Friday, June 14, 2013

New Website!

Hey Guys,

We are officially moved to the new website http://learnnetsec.com/ !

Join us over there. I Have imported all of the posts and comments from here to there!

Let me know what you think about the new sites! I appreciate the feedback!

Cya there!


Thursday, June 13, 2013

Updates: New Stuff!

Hey Guys,

So, I have decided to bite the bullet and buy a real Domain Name! www.LearnNetSec.com  - was purchased today with some help from our ad's on the site and on youtube. This site here @blogspot will remain in use as we make a transition to the dedicated domain. I decided to do the dedicated domain so I can have more control over the overall website and blog content. I may also create a forum there for you guys to hang out, discuss, etc. I'd also like to get an IRC channel going but that is a lot of management (had one some years ago).

The second thing that is new, is that I finally joined us to Twitter today! I think twitter is a better avenue to give you guys updates than having to not only post it here, then facebook, and youtube. I have twitter linked with Youtube, so when new videos are uploaded I can quickly share them to twitter as well. So head on over to our Twitter Account HERE  and follow us for news, and updates there as well as the blog here.

I am also proud to announce that we have reached 100 subscribers to Youtube! Saturday the 15th will mark the first 30 day mark since this project was created. We have 8 videos on Youtube, so on the average that is 2 new videos a week! It's hard work, but It's totally worth it if you guys enjoy them and learn from the series. And by the looks of things, it seems you guys do!

So, a HUGE THANK YOU to everyone who has contributed to growing this project with me. If it weren't for you, we wouldn't be here at all!

Here's to the future! You guys Rock!

Updates: Next Week

Starting Next Week:


I am going to begin compiling the data for the presentation on "Phases of NetSec" which will discuss all of the details, steps, etc in Network Security Auditing and Penetration Testing. So far it's 13 slides of just talking points, so there is a lot of ground to cover. 

I am trying to figure out how to Produce the Video. Meaning it's obviously going to have to be done in parts since there is so much information to cover. 

While I am working on that, don't forget to check out the newest video:
Tor-Buddy Script Demo Tor + Proxychains + Anonymous DNS:
https://www.youtube.com/watch?v=AedFlLSmJf8

I will still be making Quick Vids based on your guys input on what you would like to learn in the interim. We have had 2 requests so far, 1 for nmap and one for VM-tools for kali linux. nmap will be included in the next video set: "Phases of NetSec".

Remember, please don't forget to like and share our videos, Facebook, and of course this very blog with all of your friends, family, and co-workers! Our presence on the web has been growing steadily, and that is great! The more people interested, the more creative I can be! 

Thanks Guys! See you in the next Video!

Wednesday, June 12, 2013

Tor-Buddy Live

New Script: Tor Buddy! Now Live!

Available in our downloads section HERE

Demo Video:




Don't forget to Like, Subscribe, and Share! 

Tuesday, June 11, 2013

Updated OpenVAS-6 OpenVAS EZ Startup Script

Updated OpenVAS-6 OpenVAS EZ Startup Script


I have updated the OpenVAS-6 EZ Setup script located HERE to include not only the startup script I wrote but also the Check-Setup script provided by OpenVAS for debugging purposes. I decided to do this to help users who are having difficulty getting it setup or running.

I am also working on the ToR auto script tonight as mentioned in the video "Installing and Configuring ToR + Proxychains as seen HERE so Stay tuned for that script and a video showing it's usages :-)

Enjoy! And Stay Tuned! 

What's Up Next?

Hey Guys,

As I am sure most of you have already seen, I uploaded what was intended to be a new Video Intro last night that turned out to be more of a Trailer of what is to come in the next few videos. That Video is HERE in case you missed it.

We will be discussing the "Meat and Potatoes" of actually Hacking. Finally! But, it's way to much information to stuff in one video, even my infamous 45+ minute videos. We will start with an overview of what we are going to learn via Presentation slides and explaining each and every topic. Then we will move on to actually Hacking the Network. Explaining what to use, how, why, where, and when in great detail, as always. This is why it must be a multi-part video. We have a lot to cover!

Moving forward from that, we are going to go into Advanced Techniques, such as firewall/IDS/IPS evasion tactics, Packet Analysis, Reporting, Etc.

