In part 1 of this episode we have "The Dan Kaminskies"!
Hosts: Paul "PaulDotCom" Asadoorian,John Strand,Larry Pesce,Carlos Perez
Audio Feeds: 
Recently in Security Weekly Category
Alright, so maybe Dan needs some other folks to help, and maybe they're not capable of resetting the internet per se, but regardless, we have Dan Kaminsky live on Episode 208 of PaulDotCom Security Weekly, at 7:30 PM EDT tomorrow night!
Carlos Perez will speak about his latest Ruby script for launching Karmetasploit type attacks in Backtrack!
Join the IRC channel during the stream - we can take live comments and discussion from the channel! Find us on IRC at irc.freenode.net #pauldotcom (You will be required to register in order to chat in the channel, this is an anti-spam measure).
When active, the live stream(s) can be found at:
PaulDotCom Live! - You can watch the live video, listen, and chat during each episode! You can access the streaming videos at any time by visiting http://pauldotcom.com/live/
PaulDotCom Icecast Radio (Audio Only)
Break out your adult beverage of choice and join us, enjoy the show live, and thanks for listening!
- Paul "Salad Shooter" Asadoorian, Larry "HaxorTheMatrix" Pesce, Carlos "Dark 0perator" Perez, Darren "The Other Guy" Wigley, and John "The Father" Strand.
Hosts: Paul "PaulDotCom" Asadoorian,John Strand,Larry Pesce,Carlos Perez
Audio Feeds:
Hosts: Paul "PaulDotCom" Asadoorian,John Strand,Larry Pesce,Carlos Perez
Audio Feeds:
Despite our audio failures we were able to rescue the Barnaby Jack interview. Blame the intern they are expendable and easily replaceable. So please download this fine interview with Mr. Jack as he discusses his imbedded systems work, and some thing about ATM machines that he spent some time on.
Hosts: Paul "PaulDotCom" Asadoorian,John Strand,Larry Pesce,Carlos Perez
Audio Feeds:
Dennis Brown tell us how he used the newly released Kismet for the QuahogCon Badge to spoof parts of the DefCon 18 Ninja Networks party badge. The hosts also discuss stories for this week. The intern makes lame excuses for his DefCon 18 party habits.
Hosts: Paul "PaulDotCom" Asadoorian,John Strand,Larry Pesce,Carlos Perez
Audio Feeds:
Come join the discussion with Barnaby Jack for Episode 206 of PaulDotCom Security Weekly, at 7:30 PM EDT live Thursday evening. Barnaby will be discussing one of the hottest demos at the recent Black Hat security conference where he demonstrated ATM "jackpotting".
"So Paul, what do you say to having Barnaby give you a hand with your ATM transactions from now on?"
Mark Baggett will also be discussing a new tool that he wrote, similar to CeWL, Mark's code will generate a custom password dictionary for a specified user using Social Networking sites!
Join the IRC channel during the stream - we can take live comments and discussion from the channel! Find us on IRC at irc.freenode.net #pauldotcom (You will be required to register in order to chat in the channel, this is an anti-spam measure).
When active, the live stream(s) can be found at:
PaulDotCom Live! - You can watch the live video, listen, and chat during each episode! You can access the streaming videos at any time by visiting http://pauldotcom.com/live/
PaulDotCom Icecast Radio (Audio Only)
Break out your adult beverage of choice and join us, enjoy the show live, and thanks for listening!
- Paul "Salad Shooter" Asadoorian, Larry "HaxorTheMatrix" Pesce, Carlos "Dark 0perator" Perez, Darren "The Other Guy" Wigley, John "The Father" Strand, and Mark "Quiet but Deadly" Baggett.
This is a very different episode of our podcast. I wanted to take a moment to tell all of our listeners about a recent tragedy. Last Friday night Matthew Shoemaker, co-founder of the Infosec daily podcast, passed away. Mathew left behind a wife and two children and will be missed greatly. I appeared on an episode of the ISD podcast, and had a fantastic time talking to Rick and Matt. In fact, Rick and Matt were scheduled to be on tonight's show. Instead, I'l like to take a moment to tell all of our listeners how they can donate to support Matt's family. Simply go to http://pauldotcom.com/shoemaker. This will re-direct you to a site where you can use Paypal to make a donation to Matt's family. While I didn't know Matt all that well, it was a great time when I appeared on his show and I know many are grieving his loss.
