Mark Baggett - In Depth Defense

Here is a collection of blog posts and other things I did or found interesting in 2013. Violent Python - TJ OConnor I was the technical editor for Violent Python. http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579 SHMOOCON 2013 Here are some links to my 2013 Shmoocon presentation.  Unofficial sources report 1200+ people in the room for my presentation with Jake Williams.   http://www.wipethedrive.com Here is a video: http://www.youtube.com/watch?v=R16DmDMvPeI I also did a series on the Internet Storm Center on the topic.   Here are some posts. Part 1 -  http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+Mechanism+-+Part+1/15394 Part 2 -  http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+2/15406 Part 3 -  http://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+3/15448 Part 4 -  http://isc.sans.edu/diary/Wipe+the+drive!++Stea...

I suppose I should update this site more often... So much to hack; so little time.   Here is some of the public stuff I have been working on in 2011, 2012. Grabbing Usernames, Passwords, Cookies and more from HTTPS websites http://pauldotcom.com/2012/07/post-exploitation-recon-with-e.html http://pauldotcom.com/2012/09/data-mining-event-tracing-for.html Privilege Escalation through VMWare snapshots http://pen-testing.sans.org/blog/2012/08/03/pen-test-privilege-escalation-through-suspended-virtual-machines Using Windows Resource Monitor to find hackers http://isc.sans.edu/diary/13735 A great SCAPY shortcut for TCP Fussing https://isc.sans.edu/diary.html?storyid=14080 Python Shells: One liners: http://pauldotcom.com/2011/10/python-one-line-shell-code.html Put Meterpreter in Python for 100% evasion: http://pen-testing.sans.org/blog/2011/10/13/tips-for-evading-anti-virus-during-pen-testing Cool new SQL Injection Tool - It is different! http://pen-testing.sans.org/b...

Here is an archive of links to my 2010 Pauldotcom posts. Tshark/Wireshark SSL Decryption - Lessons Learned Windows 7 symbolic links and hidden files Real time Google Hacking Web Application Penetration Testing - Part 4 Web Application Penetration Testing Script - Part 3 Web Penetration Testing Scripts - Part 2 Web Penetration Testing Scripts - Part 1 Creating per user customized dictionaries with USERPASS Using Metasploit to control netcat and third party exploits Exploring the Facebook API Capturing SSH V1 & V2 Credentials with a MitM ssh honeypot Resilient SSH Tunneled Meterpreter Session Nessus Scanning through a Metasploit Meterpreter Session SSH gymnastics with proxychains Meterpreter script to unlock the screensaver Killing the Monkey in the Middle Running a command on every machine in your AD domain from the command line Bypassing AV with msfencode -x Smashing the General Ledger for fun and Profit (AKA Accounting 101 for Penetration Testers) NOT A CON!!!! (it's a b...

I've gotten a couple emails asking where I went. For those that do not know I've been posting on Pauldotcom.com. In the future I will post my entries here also, but really... You should follow pauldotcom.com!!!! :) See you there. Wireless Access Points Defcon 2004 style GINA Authentication Bypass Shmoocon tickets. See you there! All your Active Directory Computer objects - Gone in 60 seconds

http://pauldotcom.com/2009/11/authentication-bypass-in-gina.html

Maybe not, but its pretty cool!

Originally posted on http://pauldotcom.com/2009/08/tcp-frament-evasion-attacks.html By: Mark Baggett I recently read a very good article on tuning Snort's Stream5 preprocessor to avoid "TCP Fragment Overlap" attacks. It's a great article, but the wording confused me. I thought to myself, "TCP Fragments, that must be a mistake. The TCP Header doesn't have a 'more fragments bit', a 'fragment offset' or anything to support fragmentation. How can there be any TCP fragments?"   Typically when we talk about fragmentation attacks we think about Layer 3 attacks. Attackers manipulate the IP packet headers to pull off various insertion and evasion attacks. Examples of layer3 attacks include overlapping fragment attacks and temporal evasion (host reassembly timeout evasion). These attacks are explained pretty well in an article titled "Evading NIDS, revisited" . So what is TCP or Layer 4 "fragmentation"? Really, its ov...