I will also be making a few videos in the interim, like, Building a real Virtual Lab using ProxMox (Free), Different types of attacks, like MITM, etc.

So Stay Tuned Guys! It's about to get really interesting!

New Trailer Uploaded!

Just a small taste of things to come in future Videos!




Update: New Intro

The New Video Intro:


Okay, Okay, so the new intro really didn't turn out to be a 3 minute or less intro like I planned, however it came out pretty awesome as a Trailer of things to come in the next few videos. It's basically me beating up some boxes on the LAN :-) Video link to follow post upload!

I do still think that the very beginning of the Trailer video has potential to be good footage for an intro to new videos. I just need to edit the intro start song to be 30 seconds but still sound good! I think I can, I think I can!

Rendering video now, and uploading soon!

Monday, June 10, 2013

It's Monday!

Hey Guys,

Hope you enjoyed your weekend. I apologize for making a post so late in the day, but, well, it's Manic Monday here!

The day is un-winding now. I am hoping to get the new intro done today/tonight. Then I want to move onto getting my virtual lab finished so we can resume Hacking the machines in there on the videos. I am going to redo the lab, because I want to further segment it, and put a Virtual Router/Firewall in place to simulate real world excersizes on how to perform firewall evasion.

I will also do a video on setting up your own Virtual Lab as has been requested by one of our members!

I am also thinking of creating a forum where we can ask questions, get help, etc. This idea I am not sure about quite yet.

Enough out of me! Back to work! :-)

EDIT:

I think what we are going to do is save the Virtual Firewall for the Advanced Video Tutorials.

I really want to get into showing you guys some examples of hacking machines. Then we will do a Virtual Lab setup, and then I will re-do the lab and setup the virtual firewall, fire it up on a Public IP, and show advanced techniques in terms of firewall evasion, etc.  

Sunday, June 9, 2013

New Video Intro

Hey Guys,

I am working on a new Intro to our videos. I find as I am becoming better with Video Editing, that the default intro is kinda boring. I am hoping that tomorrow I can get Win2k3 server installed on the VM server. Also, I need to reinstall win7 because somehow it decided to BSOD with the network config, Not even sure why, but that is MSFT windows for you. All of my UNIX/Linux VM's are chugging right along without a hitch. This is why I love linux!

Anyways it's Sunday and I am going to take the day to relax, it was a rough week! Of course though, my brain never shuts off, so I will be doing some reading on Techie stuff, etc LOL.

Enjoy the rest of your weekend. I will see you all tomorrow, and hopefully I can respond to any questions/emails in a timely fashion for the rest of today.

Also, again, Thanks for the feedback, and questions/suggestions you guys have provided so far! It really goes a long way for me to see people interacting and even helping each other on the comments! Our youtube channel now has 67 Subscribers so far! Not bad for under a month of the sites and videos being active (started this on May 15th). I have you guys to Thank for the fast growth of this project, so Thank You!

As always keep sharing our pages, videos, blog, etc. Thanks!

Saturday, June 8, 2013

Happy Saturday!

Hey Guys,

I hope you are enjoying your weekend so far! On Monday I am going to move forward with getting the rest of the Virtual Machines created and configured. I Have ran into a few snags, and that is to be expected since I have never used ProxMox to host VM's before. Since I am lacking the proper hardware to make windows play nicely in ProxMox, it's a bit challenging. I will however press on.

In the meantime, keep reading, and learning.

Do you guys have any suggestions for future videos? Let me know!

And as always Thank You for your feedback, and support! Keep sharing the videos, and our YouTube, facebook, and blog pages!

Friday, June 7, 2013

Good Morning Good People!

I am going to be out in the field today. I will do my very best to answer any questions you guys may have from my phone.

I hope you guys enjoyed the latest video on ToR and Proxy chains I did yesterday. Please keep spreading the word, Thumbs up the videos, share them, and our facebook page. Thank You!

Enjoy your day!

Thursday, June 6, 2013

New Video: Installing, and Configuring ToR Proxy with Proxychains + Exmaples

New Video: Installing, and Configuring ToR Proxy with Proxychains + Exmaples



Enjoy!

