In search of — a range

So been calling more places:

  • http://www.shootnsecrets.com/
  • http://www.deepriver.net/
  • http://www.the-range.comror

Talked with my brother.. hes’ gonna put some feelers out as well. This may come down to a set of compromises:

  • Close but restricted on type of weapon
  • Far away (1.5 hours) but less restrictive.

    I’ll keep updating as my feelers come in.

  • Posted in CarolinaCon, Shootout2012 | Leave a comment

    Carolinacon Shootout

    So I am going to be coordinating the Shootout this year. I went last year and had a blast, and the guy that did it last year moved to Florida. So I am volunteering it this year. I am checking out several ranges:

    • www.range37.com
      • Takes most any weapon
      • Phone mailbox is full .. sent email.
      • 45 minutes away
    • www.the-range.com
      • 1:15 away
      • Left VM
    I have my brother investigating a few places locally as well.  I’ll put more up as I get to it. 
    Posted in CarolinaCon, Shootout2012 | Leave a comment

    Shmoocon Labs – Looking Back

    So now that I’ve settled back into my life after the whirlwind that was getting married and 3 weeks later being at Shmoo, I wanted to reflect on my experience this year, as well as look back a bit at what has come before. Labs ( and shmoo ) has been a part of my life for 7 years now, and 6 of them teaching. It’s always fun, always a learning experience, and always something I really look forward to.

    What is Labs?

    Labs is an environment where we build all the infrastructure for Shmoocon in 24 hours. It’s designed to be a teaching environment at several levels: team-leads teach a specific area, attendees build that area, and everyone must work together ( most times with someone they don’t know ) to bring things together. While it can be a stressful environment, we also have a really good time finding solutions to problems. Getting to work with your peers is one of the best parts of Labs.

    History

    So I started with labs waayyy back in 2006 as a participant. I had come to the Shmoocon before, having found it on a short list of east-coast security cons. I had tried several others locally including SANS and ShadowCon at Quantico, but this was the first ‘hacker’ con I went to. What fun. I had never been in a place where people throw balls at speakers for spouting merde, let alone building 2 cycle shmooball shooting devices ( And starting them up in the conference ball room! ). At the end of that ‘con I asked if I could help out. Heidi recommended that I check out labs, so I put in my paper and was accepted.

    We had a ball. We had to build the network from the ground up, literally because we had blank machines. We downloaded the ISOs (cd’s back then 😉 and constructed the machines. I was on the ‘infrastructure’ team.. and we got things running pretty quickly. We even hung a hotel sheet on the wall using gaff-tape and put up a display of our system logs and such. Way fun. The team I worked with was a spread of beginners to senior SA’s, but all had the willingness to learn new stuff and try new things. We had pizza and coffee to keep us going and our network didn’t get hacked, didn’t go down. I walked away with a personal commitment to continue to participate, and perhaps get more involved.

    The next year, I offered to ‘teach’ Infrastructure, and was accepted. We got labs going and everything went really well ( Tho I think that’s the year we attempted #openbsd and it exploded in our face). The next day as we were last minute tweaking, I found out I was promoted to shmoocon staff when I was unexpectedly invited to the pre-con staff meeting. What a great feeling! It was really neat to have my hard work recognized and become part of such a neat family. It cemented my commitment to working with the ‘con.

    So thru the next several years, I continued to teach Infrastructure. I also started thinking of other things i could do for the ‘con. At the ‘0wn the con’ one year, I mentioned how silly it was to have paper reviews when we’re a bunch of computer geeks, and was promptly told “well then fix it!”, and so I created our reviews site. I have also taught a self defense course for geeks ( in CoungNhu karate), and this year I gave my paper ‘TTL of a Penetration‘ which was well accepted.

    2012

    This year, Labs went even better than expected. It was a bit different in that Brett Thorson staged a bunch of ‘vm’s for us, and we had most all of the configs from last year, so we were able to start from about a 70% complete state. Also my team was made up of senior admins, so we could explore some areas we’d never done before. So we added:

    • A certificate authority
    • A puppet-based VM deployment tool
    • central auth using LDAP
    • central syslogging and nagios ( we didn’t have a monitoring team this year )
    • Trac based Wiki and Ticketing system

    And everything mostly went really well. Even with all the pre-event planning on the mailing lists ( a record number of emails this year! ) we still dynamically have to alter plans and come up with solutions. We had a few hiccups .. but that’s normal and part of the plan actually. As we’re a group of people with the same objective, and usually diverse training and capability, someone always brings something new the rest of us can learn from. Our team did an outstanding job this year, and I owe them a debt of gratitude.

