El Di Pablo

They just did do a segment on it... Its called reverse engineering.

One of my personal favorites is Actual Keylogger 2.4. Its free :P

I used to work at Websense, and we used to set up port forwarding on our home routers, then we would Remote into a home computer and surf from there. It was the easiest thing to do.

Hells yeah! Total Gym is the shiznite! Actually, I lied. I have the knock-off Total Body Works 5000 by Weider, but its basically the same thing.

This may seem lame and low-tech, but I would say go to your local library. Check out some books. Do some labs in those books and eventually you will get it. Also, check Monster.com for internships.

Yes...The easy way :-) Gparted would work too, but is unnecessary for something this simple.

Sometimes you have to ask yourself, "What would Chuck Norris Do?" That's why I use my Total Gym! Oh, and I jog too.

Try using Unlocker too

If you have a Windows XP box at home, you can setup a quick and dirty PPTP VPN. If you want something a little more robust and secure, you can look into OpenVPN. That first link is actually an old Hak5 video I found at 5Min.com

I like the SSH tunnel thing. You can also setup your own VPN back to your house and force all traffic through the VPN and out through your home internet. Xbox would probably be pretty slow that way though, but it would work.

Then you probably don't have anything to worry about.

Ah yes, but the whole reason this attack works is that by cooling the RAM chip, it slows degradation of the memory after it has been shut down. I sat through a talk at Toorcon by Jake Appelbaum, one of the hackers who worked on this attack. He said this technique is the one currently being used by the FBI and DHS. Mr. Appelbaum went on to say that you could swipe the laptop from say, a coffee shop, cool the ram chip with the air duster quickly which buys you 10 more minutes, then you could drop the ram chip into a thermos of liquid nitrogen. Now you have over an hour to get the chip back to your place to get the encryption keys from RAM. The problem with this attack isn't so much time, it is gaining physical access which is what you are all proposing anyway.

Oh, and to make things easier on you, here is their page on blogger's rights, which should also apply to your hacking site: http://w2.eff.org/bloggers/lg/

Darren, to do that I'd have to hack into the DoD subnet

Oh for sure :P

This can be overcome with the cold boot attack.

P3? I like the Freenas idea from the previous posts. You could also install Damn Small Linux on it, and use it as a safe P2P box for downloading legally questionable stuff without worrying about compromising your "production" workstation. Light linux/unix distros are the best because they can be ran on an empty soda can if you wanted to.

I would say you can go as far as you want as long as you plaster your posts with disclaimers, and you don't infringe on copyrights. I am no lawyer though, so if you are really worried about legal stuff you should see a professional. You can also read about your rights on http://eff.org

Like everyone else, I like OpenVPN. I blogged about it once here. I originally tried setting up in Linux, but found that it is easier to set it up under Windows because of the routing. Check out my post, there is a link to a very intuitive how-to.

Well hello :-) We meet again.

For sure I was the same way. I lost track after a while, then I noticed they were available on my Tivo courtesy of Rev3.

Speaking of mitm, you could also couple that with some DoS stuff, or phishing. If you own their traffic, the potential to own them is certainly there. Jasager just makes getting it started very easy.

Hi digininja, it doesn't necessarily have to be a plugin for Jasager/ It could just be a tool running on your laptop. I'll take a look at your todo list though. Thanks!

Hey guys, I ran into Darren at Toorcon and mentioned to him that I was going to do my final paper on the Jasager project in my Network Security class. My professor likes the idea, but wants me to add more stuff to the report (e.g. other tools) I can use once the victims connect to my pineapple. I thought about adding a section on Metasploit/db_autopwn, but since we already touched on that in class I don't want to use that. Any ideas would be helpful. Thanks, -EDP

Bonjour! My name is Paul Bauer aka El Di Pablo Favourite game: Alien Arena Favourite OS: Ubuntu Linux Favourite console: Sega Dreamcast (So easy to Pirate) Nationality: US Accent: Mid-western Sex: Male Age: 29 Race: White American Height: 5'10" Status: Married Build: stocky Favourite band: N/A Favourite book: Never dream of dying Favourite author: Ian Flemming Favourite movie: Any James Bond film Favourite director: N/A Favourite TV Show: Heroes Favourite actor: Johnny Depp Favourite actress: Jessica Alba Favourite Pinup: Jessica Alba Favourite Comedian: Dane Cook Other hobbies: Computers, gadgets, general tech, hacking Car: 2003 Dodge Neon Occupation: Systems Administrator