I teach network secuirty at ECPI College of Technology. At the end of every class students present their projects for the course. One group put together a video of their project and I figured it would be a good idea to post it. It’s about 27 minutes and goes over a hand full of things, one of the neatest being the part using Nessus and Metasploit’s autopwnage. I also think the video has some great funny moments as well, especially the Star Wars CVE effect. Either way let me know if you find it helpful or not. I don’t have the greatest bandwidth so be patient with the player as it may take a while to load. It’s also a large video, high resolution that is, so don’t forget to click the fullscreen icon on the bottom right of the player. The audio capture is low so you will probably need to jack up the volume.

It’s taken me a couple of days to recover from Carolina Con. I knew it was going to be a riot with all the alcohol in walking distance. Now that I have my equilibrium I can post my presentation on Layer 7 attacks. My laptop and the projector weren’t working well together so I had to borrow Nick Fury’s laptop which didn’t have all the tools I needed for the presentation, so I wasn’t able to present the second half of my talk. I’m hoping this video will compensate. Keep in mind that my total presentation was going to include this video (scenario 1, cross site texting) and my previous video post of analyzing cookies (scenario 2). One thing you won’t see in this screen cast is that during the presentation I used a volunteer from the audience to prove that an attacker could text himself the username and password of an unsuspecting victim. Luckily apples from the HTS crew let me spam his phone with my demo and all he got was a t-shirt, a kick ass Carolina Con t-shirt that is. Well I had a great time and I’ll definitely make it back next year. As always I would love to hear your comments and feedback.

travis:~$ cat BigUpsMuchRespect

1. nc2600
2. txs
3. wxs
4. Deral Heiland
5. Sahba & Dan @ Security Compass

This video is a follow up on my written documentation of using Webscarab to analyze session ID’s. This video walks through the Altoro Mutual web application, demo application set up by WatchFire, showing which cookies are weak and which cookies are strong. It’s very important to have strong cookies because cookies keep information about your account on that particular application. If an application has weak cookies then your account could be compromised revealing sensitive information about yourself. Hopefully this video will show you how to analyze the strength of cookies for an application that you use. As always please let me know if I screwed up somewhere in the video or if you have an idea for a better approach, I’d love to hear from others.

I have finally gotten around to posting a video tutorial of Webscarab. This tutorial merely covers the basics on Webscarab and is a mirror reflection of my written tutorial, Webscarab Tutorial Part 1 (learning the basics). I plan on continuing this video series as I did with my written tutorials. I have always been a fan of video tutorials because they cut right to the chase and show the exact steps how something is performed. I have always frequented the videos on Iron Geek and Milw0rm which have been great resources as well. Don’t forget to maximize the video in the bottom right hand corner of the player, otherwise the video is pointless because you wouldn’t be able to see anything.

The video seems to have some background noise from the audio recording, if anyone has a suggestion for making a better recording I’m all ears. I recorded the screen cast with CamStudio but I also tried Record My Desktop in Linux. I wanted to use Record My Desktop but it was even worse. It could have been my cheap Logitech microphone that was the root cause of the problem? Please post feedback and let me know if these videos are useful, your feedback will determine what content I post in the future.