Backtrack 4: How to use Metasploit Training Class

I was going to do some training videos on how to use Backtrack 4. I did some searching to see what was already out there (why re-invent the wheel?) and I found some amazing videos on how to use the Metasploit program in Backtrack 4. If you are looking for some top notch training from some top notch experts, look no further.

This, by far, is some of the best training videos I have seen on Metasploit. It is a taped security conference from the ISSA Kentuckiana Chapter and is billed by Adrian Crenshaw as being “more Metasploit than you can stand!”

The instructors are Adrian “Irongeek” Crenshaw, David “ReL1K” Kennedy (Creator of the Social Engineering Toolkit), Martin “PureHate” Bos, Elliott “Nullthreat” Cutright, and Pwrcycle .

Topics include:

  • Introduction to Metasploit in Backtrack 4
  • Scanning and Pivoting
  • Fuzzing and Exploit Development
  • Meterpreter and Post Exploitation (and a demo of Metasploit Express)
  • Social Engineering Toolkit
  • Encoding fun and Fast Track

The class was held as a charity event with the request that attendees donate to Johnny Long’s Hacker for Charity program. I learned more about Metasploit in a few hours than I have in months playing with it myself. This is definitely worth checking out.

A link to Irongeek’s site, downloadable videos and the Hackers for Charity food program link can be found here

Stuxnet, just another Malware or Targeted Cyberweapon?

For those who follow Cyber Arms regularly, you have noticed that there was not a Cyber Arms Intelligence report this week. With Stuxnet being the major news story by far and with so many different main stream news channels covering it, it just seemed to be redundant.

I still personally believe that Israel is behind Stuxnet. Not that I am against Israel in any way. But, they do have the technology, know how, and the intent. I remember near the end of last year, that Israel announced that they would strike Iran before January 2010 if negotiations and sanctions against Iran failed. Last I checked, negotiations have not worked and Iran has been laughing at the sanctions.

Israel is known for taking the best and brightest of their college youth and placing them into government security type positions. Israel’s signal intelligence and code decryption Unit 8200 is formed this way. This is the same unit that also gave Israel’s hackers a choice in the 1990’s, sign up or face prison time.

A nuclear armed Iran is a very serious threat to Israel. For us here in the US, it is a big concern if Iran gets nuclear weapons, but to Israel it is a life or death issue. Israel is such a small nation, about the size of New Jersey, and is surrounded on every side by nations that hate her or want her destroyed. If Iran did not attack Israel directly with nuclear weapons, Iran most likely would sell nuclear material to any number of terrorists groups.

Israel attacked nuclear reactors that were being built in Syria and Iraq. No way would they sit idly by and allow Iran to complete the Bushehr plant. Also, with Russia helping Iran build the plant and up until recently, possibly providing them with state of the art anti-aircraft missiles, the possibility of an air strike was dwindling. So, how do you take out a nuclear plant, without bombing it from the air?

Stuxnet seems to be the perfect weapon for the job, a USB drive malware that attacks SCADA systems, uploads its configuration data and can even reprogram the equipment. Then it can hide itself with a root kit to prevent detection. 

Did I mention that one of the world’s largest USB drive manufacturers was founded and is run by an Israeli engineer? No correlation I am sure.

The command and control server for Stuxnet has been taken down, as far as we know. But even experts do not know if removing the malware will completely eradicate the effects. Control equipment company Siemens was afraid that even with the virus removed, it may have already altered parts of the Siemens programming language and recommended that infected users restore from a known good backup.

So Iran may have a nuclear plant, but will it ever be safe to turn it on?

Steam Game Client won’t Run on Windows 7 64-Bit Version with PCTools

Just wanted to post this hoping I could save someone the pain I went through. I was running Windows 7 Ultimate 32-bit on my game machine, and decided I wanted to install the 64-bit version to see the difference.

When I was done, the system was identical to the way it was before, except now it was 64-bit. Same programs, anti-virus, everything. All my games ran beautifuly, except for Steam. None of my games I bought through Steam would run, though they ran fine in the 32 bit version of Windows 7 Ultimate. The games would act like they were going to run, but then nothing. It would just drop out to the desktop.

No problem, I thought, I will just contact Steam. Well, to make a long, very frustrating story short, it took about a month and a half to get it working. It turned out that 64-bit Steam client does not like PCTools Anti-Virus runing at all. It had to be completely shutdown and disabled before any games will run. The strange thing is that I had no problems at all running Steam and PCTools on my 32-bit version of Windows 7.

I give Steam support an F-.  They would have you try something, you would try it, then it would take them a week sometimes to get back to you. Demanding to be escalated to a higher level of support or to speak to a manager does nothing. Also, asking for a contact number or trying to find a phone number for Steam is also a waste of time. I found three numbers for Steam, and none of them worked.

I have been a very long time Steam user and never really had any problems. But, when I finally did, it seems that Steam went out of it’s way to make it difficult to get support.