[Plug-security] SQL Injection Session Thank You

Lisa Kachold lisakachold at obnosis.com
Sun May 12 14:37:18 MST 2013


Yes,

Hello Dustin Hoffmann!

NOTE:  Folding in the SECLIST:



On Sat, May 11, 2013 at 10:38 PM, Richard Busch <rcbisme at gmail.com> wrote:

>
> Hi Lisa,
>

I enjoyed the fun with David yesterday, didn't you?  He gives great
complex/simple explanations especially covering programming.

>
> Thank you for a fun, exciting, interesting and educational session today.,
>  I am now on the plug security email list, but I missed the emails from
> earlier today at the session.  When you get a chance I would love it if you
> could forward those to me.  The first email I did receive was your email
> tonight on Android Security Projects.
>

The email yesterday evening  was specifically addressed to the FAUX-PWNie
Pad Project by Lori R.  Since we have group resources and the technical
expertise of others who can add value to their projects, such projects
documented on the site(s) as an ongoing resource for new students and
members.

Glad you got the PLUG email listserver setup.  I apologize  that I did not
understand you were not on both email lists, therefore you didn't have the
URL of the link on how to exploit the Damned Vulnerable Linux for SQL (but
you did a good job regardless).  I know that part of the lab could have
been better directed; as I kept getting drawn in a dozen directions rather
than telling everyone to hold on a second and read the whole page
athttp://12.159.65.86/dvwa/login.php (name
and password at the bottom of the page.  Scott Becerra is especially glad
to see us move in the direction of more complete and "observation based"
web systems exploits.  In 2009, I took all Scott's  flags when he provided
his first  fully featured exploitable system [only 2 people showed up - due
to some PLUG Scheduling Snafu].  We also took the majority of flags at
DefCon 7 in our two person team, and it was not via any AutoPWN or Armitage
Hail Mary.  Scott Becerra was driving up from Southern Arizona were he was
employed at that time government COMP/SEC.  Some of our best members get
pulled away by employment - our regards to Steven Kaplan in New Mexico now
with DOE.

 Yet another indicator of my "hacking together" things at the last minute.
I thought that your partner sitting with you could forward to you, or show
you where that's all in Plug Email archives?  He's been involved with PLUG
for a very long time.  Perhaps you just wanted to talk with me further (I
enjoyed our discussions).

I didn't see the presentation materials from David Demland yet, did you?

>
> Below is a link to Firesheep I mentioned when the red haired woman was
> presenting on her cute Andriod pwnie pad.
>

Yes, I am glad you mentioned this browser tool.  I did play around with
Firesheep some time ago (and it's mentioned in the linsk I sent yesterday.

>
> http://codebutler.com/firesheep/?c=1
>
> Thanks again for the fun time, I look forward to attending the next and
> furture security session.
>

Ditto, I was pleased to see you return.  This subject SQL Injection is
especially difficult to teach, while I rather muddled around getting
everyone using the right tool.  At a pure hackfest, no tools would be
provided not hints related to the Virtual Machine Target (like the
Metasploitable, built  on ESXi server).

I am promoting a new side research, to David, that includes power learning
and teaching techniques or tools that might be deployed to essentially
"hack human learning potential". The premise is based on the concept that
any learner can be dropped into a learning tree (gradient) at any place,
and without former context, absorb the subject matter as well as anyone
with complete former prerequisites by adding some simple techniques.   I
used to call it "Obnosis" or "Knowledge by Observation" (but Scientology
was piqued by my use of their word/concept and I continually hacked by
Anonymous Group, who thought I was them, and Scientology who called me
Squirrel).

>
> Dick (the guy with the new glasses from Zenni)
>
I Love Zenni Optical Glasses!

Yes, Dick, thanks!  Most of our members choose to be confidential, even
refusing to trade email addresses or provide last names, it's difficult.
 My memory is such context based, and I am concentrating on the various
Targets I have built, and forensics devices and network monitoring tools or
helping people get things going, that it takes a few time of talking with
someone to remember him/her.

David and I are amused with the whole process of interacting with the PLUG
Hackfests in our various roles.  David is a accomplished systems
development analyst and programmer, as well as an adjunct teacher at DeVry
University.   David's volunteers with the Hackfests as a community member,
not a teacher which gives him greater experience to call from.   I am a
technical professional with contract accolades (short list 10 years)
including building ChoiceHotels Property Systems QA/DEV/PROD tiers; 24
systems rebuild for SkyMall; all systems for HomeSmart International.
 Hundreds of systems for University of Phoenix including  AWS EC2  in two
diverse projects. TSYSTEMS (DHL Freight),  iCrossing, ATJEU and Rhino
Equipment Corporation round out the short list.   Other PLUG Hackfesters
and volunteers bring nearly 100 years of systems experience protecting,
securing and investigating current security and systems..  Most of us are
competent writing ACLs or iptables, JunOs, Cisco HACMP ASA or PIX.  Some of
us also hold IBM WAS or JBOSS - WebLogic - and Application Server code
monkey support certs.  But kids in College really can be grandiose,
arrogant and disrespectful; it's nice that DeVry's students for the most
part sidestep those ego defense mechanisms to just HACK and play, with a
willingness to wear the silly nose or whatever it takes for the fun games!

-- 

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com <http://it-clowns.com/c/index.php>
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-security/attachments/20130512/edcc2a8c/attachment.html>


More information about the Plug-security mailing list