Today I rebuilt my Windows 7 partition. Amidst flurry of backing up I forgot to save my Firefox profiles. I figured this was a good time to review what I use addons-wise for all my day to day hacking needs.

First things first, most of these addons will have compatibility issues. To update a Firefox addon:

• download xpi (right click "save target as" from the download button on addons.mozilla.com) 
• Open with with winrar
• Open install.rdf with a text editor
• Change the <em:maxVersion>3.xxx.xxx</em:maxVersion> line to your current Firefox build
• save
• open the xpi file with Firefox

Now, here is what I use regularly:

MultiProxySwitch or FoxyProxy - for fast switching to Burp or Tor

PassiveRecon - for OSINT style gathering

ShowIP – show server IP and additional possible IPs if load balanced, also can right click to get netcraft info

Live HTTP Headers – for checking for load balancing et al

Wappalyzer and Backend Software Information – To identify platforms, frameworks, and common apps

Hackbar – for fast submission of post requests without firing up Burp, also has great encoding support. I love Hackbar.

Add n Edit Cookies – invaluable for cookie inspection and testing

Firebug or WiderBug (thanks Andre!) – because its awesome

Lazarus – So i never accidentally forget an injection string i already tried

FxIF - Usually used for metadata analysis in CTF's

Fireforce - I usually use Burp Intruder to bruteforce forms based auth, but fireforce is still neat

Although i don't really use them much greasemonkey with Whiteacid's XSS assistant (careful with this one),  XSSme, SQLinjectME, and SQL Injection! are all good addons for testing injection. They also have good injection regex's to steal for use in other tools.

For general browsery  I use Readitlater and xmarks to keep up a good reading list across all my boxes

For Browser Scripting I use iMacros for Firefox

Caveats:

There was a presentation by Michael Schearer "theprez98" called "Pen Testing the Web with Firefox" , check that out. Also there is a huge mozilla collection called FireCAT by Securitydatabase.com. I like some of the tools but i feel installing the whole collection bloats my browser too much.

Anyways, that's all for now. Happy hacking!

Every year we head to the desert to learn the newest attack/defenses in the world, to share groundbreaking ideas… but not least of all, to have some fun!