Matthew Shoemaker 1973 – 2010
From all of us at Pauldotcom we extend our deepest symapthies.
Our sincerest condolences go out to the friends and family of Mathew Shoemaker of the Infosec Daily Podcast. He will be missed for sure. We will dedicate a special episode to Matthew later this week.
Paul and John shoot the breeze on a lazy summer night and talk about Linux honeyports, vulnerability scanning vs. penetration testing, IPv6 host discovery, and attacking consumer devices.
* Sorry for the audio lag and weirdness it will be better once the new studio is complete!
Plane ticket to Las Vegas: $500. Admission ticket to Defcon $140. Hotel room: $99/night. Admission to exclusive Ninja Networks party: $0. Passing out at party, getting your face written on, and having your picture taken with darktangent and others: Priceless.
Hosts: Paul "PaulDotCom" Asadoorian,John Strand
Audio Feeds:
Last ShmooCon something wicked and evil happened. The fine folks on the PDC mailing list decided it would be a great idea to have a place at Shmoo where we could all meet up and share Rainbow Tables. What a grand idea! After all, good Rainbow Tables can easily go well into the hundreds of gigabits so why not have a nice get together and share?
Small problem. Everyone showed up with empty hard drives. No one, not a single person, brought any tables at all.
Zip.
Add to this the fact that my external hard drive with my Rainbow Tables crashed out on me last week. So, we now have two important lessons to take from the Rainbow Tables saga. Lesson one: no one is willing to share. Lesson two: backups are kind of important.
To remedy this situation I went to the fine people at Project Rainbow Crack and ordered a new set of tables for NT and LANMAN hashes. You may say that simply downloading them would be cheaper, and you would be right. However, we were in a bind on a current pen test and needed them immediately. Turns out it would be much faster to order them and have them shipped to us rather than download them.
I went to the section the Project Rainbowtable site to buy the tables and ordered the USD $300 set. What I would get is a new 320 GB hard drive and the 272 GB of tables for LM and NT hashes to go with it. What I was not expecting was that overnight air was included in the cost.
These guys simply rock. The service was excellent, and their packing… well their packing was something to be seen to be belived.
As near as I could tell it was wrapped in bubble wrap, 4 years of newspaper compressed to 1" around the entire drive and the strongest tape known to man wrapped liberally around the drive.
First, I needed the right tools.
Finally, I was able to squeeze the box out and see what was sent to me. It was an external hard drive. No Liquor to replenish my stock. It would have been better if there was alcohol in the package. For this reason, and this reason only, they get 4 out of 5 stars.
Everything was in its place. The tables, and the software to make them sing. I was a bit disappointed to see that only the programs for Windows were included. A bit of a bummer, but that is ok. There are plenty of places online to find Linux and OSX programs that work with the tables that were sent to me.
Oddly enough, the software was WinRAR protected with a password of "abcde12345". I am pretty sure this has something to do with crypto export controls. But it still made me chuckle.
How did they work? Beautifully. We were able to crack an Admin LANMAN password hash in under 5 min, and a NT only hash in under 15min.
When you get the tables there will be a couple of things that you will notice. First, the tables are in .rtc format. This is no big deal, except other tools like Cain and Able will need the tables to be in .rt format. The fine folks at Project Rainbow Crack have a few excellent tools to covert the formats here.
I cannot recommend the product from the fine folks at Project Rainbow crack enough. The drive is ok and the service was prompt and the tables worked.
Also, I am currently backing up the tables to two different drives.
Next year I will be bringing some tables to share.
There are currently a number of great sites that offer free tables. Below are just a few:
http://www.freerainbowtables.com/
http://ophcrack.sourceforge.net/tables.php
Before you come to Shmoo get some tables and bring them to share with everyone else.
We will not have a repeat from last year.
-strandjs