I realize this is a bit old now… but I keep coming back to it. For posterity. A wise sage once said: There’s an old saying in Tennessee — I know it’s in Texas, probably in Tennessee — that says, fool me once, shame on — [pauses] — shame on you. Fool me — [pauses] — You can’t get fooled again. I really do wonder how he got elected […]
A one line gawk script to transfer a file to a waiting netcat… it’s sort of a really crappy one-way netcat that you stuff things into. I actually sort of needed this when on a suxx0r really stripped down busybox linux system that had zero file transfer programs, it was a wasteland… but the fools left gawk on the system… so a quick hack to do file transfers: […]
So I’ve been winding down my project at DARPA and thought I’d put down some at least close-to-final thoughts on it. I’ve been asked a number of times about how much people should charge for their work. Three things on this: The government is doing you a favor if you get accepted – you get to do what you want, keep it, and that’s it? That’s gotta be worth […]
I’ve been looking at IPMI lately (an under-the-server-hood set of arcanery) and ran across the ipmicmd tool… I can’t recall another tool with a more obscure set of command flags. Here’s an example: ipmicmd raw 0x3a 0x1c 0x01 0x00 As you’ve probably guessed, that’ll send the command to IMM to switch Bank and then reboot. Thanks to IBM dox for that example (and others.)
Everybody’s Talkin’… no one’s doing? Talking to a CSO of a fortune 500 company and a CSO of a bank… asked them if they ran scanners or vulnerability assessment tools on their home systems. No. Of course no. 0-3. And pretty much no one I know in the security profession does… it’s way too painful, way too hard, way too… much of a pain in the ass. We talk […]