Who?	When? (July)	Time	Where?	Link/RSVP	Why?
ModSecurity Happy Hour	Wednesday 28th	4-6pm	munchbar @ Caesar's Palace	open to anyone	modsecurity is awesome
MAD & Nitro Security Party	Wednesday 28th	8PM-10PM	TBA	Invite only	Go to the Nitro Security booth for invite
Black Hat Crawl by Stonesoft	Wednesday 28th	6PM-9PM	Trevi Room, Caesar’s Palace	http://www2.stonegate.com/l/1912/2010-07-13/2895X	pinata and ipad contests
Tenable Party	Wednesday 28th	8:00 p.m. – 10:00 p.m	Margaritaville	http://www.tenable.com/bhparty2010/	Nessus is win, most of the time. Beer and Margaritaville's world famous margaritas will be served. The first 100 people through the doors will receive a Tenable Hawaiian Shirt and a Nessus Cigar.
IOActive Cocktail Party	Wednesday 28th	8:00 p.m. – 10:00 p.m	Spago	Invite only	pick up invites at booth #63
Mcafee Party	Wednesday 28th	8:00 p.m. – 11:00 p.m	Vanity @ Hard Rock Hotel	Invite only	stop by McAfee booth #18
Rapid 7 Party	Wednesday 28th	9:00 p.m. – 02:00 a.m	Palms Fantasy tower	http://www.rapid7.com/forms/black-hat-rsvp.jsp	Open Bar, GoGo Dancers, HD Moore.
Qualys Party	Wednesday 28th	8:00 p.m. – 02:00 a.m	Jet Mirage Club	http://www.qualys.com/company/events/tradeshows/blackhat10/	Dance the night away to Tainted Love (a top 80's cover band) and DJ DIRTYHERTZ at one of the hottest Las Vegas nightclubs JET (JET is really nice)
Madiant Schmooze	Wednesday 28th	7:00 p.m. – 09:00 p.m	Shadow Bar Inside Caesar's Palace	http://www.mandiant.com/news_events/forms/shadow_bar	Random Google Find – dunno – open bar sounds like.
SourceFire VRT Adobe Haters Ball	Wednesday 28th	8:00 pm to 11:00 pm	Casa Fuente, Caesars Palace	Invite only	beg @VRT_Sourcefire for an inv? I dunno -_-
NetWitness	Wednesday July 28	9 pm – 12 am	PURE @ ceasars	http://netwitness.com/resources/register/blackhat2010.aspx	???
FishNet	Wednesday July 28	?	Rhumbar	http://is.gd/dy4RY	???
Cenzic/Dasient	Wednesday July 28	9 pm – 12 am	Caesar's Rainman Suite	http://blog.cenzic.com/public/item/256749	stop by the Cenzic booth (#38)
TippingPoint ZeroDayInitiative 5 Year Anniv Party	Wednesday July 28	8 pm – 12 am	Hard Rock Hotel SkyBar	Invite only	i hear ZDI throws a good party
BSides	Wednesday & Thur 28/29 ·	???	2810 East Quail Ave., Las Vegas, NV, 89120	http://www.securitybsides.com/BSidesLasVegas	While not an "official" party, Bsides is a party by itself. Ask around and i'm sure there will be something going down… I mean c'mon… it's Chris Nickerson running it!
WhiteHat & Accuvant	Thursday July 29	?	PURE @ ceasars	Invite only	"swing by the booth and say hi and if we have any left – grab an invite for our party at Pure for Thursday night"
Security Twits	Thursday July 29	8 pm – ?	Caesar's (suite TBD)	???	???
Defcon Fundraiser	Thursday July 29	???	Riviera Penthouse	???	Cost $40
KartCON	Thursday July 29	7:30pm – 11pm	FastLap – 4288 Polaris Avenue Las Vegas, NV 89103-8100	http://kartcon2010-owasp.eventbrite.com/	50mph Gokart tourney, with bar… win.
Defcon Toxic BBQ	Thursday July 29	5:30pm – 9pm	Sunset Park 7.6 miles from Riviera	http://www.toxicbbq.com/	BYOBBQ and some utensils. People will cook for you if you bring meat!
EFF Vegas 2.0 Party	Thursday July 29	???	Top of Riviera	Open to all, $40 at the door (donation)	All monies go to the EFF (you get a 1 yr. membership for your donation). DualCore, Minibosses, raffle, open bar and much, much more
Microsoft Party	Thursday July 29	9 pm – 11 pm	Vanity	Invite Only	Speakers and top notch security researchers.
Core Security Party	Thursday July 29	???	Sushi Roh	Invite Only	I've been to a CORE shindig before, they can sure throw a party, or atleast spend a grip of cash
ISEC Partners Party	Thursday July 29	10:00pm-TBD	V-Bar @ the Venetian	Invite Only	ISEC peeps are awesome.
Spiderlabs Party	Friday July 30	10:00 p.m. – TBDam	Riviera SkyBoxes	Invite Only (ask a lab spider for an inv)	DJ Keith Swiat, Open Bar, Spiders are 31337.
HackerPimps Party	Friday July 30	???	Riviera SkyBoxes	Invite (email pimpsparty at gmail dot com) @hackerpimps	Caption says it all…
Attack Research Party	Friday July 30	7pm – 2 am	Top of the Riv	Invite only.	Dr Raid, Dj Sailor Gloom , Thee Swank Bastards , Dj Dark Mark, Regenerator, Dj Style.
Ninja Party	Saturday July 31	9 pm – ?	Secret Offsite Loc	Invite Only – https://forum.defcon.org/showthread.php?t=11511&highlight=ninja	Last year i went as part of "the event that didn't happen" the EFF Sec Pillow fight. This year i might be SOL on an invite. The Ninja Party is the most 31337 party there is. I heard finding a ninja and asking them works well… but they are invisible! ='(
IOActive FreakShow	Saturday July 31	9 pm – 1 am	Top of the Riviera	http://www.facebook.com/event.php?eid=135300963167159 & http://www.ioactive.com/news_events_freakshow.html	Tower of Bendy Girls, DJ Keith and Crew, the Return of the Bungee Run, and Gladiator Joust.

This is what I know of atm, im sure im not privy to all the madness and will update accordingly. Also i heard @gattaca is gonna blog on parties too soon. =)

I'll be in Vegas from 23rd to the 1st. See ya there. Twitter DM's go to my mobile or you can email admin -a-t- securityaegis.com to meetup, shoot the sh*t, and have a good time!

*More party updates as they come… Thanks for reading!

* 7/18 Thanks for all the info from everyone on here and through twitter. Updated with toxic bbq, Qualys, Attack research, Sourcefire VRT.

