S1E9: "I Can Smell You (and You Smell Horrible)"

Posted
Comments 0

Navigation
Previous EpisodeNext Episode
Log
Recorded (UTC) Aired (UTC) Editor
2016-06-09 03:06:18 2016-06-21 13:04:00 aaron k.
Verification
Format SHA256 GPG Audio File
MP3 f7dfa5b52551a9da457f94a1bdd8eba2623349b2d71eca1a4590b1e35e303848 click click
OGG 1cbe29d72e730f2cc80e5db431aac5ca7611ef50b4c7bf19a43b31cdbaed748f click click

“Everyday OPSEC” (operations security), packet sniffing, and a neat trick to hide pentesting equipment.

News

Starts at 6m00s.

  • (During intro) There is apparently a Twitter database dump from a compromise, and apparently there is a large amount of celebrity accounts reporting compromised. Apparently, however, it is pretty old.
  • CentOS 6.8 was released.
  • A Florida man was caught jamming mobile signal.
    • The FCC totally manhandled him. Protip: don’t mess around with FCC affairs.
  • The US military still uses 8” floppies for some functionality.
  • The FOSSCON 2016 CFP is open
    • Registration and other info is available here.
  • The LinkedIn database leak is available.
    • Always be careful when popping various personal information on compromise-checkers, but you may find this handy.
    • This is also handy.
    • If you want to try getting into password cracking, the dumps can (at the time of episode release) can be found via several links mentioned here. It’s also available via a magnet link.
  • A dog charity org has paid the ransom to a ransomware, at a haggled price.
  • (Mentioned during Discussion) Paden mentions this (which are SUPPOSEDLY used in civil forfeitures- keep reading). Important to note is in the 5th and 14th Amendments, the government shall not deprive anyone of “life, liberty, or property, without due process of law…”- an exception to this is civil forfeiture, which I mention, but that can only be valid in the case where the monies, property, etc. being seized is suspect of being evidence/involved in a crime.

Notes

Starts at 12m08s.

I was drinking the same rum as before. Jthan was drinking a Dry Dock Apricot Blonde. Paden sung praises about Matilda.

  • Packet sniffing! (24m20)
    • We fail to mention this early enough, but WE DO NOT CONDONE ATTACKING NETWORKS YOU DO NOT OWN OR DO NOT HAVE PROPER AUTHORIZATION TO PERFORM THESE ACTIONS ON.
    • Jthan mentions using Python to do packet sniffing. I also mention Scapy (but that is moreso used for packet creation, manipulation, etc.)
    • When we talk about sniffing SIP packets, I mention a STUN server/proxy.
    • Paden also mentions reassembling SIP in Wireshark.
    • Port mirroring is generally considered the “appropriate” way of sniffing traffic if using it for “legitimate” purposes (i.e. debugging network issues).
    • I mention tcpreplay, and Wireshark, and my personal favourite for capturing packet dumps: tcpdump.
    • Passive sniffing tends to be used by tools like p0f, in which your machine can simply listen to packets being broadcasted on the network and identifying hosts etc. without throwing up any red flags on any NIDS (Network Intrusion Detection System) or NIPS (Network Intrusion Prevention System).
    • For bluetooth, there’s some pretty awesome bluesnarfing tools.
    • You can sniff Zigbee
    • and EDGE/GSM
    • and run your own spoofed (or legitimate for in-house use) mobile carrier.
    • Possible mitigation:
      • Turn off ANY connection (bluetooth, ethernet port, NFC chip, Wi-Fi card, etc.) not being used.
      • RFID can be blocked by various technology.
      • As Paden brings up, the only real protection/mitigation you can have is persistently examining your network and technicians. Yes, that means physically- with your eyes and feet. Because these things (and these, and these, these, these…) exist.
      • I can’t seem to find the Deviant Ollam talk I reference about incentivizing higher vigilance with monetary reward. If anyone knows where to find it, let me know! I can’t seem to remember the title.
  • A woman in China uses 3D-printed heels to hide pentesting gear (48m34s)
    • You can find a write-up here, but the really interesting thing is this Reddit thread where she answers a lot of technical questions as to the design of the shoes- her posts are pretty interesting/informative as well. You can find a series of photos showing off the scheme here.

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (52m37s)

There was a ransomware fail in which the victim toasted three of their backups- because they hooked them up to the running infected system.

Errata

  • Jthan is wrong (starting 55m26s)- he absolutely said that someone shouldn’t be mocked for their use of a language not natively their own. See S1E5. The conversation thread starts at 11m37s, and the important parts are 13m00s, 14m24s, and especially lulzy starting at 15m18s. So much for being “open-minded”, Jthan. :P

Music

Music Credits
Track Title Artist Link Copyright/License
Intro Secrets to Yourself WJLP click CC-BY-NC 3.0
Outro Mellow Acid CyberSDF click CC-BY 3.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories Season One

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.