Not So Anonymous


First, let me start off by saying in no way to I condone nor condemn Anonymous in any way, shape, or form. That being said;

We have all heard about the Hactivist group Anonymous. And over the last few years many of them have been caught. Reason? They lack the common sense and ability to properly protect their identity, while conducting their "missions". Don't get me wrong, I have nothing against Anonymous, and that is not the point of this thread, however I will say that the main issue with Anonymous is the lack of properly providing information to their "Collective" members on how to properly disguise their identity when carrying out there attacks. Sure, they make it really easy for any kid with a PC to fire up an app and hack a server/machine, but doing so with no realization that they will likely be caught.

Sure, the Federal Government have a lot more tools up their sleeves these days in comparison to the days of  people like Kevin Mitnik, etc., but for every action there is an equal reaction. And sure, proxies no matter they type are no longer the safest way of disguising your identity due to servers that log inbound proxy connections, DNS leaks, etc. However, that being said, there are ways around that too, to which I will not disclose here, nor will I entertain how it works.

The truth is, there have been "Hactivist Groups" around for ages, it's nothing new. But Anonymous has grown in leaps and bounds, and that is something we as netsec professionals should be concerned about; After all we are paid to prevent attacks, and find them before the bad guys do, right? But the ones that must harbor the fear of Anonymous are the ones that have something to hide. I Know there are rouge Anonymous members that don't abide by the creed of the group. And the only reasons that exists is because of the lack of management of Anonymous members. Imagine if Anonymous had an organizational structure? The world at large would be digitally doomed.

The reason I brought this up is because of this story here: http://gawker.com/the-fbi-raided-steubenville-anonymous-guys-house-here-511634071

Again, I do not Condone or Condemn Anonymous and their actions. We are here to train network security professionals, as spoken of in our disclaimers. Should you choose to use the information we provide for illegal purposes, we hold no responsibility or liability for your actions. We are simply a means and source of information for people seeking a Professional Career in Network Security.

The Next Video

Hey Guys! - New Video Coming! 


The next video I am going to do is going to cover using ToR with Proxychains to tunnel your connections for applications over a proxy, without leaking your DNS!

The end of the week is usually crazy for me. I hope to have this done by Monday the latest!

Also, I have been really impressed with how fast this NetSecNow concept is taking off and growing! You guys are all awesome! Thank you very much for helping us grow and succeed! Please, keep spreading the word, sharing the videos, blog, facebook with your friends and co-workers, it helps a lot! I appreciate all feedback, good, bad, or otherwise! So Thank You for that!

And as always, Stay Tuned!

Wednesday, June 5, 2013

New Video: Setting up and Configuring Metasploit + Armitage and More!

New Video! First Look at Metasploit + Armitage!

Guys! It's finally done! The video on Setting up, Configuring and using Metasploit + Armitage, a look at nmap and zenmap. Also, discussion about up and coming videos! 



Update: Video

I put together a video looking at an intro to setting up and configuring Metasploit + Armitage, as it will be needed for our next demonstration video. Also a quick look at nmap and zenmap! It's rendering now (takes about an hour or so) and once it's uploaded to Youtube, I will make a new post about it!

Stay Tuned!

Round 3!

Good Morning,

Okay, so I am going to try this for the 3rd time! I am turning off the ringers on all of the office phones, cell phone, etc.

The video I want to produce today will be about the different phases of Network Security from a Professionals point of view.

I have most of the labs VM machines going, except win2k, as my old install media is messed up and will not work :(. Which is ok, because most of what we will be going over will apply to any machine that is windows based. I am going to fire in a few Linux based machines also, just to give us some more variety.

There is one thing to keep in mind guys; No audit is always successful, and you may not find anything worthwhile. Nothing is 100% guaranteed to succeed!

The video I may wind up producing before we get into this process may very well be setting up Metasploit Framework + Armitage. The only thing holding me back is that I have already went ahead and registered my community version of Metasploit, so I could get the most important updates for vulns. I need to find a way to reverse that so I can show you guys how to do this from scratch!

After that quick video, we will now have most of our more commonly used tools that need configuring setup, so we can dive into the meaty stuff, like actually doing some pentests on the lab! - Finally!

Operation: Get things in order - engaged!

Tuesday, June 4, 2013

Called away...

