;-)

 

We need to use the file://smb attack on the next phish. We embed an image on the phish site, then anyone who clicks the link will send us their hash.

 

Jon

 

From: ushe-assess-bounces@lists.dixie.edu [mailto:ushe-assess-bounces@lists.dixie.edu] On Behalf Of Goble, Andrew
Sent: Monday, April 13, 2015 3:10 PM
To: Jake
Cc: Nate Henne; ushe-assess@lists.dixie.edu
Subject: Re: [USHE-assess] Equipment Request

 

Yeah you missed the fun when Johnny jacked into the network...

On Apr 13, 2015 2:59 PM, Jake Johansen <jake.johansen@utah.edu> wrote:

The list looks good to me, cannot think of anything to add.

Also, something you guys might want to look at, new twist on an old vuln.

http://blog.cylance.com/redirect-to-smb


Jake




On 4/10/15, 12:35 PM, "Andrew Goble" <goble@dixie.edu> wrote:

>Also, for those of you on the UVU assessment, please find yourself
>reminded that I need report materials.
>
>Thanks,
>Andrew
>
>On 04/10/2015 08:52 AM, Andrew Goble wrote:
>> Aight think I'll just ask for a cool 10k for equipment refresh.  That
>> should cover what we want.
>>
>> On 04/10/2015 07:52 AM, Chuck Kimber wrote:
>>> Get a half dozen Pi 2's in there too.  Nate eluded to this and I've
>>>been
>>> using and playing with all the netbios/netbeui/wpad stuff Jon was
>>> showing us and I was thinking it might be nice to have some portable
>>> Kali,  MiTM boxes that can be sprinkled around and left about different
>>> locations and then ssh'd into from the safety of the war room.  Got
>>>into
>>> a comm closet?  Jack one in and walk away.  Found a classroom or
>>>hallway
>>> jack that puts you on the sysadmin network?  Well.  You get the idea.
>>>
>>> On Thu, Apr 9, 2015 at 4:46 PM, Andrew Goble <goble@dixie.edu
>>> <mailto:goble@dixie.edu>> wrote:
>>>
>>>     So what I've got so far:
>>>
>>>     Burp Suite:  $600 (2 years)
>>>     Crack Server:  $3000  $1700 3 x MSI GTX 980 +
>>>Mobo/RAM/CPU/SSD/Power
>>>     Supply (Case still up in the air, may try to mod an existing 4U
>>>rack
>>>     mount to fit.
>>>     Dell Tower:  $4500 64 gigs of RAM 4 TBs HD -OR- Precision M6800
>>>     Workstation Laptop $3300 2 TBs 32 gigs of RAM.
>>>     Proxmark:  $500
>>>     Duckies:  $160
>>>     Pwn Pad:  $150
>>>     Managed Switch 8 port:  $120
>>>     HW Firewall:  $250
>>>     More flash drives:  $50
>>>
>>>
>>>     Totals:
>>>
>>>     With Workstation:  $9330
>>>     With Laptop:    $8130
>>>
>>>     Figure in another 500 - 800 reserve for more toys later
>>>
>>>     Thoughts?
>>>
>>>     Thanks,
>>>     Andrew
>>>
>>>
>>>
>>>
>>>     Nessus License (2 years, need this anyway and already budgeted)
>>>$3000
>>>
>>>
>>>     On 04/08/2015 10:26 AM, Mark Walton wrote:
>>>
>>>         Maybe some licensed software?  Like maybe Burp Suite.
>>>
>>>
>>>
>>>         On Tue, Apr 7, 2015 at 3:36 PM, Andrew Goble <goble@dixie.edu
>>>         <mailto:goble@dixie.edu>
>>>         <mailto:goble@dixie.edu <mailto:goble@dixie.edu>>> wrote:
>>>
>>>              Hey,
>>>
>>>              I just learned the CIOs are meeting this Friday and will
>>> likely
>>>              discuss and approve continuing the assessments for the
>>>next
>>>         couple
>>>              of years.  I am going to ask for some equipment
>>>refreshment
>>>         funding.
>>>
>>>              What do you think we need for a core equipment refresh?  I
>>>         want to
>>>              stop lugging that giant box around, we could continue to
>>>         use the
>>>              gear in it, just want to leave it in one place.  What do
>>>we
>>>         need to
>>>              buy to take on site with us?
>>>
>>>              Core Gear:
>>>              Beefy workstation laptop or a tower workstation with lots
>>>         of RAM and
>>>              space for Kali, Nessus VMs, etc.  Maybe 2?
>>>              Small hardware firewall, maybe a small form factor Atom
>>>box
>>>         running
>>>              PFsense or something similar to handle the network.
>>>              8 - 12 port managed switch.
>>>              Cracking box - Good pile of RAM and 3 or 4 nice GPU cards.
>>>
>>>              What other toys do you want? (proxmark, more PIs,
>>> duckies, etc)
>>>              If you want it, give me a rough number on quantity and
>>>what
>>>         it will
>>>              cost?
>>>
>>>
>>>
>>>              I need a pretty good idea of the dollar amount we want to
>>>         ask for by
>>>              Friday at noon.
>>>
>>>              Thanks,
>>>              Andrew
>>>              ___________________________________________________
>>>              USHE-assess mailing list
>>>         USHE-assess@lists.dixie.edu
>>><mailto:USHE-assess@lists.dixie.edu>
>>>         <mailto:USHE-assess@lists.__dixie.edu
>>>         <mailto:USHE-assess@lists.dixie.edu>>
>>>
>>> http://lists.dixie.edu/cgi-____bin/mailman/listinfo/ushe-____assess
>>>        
>>><http://lists.dixie.edu/cgi-__bin/mailman/listinfo/ushe-__assess>
>>>
>>>        
>>><http://lists.dixie.edu/cgi-__bin/mailman/listinfo/ushe-__assess
>>>         <http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess>>
>>>
>>>
>>>     _________________________________________________
>>>     USHE-assess mailing list
>>>     USHE-assess@lists.dixie.edu <mailto:USHE-assess@lists.dixie.edu>
>>>     http://lists.dixie.edu/cgi-__bin/mailman/listinfo/ushe-__assess
>>>     <http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess>
>>>
>>>
>> _______________________________________________
>> USHE-assess mailing list
>> USHE-assess@lists.dixie.edu
>> http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
>_______________________________________________
>USHE-assess mailing list
>USHE-assess@lists.dixie.edu
>http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess