Here is a collection of blog posts and other things I did or found interesting in 2013.
Violent Python - TJ OConnor
I was the technical editor for Violent Python.
http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579
SHMOOCON 2013
Here are some links to my 2013 Shmoocon presentation. Unofficial sources report 1200+ people in the room for my presentation with Jake Williams.
http://www.wipethedrive.com
Here is a video: http://www.youtube.com/watch?v=R16DmDMvPeI
I also did a series on the Internet Storm Center on the topic. Here are some posts.
Part 1 - http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+Mechanism+-+Part+1/15394
Part 2 - http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+2/15406
Part 3 - http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+3/15448
Part 4 - http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+4/15460
SANS SEC573 PYTHON FOR PENETRATION TESTERS
I authored a SANS Course! SEC573 Python for Penetration Testers. This is awesome!
https://www.sans.org/course/python-for-pen-testers
File Hiding and Process Obfuscation
Here is a post I did on Pauldotcom.com on hiding processes.
http://pauldotcom.com/2013/02/file-hiding-and-process-obfusc.html
Python PSEXEC rocks
http://pen-testing.sans.org/blog/pen-testing/2013/03/27/psexec-python-rocks
Manipulate Volume Shadow Copies from Python
http://pen-testing.sans.org/blog/pen-testing/2013/04/12/using-volume-shadow-copies-from-python
SMB Relay Demystified and NTLMv2 Pwnage with Python
http://pen-testing.sans.org/blog/pen-testing/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python
TDS, MSSQL and Python
http://pen-testing.sans.org/blog/2013/05/21/tds-mssql-and-python-oh-my
Antivirus Evasion - A peak under the Veil
http://pen-testing.sans.org/blog/pen-testing/2013/07/12/anti-virus-evasion-a-peek-under-the-veil
Windows is 0wned by Default!
Well. This is pretty scary stuff. Rootkits without Rootkits. AV Evasion. My latest research project hit some serious pay dirt here. Sitting in Jason Fossen's SEC505 Securing Windows class is always inspiring and educational. Two years ago I was watching him play with the Application Compatibility Toolkit. I commented that it looked a lot like a rootkit. Jason (one of the smartest guys I know) said, "Yep, I think there is probably a lot of things you could do with that." Jason is awesome. I dug into it for a while, shared it with a few friends, then presented it publicly at this years Derbycon! Check it out.
http://www.youtube.com/watch?v=SVqiDdVS7Wo
Violent Python - TJ OConnor
I was the technical editor for Violent Python.
http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579
SHMOOCON 2013
Here are some links to my 2013 Shmoocon presentation. Unofficial sources report 1200+ people in the room for my presentation with Jake Williams.
http://www.wipethedrive.com
Here is a video: http://www.youtube.com/watch?v=R16DmDMvPeI
I also did a series on the Internet Storm Center on the topic. Here are some posts.
Part 1 - http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+Mechanism+-+Part+1/15394
Part 2 - http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+2/15406
Part 3 - http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+3/15448
Part 4 - http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+4/15460
SANS SEC573 PYTHON FOR PENETRATION TESTERS
I authored a SANS Course! SEC573 Python for Penetration Testers. This is awesome!
https://www.sans.org/course/python-for-pen-testers
File Hiding and Process Obfuscation
Here is a post I did on Pauldotcom.com on hiding processes.
http://pauldotcom.com/2013/02/file-hiding-and-process-obfusc.html
Python PSEXEC rocks
http://pen-testing.sans.org/blog/pen-testing/2013/03/27/psexec-python-rocks
Manipulate Volume Shadow Copies from Python
http://pen-testing.sans.org/blog/pen-testing/2013/04/12/using-volume-shadow-copies-from-python
SMB Relay Demystified and NTLMv2 Pwnage with Python
http://pen-testing.sans.org/blog/pen-testing/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python
TDS, MSSQL and Python
http://pen-testing.sans.org/blog/2013/05/21/tds-mssql-and-python-oh-my
Antivirus Evasion - A peak under the Veil
http://pen-testing.sans.org/blog/pen-testing/2013/07/12/anti-virus-evasion-a-peek-under-the-veil
Windows is 0wned by Default!
Well. This is pretty scary stuff. Rootkits without Rootkits. AV Evasion. My latest research project hit some serious pay dirt here. Sitting in Jason Fossen's SEC505 Securing Windows class is always inspiring and educational. Two years ago I was watching him play with the Application Compatibility Toolkit. I commented that it looked a lot like a rootkit. Jason (one of the smartest guys I know) said, "Yep, I think there is probably a lot of things you could do with that." Jason is awesome. I dug into it for a while, shared it with a few friends, then presented it publicly at this years Derbycon! Check it out.
http://www.youtube.com/watch?v=SVqiDdVS7Wo