Category: Uncategorized /
Tags: no tag / Comments Off
*In the LAST of this Series* (yes you read that right) we will be discussing EXPLOITATION. We will delve into the differences between a vulnerability and an exploit, discuss and understand how bugs in software lead to compromise, and see REAL LIFE EXAMPLES of vulnerable web applications, software, and operating systems.
We will be introducing a few new programs, all of which are available on the BackTrack distribution (fyi, they recently released a new version at http://www.remote-exploit.org/backtrack_download.html) However everything that we will be discussing is included on previous releases. If you are wanting to use your OWN operating system, make sure you download and install nmap, nessus, and the Metasploit 3.0 framework.
This session will probably be fairly lengthy, so if you are interested please come prepared.
Above is a Rube Goldberg device constructed by ulysses and cinus. The device is fairly simple as there are only 5 events involved in switching on the coffee maker.
A weight slides from atop the string, triggers a mouse trap, which then tugs another string allowing a battery to fall downwards into another mouse trap, closing a circuit.
The coffee makers momentary switch was removed from the PCB and instead replaced with two wires connected to the mouse trap. Once the mouse trap is triggered, the switch closes and turns on the coffee maker.
Last night was our Thursday general meeting — the space is open every Thursday evening for anyone to come down and see what happens. We had a few new-ish faces in the space last night, including TensorFlux from Pumping Station: One, a hackerspace in Chicago. He was in the middle of a motorcycle touring/camping journey through a good chunk of the US and parts of Canada, and decided to stop by to visit CCCKC. Here, he’s catching up online while Ulysses works on a clever electronic art project.
As part of the general meeting, we usually offer talks and demonstrations on Thursdays. Last night, dj goku continued the Cyber Security series by setting up a group lab demonstration and hosting an open discussion on using SSH to tunnel and encrypt your insecure traffic on hostile networks. I actually learned that OpenSSH has its own SOCKS listener! All this time, I’ve been using a significantly more complicated setup with OpenSSH and Squid Proxy. In most cases, the -D [port] option to ssh will work just as well and is much easier to set up. I’ll see if dj goku has some slides and links that I can point you to, as I really enjoyed learning something new about a tool I’ve used for years!
After the Cyber Security discussion, Jim Emery used one of the ballasts in the workshop and bent up some metal strapping to build an impromptu Jacob’s Ladder. These are simple to make if you have the right power supply. They’re always a big hit, though!
ax0n (that’s me) worked on getting a 2-cycle engine working properly and attempted to get the drive mechanism fitted to it. The engine starts on the first pull now and runs great, but we don’t have the proper tools at the space to get my drive sprocket attached to the clutch output.
I ended up taking the engine partially apart and discussing with a smaller group how two-stroke gasoline engines work including magneto ignition, centrifugal clutches and flywheel vane air-cooling. Two-stroke engines aren’t terribly efficient, but there is something sublime about their mechanical simplicity. I will post more on this project as it progresses.
I cut rixon off in the beginning, but he says that he is holding a DecTalk Express dtc08. Originally it would not power on because of the dead battery.
Rixon salvaged this from a thrift store. Some weird stuff happened after the first two lines of the first song played, it started reading the characters as literal, instead of in a melody fashion.
The DecTalk has a serial port we were able to connect to through minicom with a 9600 baud rate.
Also, all opponents to CCCKC should fear linoleum knives.
