Welcome!!!

I have this post up to welcome everyone to the site who are considering coming to the shootout this year!! You can read below for the evolution of this years event, but we will be going to the excellent Range37 for our annual weapons extravaganza! I encourage you to look around for yourself, I anticipate this to be much fun.

I have created a mailing list for notices and discussion for the event.  Please go subscribe here to be informed of carpools etc.  I’ll be updating this blog as well if you want to RSS.

I am looking for fun ideas for contests this year.  The balloon board was a hit (pun intended) last year, and we’ll probably do something similar.  If you have thoughts, mail me so we can start to put things together.

Lastly, this year we WILL have an onsite grill ( Big enough for a pig .. working on that 😉 and picnic tables and .. wow! .. bathrooms!

I look forward to hearing from everyone, and can’t wait to see ya for the fun.

Posted in CarolinaCon, Shootout2012 | Leave a comment

TSA Scanners found to be easily penetrated

https://tsaoutofourpants.wordpress.com/2012/03/06/1b-of-nude-body-scanners-made-worthless-by-blog-how-anyone-can-get-anything-past-the-tsas-nude-body-scanners/

This is a very interesting read on how the scanners can be easily subverted. If you fly, this is worth your time to read.

Posted in Flying | Tagged | Leave a comment

Flying a 737 in a demo today

Well .. flying a simulator. We have high-fidelity plane modeling and medium fidelity simulator. I’ll have someone take pics of me and post em here.. but lots of fun. I have learned that flying a Jet is way different than flying a GA plane. The autopilot really makes things much easier. One thing about this system is the yoke has no trim .. when you come out of autopilot .. where the yoke is .. is neutral. So it’s good to get on final and glide-slope to make sure you can land it.

Posted in Flying, NASA | Leave a comment

#CCShootout is a GO!

I have made arrangements with the guys at Range37 ! Sounds like it’s perfect for us:

  • we start at 11am .. and can shoot till close ( Tho we’ll leave around 4ish to make it to the ‘con )
  • $200 to rent a bay ( 20-25 shooters on the line at a time )
  • A Bay is 35 Meters deep and we can put most any target out there we want
  • They have a grill and picnic tables for lunching.. so we can plan some cookin!
  • Range officer on site at all times to manage the shoot
  • they have some other ranges available ( up to 400 yards )
  • they have a shop on site with:
    • ammo
    • targets
    • rental for all kinds of weapons

    So sounds like we’re set. I am working with the #Carolinacon guys now to get the announcement ready and start working on extra things:

  • Registration?
  • Lunch?
  • T-Shirts?
  • Contests?
  • Carpool?
    More on this here as I move forward.

  • Posted in CarolinaCon, Shootout2012 | Leave a comment

    In search of — a range

    So been calling more places:

    • http://www.shootnsecrets.com/
    • http://www.deepriver.net/
    • http://www.the-range.comror

    Talked with my brother.. hes’ gonna put some feelers out as well. This may come down to a set of compromises:

  • Close but restricted on type of weapon
  • Far away (1.5 hours) but less restrictive.

    I’ll keep updating as my feelers come in.

  • Posted in CarolinaCon, Shootout2012 | Leave a comment

    Carolinacon Shootout

    So I am going to be coordinating the Shootout this year. I went last year and had a blast, and the guy that did it last year moved to Florida. So I am volunteering it this year. I am checking out several ranges:

    • www.range37.com
      • Takes most any weapon
      • Phone mailbox is full .. sent email.
      • 45 minutes away
    • www.the-range.com
      • 1:15 away
      • Left VM
    I have my brother investigating a few places locally as well.  I’ll put more up as I get to it. 
    Posted in CarolinaCon, Shootout2012 | Leave a comment

    Shmoocon Labs – Looking Back

    So now that I’ve settled back into my life after the whirlwind that was getting married and 3 weeks later being at Shmoo, I wanted to reflect on my experience this year, as well as look back a bit at what has come before. Labs ( and shmoo ) has been a part of my life for 7 years now, and 6 of them teaching. It’s always fun, always a learning experience, and always something I really look forward to.

    What is Labs?

    Labs is an environment where we build all the infrastructure for Shmoocon in 24 hours. It’s designed to be a teaching environment at several levels: team-leads teach a specific area, attendees build that area, and everyone must work together ( most times with someone they don’t know ) to bring things together. While it can be a stressful environment, we also have a really good time finding solutions to problems. Getting to work with your peers is one of the best parts of Labs.

    History

    So I started with labs waayyy back in 2006 as a participant. I had come to the Shmoocon before, having found it on a short list of east-coast security cons. I had tried several others locally including SANS and ShadowCon at Quantico, but this was the first ‘hacker’ con I went to. What fun. I had never been in a place where people throw balls at speakers for spouting merde, let alone building 2 cycle shmooball shooting devices ( And starting them up in the conference ball room! ). At the end of that ‘con I asked if I could help out. Heidi recommended that I check out labs, so I put in my paper and was accepted.

