Hi i'm back from Blackhat Amsterdam, and i really didn't liked it this time. I'm very disappointed with the organization, when i pay 1200 Eur i expect that the service and the organization of the event will be perfect (or at least very good), but this time it looked like a bunch of friends organized some conference without too much interest. Here is the list of things that i didn't liked:
0-Please stop giving for free those red bags, not even our girlfriends use them, they are totally ugly.
1-This year they didn't gave books, only the Cd-rom. (the book was ok, because you can take notes, read a slide that you miss, etc).
2-The organization wanted that the public use their laptops to read the cdroms, but in the conference room there were few sockets.
3-The lunch was a nightmare, the people had to wait in a queue to enter the restaurant, then make a queue to serve the food. Really a mess...
4-There were zero support for the speakers, some speakers had problems and there were nobody from the organizations to help them. For example one speaker had the audio
very low, and the public hardly heard him, nobody helped him until one person went outside to search for someone of the crew to fix the problem. Other speaker had a problem with his laptop socket and again, nobody from the crew was there.
5-The Microsoft party was a shame in comparison with 2006. Prefixed drinks, small place, it was more like a reunion in the house of a friend than a party :( (i think they spend all the budget in Windows Vista Marketing) ;)
6-The place was very small, and it was difficult to move when all the people was in the lobby.
7-There were coffe service with some food, but it was difficult to have a glass of water. Coffe a lot, water none.
That's all my thoughts, if they want to charge 1200 Eur, for the conference they have to mantain a quality level. From this year experience i don't recommend Blackhat Europe the next time.
If you have any question about blackhat, please let me know..
Wednesday, April 11, 2007
Saturday, January 27, 2007
coLinux - Cooperative Linux
Some time ago i switched from Ubuntu to Windows XP (in my work computer), mostly because it made my work easier and faster ,but i always missed the linux command line and all the tools. I tried Cygwin, it's not too bad but still is not Linux. Yesterday a co-worker (Ruben) showed me coLinux:
From the coLinux site:
Cooperative Linux is the first working free and open source method for optimally running Linux on Microsoft Windows natively. More generally, Cooperative Linux (short-named coLinux) is a port of the Linux kernel that allows it to run cooperatively alongside another operating system on a single machine.
In short words, it's like Vmware, Parallels, Virtual PC but free, lighter and faster. It take just 4 seconds to boot a debian sarge!!
So now i have a real full linux in my Windows environment :)
Right now there are available Debian, Fedora, Gentoo, Ubuntu, Mandrake and many more OS images.
Best of all you can start coLinux machine as a Windows service an access via SSH through your favorite Terminal emulator (Poderosa, Putty, etc).
Just Great..
coLinux official page
coLinux Wiki
But still not even Windows and Linux together, can beat the MacOs X ;)
There is nothing like MacOs X with Parallels, running windows applications directly in the Os X desktop. (Coherence mode)
Enjoy...
Thursday, January 11, 2007
MD5 and SHA1
The other day i needed to crack a MD5 string and i hadn't the Rainbow Tables at hand so a partner show me the web http://md5.rednoize.com. It is very cool, and it also support SHA1, and it looks like google :)
The web does:
-Plaintext --> MD5
-Plaintext --> SHA1
-MD5 --> Plaintext
-SHA1 --> Plaintext
In the future i will add more website that offer this kind of service.
Enjoy
Wednesday, January 10, 2007
SSH Dinamic Port Forwarding
This is a mind note, cause i always forgot the command to create a dinamic port forwarding through ssh. Suppose you want to navigate the web with your browser but you want that the browser connection is made by other machine that has sshd running. So you can access web pages as if from the other machine.
You need to create a connection to the sshd server with the parameter -D and the port number where the local machine will listen to forward the connections. Example:
command>ssh myuser@sshdserver -D 8080
Now you have to configure the web browser to use SOCK Host: localhost Port:8080
In windows you can use putty, and you have to configure
Connection->SSH->Tunnel
Option: Source Port = 8080
Destination: Dinamic
That's all
You need to create a connection to the sshd server with the parameter -D and the port number where the local machine will listen to forward the connections. Example:
command>ssh myuser@sshdserver -D 8080
Now you have to configure the web browser to use SOCK Host: localhost Port:8080
In windows you can use putty, and you have to configure
Connection->SSH->Tunnel
Option: Source Port = 8080
Destination: Dinamic
That's all
Email Harvesting
I made an update to an old but useful tool, "googleharvester". Now the tool also works with msn search. I ported the program to Python because i feel more comfortable with the language and i program faster ;)
You can download the tool: Here
Now the tool is called "theHarvester"
enjoy
You can download the tool: Here
Now the tool is called "theHarvester"
enjoy
Sunday, January 7, 2007
Ngsec - Game #3 - Brainstorming
Well another Web application hacking game from Ngsec, this time there were 5 levels. The difficulty was very hard at the 2 first levels, and very very easy in the last 3. The order of the levels should have been inverse :) . But with some patience and Mandingo's tips, i finished in 9 hours aprox (not in a row).
It's was good game to kill some time and program a little.
Try it and became a g00r00 ;)
Game #3
Some tips:
Level 1 - I become blind.
Level 2 - Timing, it's all about timing.
Level 3 - Too easy, no tips.
Level 4 - With the tips and clues in the game, plus some tampering should be enough.
Level 5 - Very easy, just google.
It's was good game to kill some time and program a little.
Try it and became a g00r00 ;)
Game #3
Some tips:
Level 1 - I become blind.
Level 2 - Timing, it's all about timing.
Level 3 - Too easy, no tips.
Level 4 - With the tips and clues in the game, plus some tampering should be enough.
Level 5 - Very easy, just google.
Wednesday, June 14, 2006
The RequesteR
Hello!, this time i bring a new tool for editing and sending HTTP request, it's a simple tool that you can use to debug or compare raw request to the HTTP servers. It's useful to replace the usual telnet session where do you need to type everything every time you want to send a request. With this tool you can change a simple letter in the request and re-send it, just pushing one button.
It supports SSL and request/response history. It's based on python and pygtk.
This is the first version, if you liked or think that would be cool to add something else please write me :)
Get it from Here
Enjoy
It supports SSL and request/response history. It's based on python and pygtk.
This is the first version, if you liked or think that would be cool to add something else please write me :)
Get it from Here
Enjoy
Subscribe to:
Posts (Atom)