Luckily I was able to escape Washington DC’s 3rd round of snow to enjoy the tropical 40 degree weather here in Tampa today and write this post. Despite the blizzard and its many names, the ShmooCon faithful came out in full force to make another great conference. As usual, ShmooCon featured interesting presentations, shenanigans, and a chance to hang out with those friends you usually only see at Cons.
I want to thank everyone who attended the Stealing Guests…The VMware Way talk, especially since no one threw shmooballs at us. For those of you who haven’t done so yet, head on over to the [Tools] (https://fyrmassociates.com/tools/) section of the Web site to grab GuestStealer and try it out yourself. Also, Ron over at Skull Security created an Nmap script to identify vulnerable VMware systems. Visit his [blog] (https://blog.skullsecurity.org/2010/how-to-install-an-nmap-script) to download the script and view instructions for installing the script.
Continue reading
I will be giving a presentation on XAB (Cross Site Scripting Anonymous Browser) at the University of South Florida’s Whitehatters Computer Security Club’s next meeting on January 29th at 5:00PM. If you are a student at USF interested in learning about computer security, I highly encourage you to get involved with the club. See you there!
Continue reading
Back in November, I had the opportunity to take part in the Great American Teach In. This event takes place at schools around the Tampa, FL area and invites local volunteers to come into the classrooms to teach kids about their job. The objective is to familiarize kids with differing careers and hopefully get them excited so that they do well in school. For my experience, I spoke to a group of 4th graders regarding online safety and security. I figured a lesson in online safety would be more beneficial than teaching them the latest social engineering techniques or how to execute a cross-site scripting attack that pops up an alert box with their friend’s name in it. I can only imagine what would happen with the kids going home and telling their parents that Mr. Flick taught me the best way to break into data centers. For full-disclosure purposes, my hidden agenda in this blog entry is to convince you to volunteer next year and potentially provide some tips if you do volunteer. While this event was in the Tampa, FL area, most schools have a similar type of event.
Continue reading
We’ll be hosting an informal reception at the [Hofbräuhaus] (http://www.hofbrauhauslasvegas.com/) Las Vegas on Thursday, July 30 to celebrate Tony, Matt, and Jeff’s Black Hat and DEFCON presentations. Please RSVP to rsvp[shift+2]fyrmassociates.com or talk to one of the guys wearing the FYRM Associates shirts at Black Hat. The beer will start flowing at 6 PM and we’ll be around until at least 8 PM.
Continue reading
My abstract for this year’s Black Hat DC was picked up. I’ll be presenting the XSS Anonymous Browser tool, or XAB for short. I’m currently hammering out some of the more technical aspects of the tool, but I’ll have a working proof of concept ready for the conference. Plus if there’s time (who am I kidding?), I’ll release a second tool that is a great defense against the attack vectors that XAB utilizes. You can read more about the XAB tool presentation at the Black Hat DC 2009 Speakers Briefings page,
Continue reading