    We had a ball. We had to build the network from the ground up, literally because we had blank machines. We downloaded the ISOs (cd’s back then 😉 and constructed the machines. I was on the ‘infrastructure’ team.. and we got things running pretty quickly. We even hung a hotel sheet on the wall using gaff-tape and put up a display of our system logs and such. Way fun. The team I worked with was a spread of beginners to senior SA’s, but all had the willingness to learn new stuff and try new things. We had pizza and coffee to keep us going and our network didn’t get hacked, didn’t go down. I walked away with a personal commitment to continue to participate, and perhaps get more involved.

    The next year, I offered to ‘teach’ Infrastructure, and was accepted. We got labs going and everything went really well ( Tho I think that’s the year we attempted #openbsd and it exploded in our face). The next day as we were last minute tweaking, I found out I was promoted to shmoocon staff when I was unexpectedly invited to the pre-con staff meeting. What a great feeling! It was really neat to have my hard work recognized and become part of such a neat family. It cemented my commitment to working with the ‘con.

    So thru the next several years, I continued to teach Infrastructure. I also started thinking of other things i could do for the ‘con. At the ‘0wn the con’ one year, I mentioned how silly it was to have paper reviews when we’re a bunch of computer geeks, and was promptly told “well then fix it!”, and so I created our reviews site. I have also taught a self defense course for geeks ( in CoungNhu karate), and this year I gave my paper ‘TTL of a Penetration‘ which was well accepted.

    2012

    This year, Labs went even better than expected. It was a bit different in that Brett Thorson staged a bunch of ‘vm’s for us, and we had most all of the configs from last year, so we were able to start from about a 70% complete state. Also my team was made up of senior admins, so we could explore some areas we’d never done before. So we added:

    • A certificate authority
    • A puppet-based VM deployment tool
    • central auth using LDAP
    • central syslogging and nagios ( we didn’t have a monitoring team this year )
    • Trac based Wiki and Ticketing system

    And everything mostly went really well. Even with all the pre-event planning on the mailing lists ( a record number of emails this year! ) we still dynamically have to alter plans and come up with solutions. We had a few hiccups .. but that’s normal and part of the plan actually. As we’re a group of people with the same objective, and usually diverse training and capability, someone always brings something new the rest of us can learn from. Our team did an outstanding job this year, and I owe them a debt of gratitude.

    We’ve already started planning new concepts and ideas for next year, and as labs seems to grow and improve with every iteration, I expect we’ll actually implement some of them. There seems to be a recurring theme for next year in that we start looking at ‘defense’ as strongly as ‘offense’. Hackers tend to like to find ways to break into things, and admins like for that NOT to happen, so I am hoping to build a new idea into shmoocon that incorporates both ideas. Labs is kinda the epitome of ‘defense’ given our attendee group 😉 and so that crew could be a group to move that idea forward. Time will tell.

    If you’re reading this and considering labs, you’ll love it. As a newbie, you’ll get to work with senior people who can teach you both theory and application in building a high-risk network. As a senior person, you’ll get to work with your peers, and play in a really cool environment. You can learn everything from IPv6 to making Cat-5 cables, creating a secure firewall to displaying data in really cool ways. It remains one of the high-points of my year, and something I will always look forward to. I encourage you, if you win that golden ticket, apply for labs and come join us! I promise you won’t be disappointed.

    Posted in shmoocon | 1 Comment

    ShmooCon Talk Slides and Vid are up

    Just found they posted everything on shmoocon site:

    If you have comments about these .. please leave em below.

    I am constantly refining this presentation and would love to give it again, if you have interest, let me know!

    Posted in IT Security, shmoocon | 1 Comment

    In Boston

    Got some quick work supporting Dept of Transportation on a cutover. Got to hang with my bud Desmo .. had a nice evening. It’s cold up here. They’re expecting snow .. and the accents ( tho I am sure I sound like a pickemuptruck redneck to them ) .. geez. Tho .. I’ve been careful NOT to mention the word ‘Giants’ *snicker* whilst I am here.

    Anyway .. back home tonight… yay!

    Posted in IT Security, Work | Leave a comment

    ShmooCon 2012 Talk

    I had a great time talking at Shmoocon this year! Thanks to all the people who sent in feedback!  I take such very seriously and have already worked to tweak this presentation with those comments in mind. I am putting the Shmoo2012 version of my talk up so people can find it if they’re interested.  With out further adieu:

     http://sandsite.org/~branson/TTL-Penetration-Shmoo.pdf

    If yer interested in me giving this talk for a group,  I love to do such things, let me know.

    UPDATE: My talk was also mentioned in the Washington Post.  My .15 seconds of fame are up!

    Posted in IT Security, shmoocon | Tagged | Leave a comment