*7/18 Massive update

*7/19 More parties added

*7/19 looking for info on mcafee party

*7/20 added 3 more parties by request of vendors…

*7/22 Added Mcafee party info

I just finished playing in the yearly smpCTF with team MRL. MRL is Midnight Research Labs based out of Boston, who do some really cool research/presentations/tools. You might remember them from their release of SEAT (Search Engine Assessment (Tool) a year or so back. 

smpCTF is a yearly top tier CTF, akin to the Defcon CTF qualifiers, etc.

The challenge areas were: Web, Forensics, Crypto, Pwnables, Trivials, and Misc. Looks like we placed somewhere around 23rd out of 196 registered teams (76 of whom scored points).

Props to all the MRL people and other teamates who made this the best CTF i have played in:  @sussurro @jaredbird @timmedin  and more!

As writeups come i'll post =)

Unofficial Scores

Challenge Page

Writeups:

Challenge #3 (Crypto level1)

Profiling, or OSINT (open source intelligence), is an art. Private investigators have been doing it for years now but, it has just started to show real promise in application to Penetration Testing and Red Team Testing.  A lot of work has been done recently by  Chris Gates and Chris Nickerson on bringing it into the security world.

OSINT gathering is a far more manual process than general profiling. It is usually not included in a regular pentest or assessment, but sometimes is included for an extra fee (from what we’ve seen) .

Why OSINT? It opens up your attack surface and gives you a sprinting start before even sending any packets directly to your target. Just entering in some of the RS engineers' data i was able to get a list of previous addresses, blogs, twitter names, emails, phone numbers, parents names, news articles, etc.  I'd say that's useful.

For a place holder, until we get done with a nice framework, we have compiled a list of links for OSINT gathering web sites we use, by target type; People and Organizational Targets and Infrastructure Targets :

Infrastructure:

Netcraft (Uptime Survey, server info)

Domain Tools (Whois Lookup and Domain info)

Centralops.net  (traceroute, nslookup, automatic whois lookup, ping, finger)

Hackerfantastic.com ( GeoIP, whois, host, dig, blacklists, ping, traceroute & nmap)

whois.webhosting.info (WHOIS and Reverse IP Service/virtual hosting info)

MSN IP Search

SSL Labs – Projects / Public SSL Server Database – SSL Server Test

SHODAN – Computer Search Engine (indexed port scans and banner grabs)

Don't forget to combine this kind of "research" with great tools like wikto, metagoofil, SEAT, FOCA, theHarvester, and Maltego. We also suggest you listen/watch to some of the collective presentations and video from Chris Nickerson and Chris Gates (btw Dale Pearson is the man for setting up the Brucon videos last year).

Also, i had been working with some browser scripting earlier and i made  a quick OSINT script in iMacro. iMacro can record and script up your day to day browser activities. Sometimes this is easier to do than coding something in Ruby or Python due to the AJAX nature of these people search sites. Download the firefox plugin for iMacro here then make a new macro with the below code:

Read the rest of this entry »

A new interview with Ferruh focusing less on Netsparker and more on web security in general. Published in Hakin9 Magazine, Pages 56-58 =)

Download the issue!

http://download.hakin9.org/en/hakin9_04_2010_EN.pdf

Also, Since it was con-time near deadline-time, Ferruh might expand a bit here on some of the questions he didn't get to cover, so stay tuned.

From @ap3r on the Redspin Labs Blog by Nathan Drier on Apr.16, 2010:

With the incorporation of Burp Suite Professional into our audit processes, we (the redspin engineers) discovered that there was not an easy method to extract results from Burp’s session file without having to manually re-run Burp.

In order to automate this process, we have developed a standalone Python script to process Burp’s session files into XML, and have released it under the GPLv3 License here

burp2xml.py

XML will allow you to pull out all types of useful data and feed it to other tools or make scripting an output report much easier. We will be blogging about tips (here) to use this pretty soon, let us know what you think. Shoutout to Paul Hass for all the hard work =)

Just wrote a quick review and jotted down some insights to Google's new web application security scanner. Skipfish. Read the whole thing at the link or just check out the "skinny" 

The Skinny:

We like it. As Google says, its not an end-all-be-all for web application scanners, but it definitely has some great logic, features, and is blazing fast. Also if you have seen the dev track the developer Michal Zalewski has been quick to update for problems (1.01b fixes some crashing problems) and has some great upcoming features planned (pause/resume, VIEWSTATE testing, etc.) Although no scanner will ever replace a smart web app assessment engineer, Skipfish shows some great potential in the security space and… its free. It wont replace any of our manual processes but we will definitely use it when applicable. Thanks Google.

http://www.redspin.com/blog/2010/03/19/skipfish-google-enters-the-web-scanner-fray/