- USHE-assess - devlists.utahtech.edu

psexec pffffft...
by Chuck Kimber 23 Oct '15

23 Oct '15

psexec is so old school. We don't need no stinkin psexec! https://www.trustedsec.com/october-2015/new-tool-spraywmi-mass-wmi-pwnage/ Have fun with that!

2 2

SANS Critical Controls 6.0
by Goble, Andrew 20 Oct '15

20 Oct '15

FYI, discovered this today... 6.0 is out and they reordered everything and added/dropped a control.

2 2

smb and nmap
by Dustin Udy 28 Sep '15

28 Sep '15

Hey guys, Here is the paper that I was reading and things I was using while on the Weber audit. Pretty cool stuff. Thanks for the lead Dave! http://www.sans.org/reading-room/whitepapers/testing/scanning-windows-deepe…

1 0

Weber External Scan
by Mark Walton 17 Sep '15

17 Sep '15

I'm getting ready to kick of an external scan of Weber. Since it's a new version of Nessus, I had to try and remember some of the scan settings we used from last round's policies. Here are a few I remember: - We are not scanning fragile devices (Network Printers and Novell Netware hosts) - We are scanning Web Applications and I enabled "Enable generic web application tests". But I'm just using the defaults, no special settings. - Safe Checks are enabled - I'm just using the default Performance Options. (Network timeout=5, max checks per host=5, max hosts per scan=100) If any of you have recommendations for changes to the scan settings, just let me know and I'll kill the scan, make the changes, and start it up again. Mark

1 0

New Assessment Team Members
by Andrew Goble 15 Sep '15

15 Sep '15

Hey All, FYI: Those on the Weber Assessment are already in the loop, but Matt Lorimer and Allen Hill from Utah State are the joining the team in lieu of Chuck, rest his soul. Allen, Matt, maybe respond so I can make sure that I've got you added to the listserv. Thanks, Andrew

4 3

I go chop your dollar
by Chuck Kimber 04 Sep '15

04 Sep '15

Well ladies and gentleman, and whatever Dustin is, I'm writing in to let you all know I have thoroughly enjoyed my time working with you on these assessments. You have all become some of my closest friends. I know there have been a couple of times where it felt like I was a no-show (sorry UVU, I had big plans for you till I broke the leg) and didn't find much, but I always learned something and tried to bring at least one new trick to each assessment and you were all so nice indulging me with them. As you all know I've been looking for something that was more of a full-time security gig. An opportunity to do that has finally presented itself and I'll be taking it, starting Sept 8th. It'll be much more Blue Team oriented, but I hope to talk them into some in-house Red Team audits as well. Just know that I will miss our little gatherings and chats, while Dave does all the work. As for USU's contribution to the team, I'll be making some recommendations and they should be acting on it very quickly, with the Weber audit coming up. Should you feel so inclined to stay in-touch, and I really hope you do, you can reach me at the following: email/IM: chuckarama(a)kimbers.us You all should have my phone number, but if you don't and want it, just let me know and I'll send it along. I tend to use Google+ more than Facebook, and follow a few of you there, so if the rest of you join up, let me know. Jake: The blue will always be strong with you. Dustin: The Goblin, we'll always have our time on the SLCC stairs together. Dave: Just keep doing what you're doing. ...leveraging UVU raises at the U's expense. Jon: Thank your wife for me. ...her pastries are delicious. Mark: Stay hepatitis free down there, my friend. Andrew: Don't you EVER hack my server again! Not being able to live with the shame might be the whole reason I'm leaving... Don't cry. Instead, in my absence, enjoy the Nigerian scammer song. https://www.youtube.com/watch?v=cG57mPMiJvw My favorite part is the subtitle translation where "disappear" is misspelled as 'despair'. What else would you expect from a Nigerian Scammer?! Chuck

5 12

Secrets Pentesting Techniques!
by Chuck Kimber 03 Sep '15

03 Sep '15

Nice little talk about pentesting, but especially the need to do internal pentests. Tried to get this going at USU, couldn't move certain individuals beyond the philosophizing stages, about it's value. https://www.youtube.com/watch?v=79g40dq3M9w

2 2

Pentest Heels
by Chuck Kimber 25 Aug '15

25 Aug '15

Was totally going to print a pair of these for the next pentest. Someone else will have to take up the challenge. Dave? I could see you in a pair of these. http://www.theregister.co.uk/2015/08/24/heeled_hacker_turns_wedges_into_con…

2 1

Re: [USHE-assess] Universities being targeted by jm511
by Chuck Kimber 24 Aug '15

24 Aug '15

Sorry. Not saying they came in through Banner, I just recognize all of those as big schools that use Banner. I have interfaced directly with Northern Illinois DBA's. It's only a matter of time till they find a server that is connected back to Banner, is what I'm thinking. On Mon, Aug 24, 2015 at 7:55 AM, Mark Walton <walton(a)suu.edu> wrote: > Why do you say "All Banner schools"? From how I read the article, the > "banner: '5.0.22-log'" is just the banner returned from a certain service, > not necessarily that they are running Banner. Or am I totally missing > something? Admittedly, the details of Banner are a mystery to me. > > Mark > > > On Sun, Aug 23, 2015 at 2:22 PM, Chuck Kimber <chuck.kimber(a)usu.edu> > wrote: > >> All Banner schools. Including WGU. >> http://www.databreaches.net/more-american-universities-hacked-by-jm511/ >> >> _______________________________________________ >> USHE-assess mailing list >> USHE-assess(a)lists.dixie.edu >> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess >> >> >

1 0

Universities being targeted by jm511
by Chuck Kimber 23 Aug '15

23 Aug '15

All Banner schools. Including WGU. http://www.databreaches.net/more-american-universities-hacked-by-jm511/

1 0