Thursday, January 21, 2010

Blackhat DC

Another Metasploit track is in the works, this time for Blackhat DC. I will be presenting on exploit automation using the Metasploit Framework. Hope to see you there.

Wednesday, October 21, 2009

Media Frenzy

Some life-changing events going on over at the metasploit blog

Saturday, August 08, 2009

Sliding Home

As promised, my slides for Blackhat/Defcon 2009 have been placed in a web-accessible location: Using Guided Missiles in Drive-bys. Thanks everyone who showed up. To those who didn't, maybe I'll see you next time.

Tuesday, July 14, 2009

A Dark-colored Chapeau

I'm making this post in the vain hope that someone cares about what security conference topics I find interesting. With that being said, Blackhat is going to be awesome this year, not least because of the Metasploit track. Without further ado, here are the talks I plan to attend.

Day One:
I'm presenting at 13:45 and, judging by my history, I probably won't be done with my slides until about 13:43, so I'm planning to miss all of the morning stuff.

15:15 Stefan Esser: State of the Art Post Exploitation in Hardened PHP Environments
This is a tough choice and I may end up flipping on it later. Valsmith and Colin's stuff is freaking awesome but I think Esser's work could end up being really useful for PHP meterpreter.

16:45 Valsmith, Ames, Kerb: Metaphish pt2.
I hope I can get into the room after the break.

Day Two:

10:00 Datagram: Lockpicking Forensics
Lockpicking is a terrifically fun hobby and I'd like to learn more about it.

11:15 Nick Harbour: Win at Reversing
I usually lose.

13:45 Danny Quist & Lorie Liebrock: Reverse Engineering by Crayon
Dr. Liebrock was a professor of mine and Danny is one of the best Reverse Engineers I've ever met. Can't miss this one.

15:15 Kostya Kortchinsky: Cloudburst - Hacking 3D and Breaking out of VMware
I'm not especially interested in VMware but Kostya Kortchinsky is an exploit machine. If I die half as good as Kostya is today, I'll be happy.

16:45 Vincenzo Iozzo & Charlie Miller: Post Exploitation Bliss - Loading Meterpreter on a Factory iPhone
Meterpreter is awesome and having the same post-exploitation toolkit available on multiple platforms is something I've wanted for a long time. The fact that these guys ported it to a tiny embedded device that frequently gets connected to tons of open wifi networks is an extra bonus.

Thursday, May 14, 2009

VMWare keyboard issues

I've been fighting with keyboard issues in VMWare since I started using Ubuntu. I'm not sure if the problems are specific to Ubuntu or if they were just introduced around the time I moved away from Gentoo, but either way, it's really annoying. First, VMWare would occasionally not recognize keys correctly in guests. The down arrow would become the windows key, shift would become ctrl, and alt, home, end, pgup, pgdn and the rest of the arrow keys would appear to quit functioning altogether. Outside of the guest, everything was fine. The fix for that was to tell VMWare to use the keymap provided by X instead of trying to figure it out. Open up ~/.vmware/config with your favorite editor (creating it if it doesn't exist) and add the following line:
xkeymap.noKeycodeMap = "TRUE"
Thanks to for this one.

Next, VMWare would occasionally cause all of the same keys from the previous bug either to stop working or to act as though they are permanently pressed in the host. After playing with this bug for awhile I found that it happens most reliably when coming out of full-screen mode. There's no real solution for this one, but running "setxkbmap" from a terminal fixes it. The vmware forums have a thread about this issue. Since I sometimes can't type when this bug strikes (e.g. when ctrl is stuck), I added a launcher to my gnome panel so that a single mouse click can give me my keyboard back.

Lastly, when using ctrl-g to have vmware grab input, it never releases the g key. I haven't found a fix for this (except to avoid using ctrl-g) and the only way I've found to get a working desktop back is to ssh in from another machine and killall vmware.

Sunday, December 07, 2008


The Ubuntu package ruby1.8 does not install an executable called ruby. It is expected that users install the package ruby which depends on ruby1.8 and installs a single file: a symlink called /usr/bin/ruby that points to /usr/bin/ruby1.8.

Wednesday, November 19, 2008

Metasploit 3.2 released

Despite a number of delays and HDM's slave-driving schedule, The Metasploit Framework version 3.2 was officially released today. My main contributions include reliable bind, reverse, and findsock payloads for PHP script vulnerabilities and Browser Autopwn, a web client fingerprinting exploit machine.

I will post more about Browser Autopwn, including some step-by-step explanations of how I use it, in the coming days.