Right in the middle of the tutorial, phone rings. Incident response call. Will get back on the track first thing tomorrow,  sorry guys! Such is the life of a netsec professional.

Im really excited about this next video. Looking at the phases of an audit. Presentation plus demo!

Good Morning Fellow Hackers of the World!

Good Morning Guys and Gals,

I am still setting up VM's in ProxMox so we can do a full on Tutorial on that. It may take a few more hours to get them all installed.

For now, we will be working with Windows 7 Ultimate, Windows XP Pro, Windows 2000 Pro, and windows 2000 advanced server. I Know what you are probably thinking "Windows 2000?! Who still uses that?!?!" but you would be surprised. A lot of manufacturers still use it because their old proprietary machinist software runs on that platform.

Using windows 7, I want to bring you into the realm of newer OS platforms that are still in wide use, due to the lack of adaptation of windows 8 in corporate environments. Most of the Vulns' and Exploits for win7 can also be applied to win2k8 server, so for the time being, in lieu of a legit copy of win2k8, we will go forward with this.

In terms of windows XP pro.. again you would be surprised on how many corporate environments still have a lot of these lurking around for what ever reason.

Keep in mind, I am funding this entire project out of pocket, so that is the reason for the ads on the blog and youtube. Also, there is always the donations button on the home page, if you feel so inclined :-)

Thanks!

Stay Tuned!

Monday, June 3, 2013

Update on Metasploit + Armitage Tutorial

Well Guys, in testing today with a WIN-7 image on my poor XP VM host box that also runs the Kali environment we have been working with, it has come to my attention that it would be a mistake to try and teach you guys that on this machine, because of the massive amounts of resources windows itself needs to run. The recording would turn out horrible.

So, because I want the best for our learning sessions, I am dedicating a physical machine to handle all of the VM's except for Kali. It will be running ProxMox as it's host OS, which is made to run a VM environment. I am installing it tonight and configuring it with the VM's of what I have; WIN7 Ultimate, Win XP Pro, Win XP Home, Windows 2000, and Windows 2000 server. I was unable to locate my old copy of windows server 2003, and I am still awaiting a donation of a legitimate copy of windows server 2008 for demo purposes. I really want you guys to get a feel for what you are up against out there in the wild, so I am taking my time to do it right, and make available to you as much as I can conjure up in my contacts.

I will be happy if I can get a video out on it tomorrow at least showing windows 7, and XP in the scans with metasploit and armitage,

On another side note, if all goes well with ProxMox (never used it), Perhaps I will setup an subscriber based private network environment for you guys to hack away at. That would be the best to simulate real-world road blocks that you may run into. I have 4 extra static IP's sitting here doing nothing, so why not put them to good use :-)

I apologize for the delay.

Installing VM's

Just an update: 

I am installing a windows 7 VM for testing purposes for the next Video Tutorial: Metsploit Framework + Armitage. I will also be installing a windows XP Pro VM to show you how to hack those as well. Most companies believe it or not are still running XP and server 2003. I need to find my old server 2003 disc and get that going too. I already have metasploitable installed as a VM so perhaps this session we can do one video on metasploitable, and one on windows 7 stock install. We shall see.

I am realizing that my 45 minute videos are much too long for most people, so I am looking into ways of doing multi-part, shorter videos to keep you guys interested :-)

#busybee
As always, keep spreading the word about our project, our audience is growing, so the more the merrier! Keep up the great work guys! Thanks!

Latest kali Update Breaks zenmap

Latest Kali Update Kills zenmap

I just alerted the Kali Linux dev team that the latest apt-get update || apt-get upgrade kills zenmap. You will notice that it won't show up in the menu, or even be launch-able by a terminal command.

The work around is apt-get install zenmap

It should now show back up in your menu and be launched from a terminal.

You're welcome :-)


Security Advisory - Debian Linux 6.0 XORG Exploit

Original Advisory: http://www.securityfocus.com/bid/60126/info

X.Org libXext CVE-2013-1982 Multiple Remote Code Execution VulnerabilitiesThere are no known available exploit code in the wild yet. Solutions are to update for this Debian 6.0 Se Here: 


http://www.x.org/wiki/Development/Security/Advisory-2013-05-23