    We’ve already started planning new concepts and ideas for next year, and as labs seems to grow and improve with every iteration, I expect we’ll actually implement some of them. There seems to be a recurring theme for next year in that we start looking at ‘defense’ as strongly as ‘offense’. Hackers tend to like to find ways to break into things, and admins like for that NOT to happen, so I am hoping to build a new idea into shmoocon that incorporates both ideas. Labs is kinda the epitome of ‘defense’ given our attendee group 😉 and so that crew could be a group to move that idea forward. Time will tell.

    If you’re reading this and considering labs, you’ll love it. As a newbie, you’ll get to work with senior people who can teach you both theory and application in building a high-risk network. As a senior person, you’ll get to work with your peers, and play in a really cool environment. You can learn everything from IPv6 to making Cat-5 cables, creating a secure firewall to displaying data in really cool ways. It remains one of the high-points of my year, and something I will always look forward to. I encourage you, if you win that golden ticket, apply for labs and come join us! I promise you won’t be disappointed.

    Posted in shmoocon | 1 Comment

    ShmooCon Talk Slides and Vid are up

    Just found they posted everything on shmoocon site:

    If you have comments about these .. please leave em below.

    I am constantly refining this presentation and would love to give it again, if you have interest, let me know!

    Posted in IT Security, shmoocon | 1 Comment

    In Boston

    Got some quick work supporting Dept of Transportation on a cutover. Got to hang with my bud Desmo .. had a nice evening. It’s cold up here. They’re expecting snow .. and the accents ( tho I am sure I sound like a pickemuptruck redneck to them ) .. geez. Tho .. I’ve been careful NOT to mention the word ‘Giants’ *snicker* whilst I am here.

    Anyway .. back home tonight… yay!

    Posted in IT Security, Work | Leave a comment

    ShmooCon 2012 Talk

    I had a great time talking at Shmoocon this year! Thanks to all the people who sent in feedback!  I take such very seriously and have already worked to tweak this presentation with those comments in mind. I am putting the Shmoo2012 version of my talk up so people can find it if they’re interested.  With out further adieu:

     http://sandsite.org/~branson/TTL-Penetration-Shmoo.pdf

    If yer interested in me giving this talk for a group,  I love to do such things, let me know.

    UPDATE: My talk was also mentioned in the Washington Post.  My .15 seconds of fame are up!

    Posted in IT Security, shmoocon | Tagged | Leave a comment

    SOPA Roundup

    Lots of things going on in prep for the blackout:

    – List of sites goin black: here

    – Another .. more full list: http://sopastrike.com/

    – GREAT song:

    Lots of wordpress plugins ..

    seems like this thing is gonna happen. Good to see peeps getting involved!

    Posted in Uncategorized | Leave a comment

    SOPA Dead .. PIPA next

    So reading all over that SOPA is Dead(tm) .. however .. it’s not really dead till withdrawn. So I have concerns that it’s a red herring.  Especially since we’ve seen congress backdoor legislation ( NDAA anyone ) when they couldn’t do it publicly. I am still going thru with the blackout as I believe that awareness needs to be raised.  Hopefully people will see and react.

    I did see an interview/debate on UP between Reddits Alexis and the VP and Gen Counsel of NBC.  It wasn’t bad… I feel like Alexis got caught on the whole idea of ‘finding a legit way to access content’ .. but the VP was a total ass: interrupting the interview several times and spouting talking points instead of answering questions and debating on the substance of the issue.  You can see it here .

    Posted in Politics | Leave a comment

    Wedding Pictures

    We’ve had lots of requests for pictures from the wedding. Vikki has been working diligently to make em look pretty.. so with out further ado …

    [Galleries 1 not found]
    Posted in Personal, Uncategorized | Tagged | Leave a comment

    Got Married

    Had a fantastic wedding against a glass pane full of snow. Had lots of good family and a great time. I’ll post pics as soon as we get them up. Thanks to the 28 peeps that ustreamed the event and watched us get married. Now just to get home .. snowing it’s butt off.

    Posted in Uncategorized | Leave a comment