!

  The Deliverator belongs to an elite order, a hallowed subcategory. He's
got  esprit up to here. Right now,  he is preparing to carry  out  his third
mission of the night. His uniform  is black as activated charcoal, filtering
the very light out of the air. A bullet will  bounce  off  its  arachnofiber
weave  like  a  wren hitting  a  patio  door, but excess perspiration  wafts
through it  like a breeze through a freshly napalmed  forest. Where his body
has  bony extremities,  the suit  has sintered armorgel:  feels like  gritty
jello, protects like a stack of telephone books.