int0x80

Yes, to do this I use tcpxtract. In fact, I showed how to extend tcpxtract to carve Windows executable files from a pcap in Hak5 S05E13 :]

I generally set filters for ports that have commonly used protocols which are plaintext. Think HTTP, SMTP, POP3, IMAP, FTP, et al.

Is the portal page still in your browser cache? Perhaps there may be some clues there.

Try using the debugger in Visual Studio and setting breakpoints so that you can step and see the execution path and values of variables. You could also just use something like Console.WriteLine() to print variable values.

Check out the Hex-Rays plugin for IDA Pro.

Yes, provided the AV can recognize the malware as such.

You could also try using Chrome.

Try setting up a victim guest VM and switching the network mode on your attack and victim VMs to NAT. I haven't used ettercap in VMs before, so YMMV. When in doubt, fire up tcpdump and start looking at what's happening on the network.

+1 on the version control recommendation by Sparda. You can use an encrypted channel with SCP and a key on Windows. It's my preference at least as opposed to FTP.

I'll be out in SF soon so will talk to him then. I'm not sure how the IPBoard software stores passwords; but yes, one would hope it's at least random salts + something from the SHA family; if not also multiple iterations, which really cost nothing in CPU time.

I took an AI class at university and it was basically all discrete math with little programming. Did you see the free Stanford course? https://www.ai-class.com/

paylish: The examples worked well for me when I did them at the release of the book. You are correct though that Metasploit is frequently updated; but most of those examples should still work. Can you post the error messages you are encountering?

Perhaps I am misunderstanding this last question. When you boot your Windows install, you are booting from the MBR on the hdd/ssd, which was installed by Windows. When you boot the encrypted Linux install, you are booting to GRUB from the MBR on the USB drive, which was installed by Linux. So yes, you are decrypting the Linux install and loading it starting from GRUB.

I was bummed when I first signed up. Once my creds come out of my SSH tunnel, they are just hanging out in the clear :(

I will be at HOPE; though I am just some guy that raps and does random hak5 segments :]

Try setting the network mode to 'Bridged' on the network adapter in VMWare. If you check the IP addresses of the guests, they should be on the same network segment as the host.

daven: Congrats on solving your problem. Going forward, please post the solution that worked for you so that future visitors can also utilize it :]

No programming required for this. 1. Install Windows on the front part of your hdd/ssd 2. Install Linux to a separate partition on the same device, behind the Windows install 3. Install GRUB (Linux boot loader) to USB drive Booting from the hdd/ssd uses the MBR on the hdd/ssd, and thus boots Windows not ever showing an option of Linux. Booting from the USB drive boots Linux. Here are some links that may be helpful, but now Ubuntu can automatically do encrypted root on the install for you. http://madduck.net/docs/cryptdisk/ http://www.debian-administration.org/articles/179 http://billstclair.com/matrix/ar01s06.html#crypto This is more for appeasing TSA agents that just want to "make sure" your laptop is actually a laptop. It boots Windows, they know what Windows is, no further questions. As kuroigetsushinde indicated, it would be trivial to find the extra Linux partition if you pulled the hdd/ssd and did some simple analysis. But that's not the point. This setup is just to get you through the checkpoint faster with less hassle, while still allowing you to use a different OS. In the Derbycon talk, I modified the MBR b/c if law enforcement turns on the laptop and wipes the drive, they are the ones who destroyed the evidence, which makes me lol.

I've had good success with the following: Move sshd to a non-standard port Use only SSH keys Two-factor with Google Authenticator

There is also the msfupdate ruby script that will handle an update for you.

wipe can do this. $ mkdir -p /tmp/test/sub1/sub2/ILLEGAL $ dd if=/dev/urandom of=!$/illegal_file.bin bs=1M count=1 $ wipe -r /tmp/test 1 file wiped and 0 special files ignored in 4 directories, 0 symlinks removed but not followed, 0 errors occured. $ ls -l /tmp/test ls: cannot access /tmp/test: No such file or directory

Believe it or not, this topic is of interest to me, as well. You have been doing research all week, aside from countermail, what else looked good to you? What were the pros and cons of competing services?

Do you not login to your webmail from behind 7 proxies, and would you seriously trust any box that you don't lock down and control yourself? Edit button is next to Reply and MultiQuote.

I see a lot of people use hushmail.

IIRC, VT-d provides more access to hardware, but you will also need virtualization software that utilizes it. I have an i7-2600 (VT-x) and run Win7 x64 and BT5R1-amd64 VMs in VMWare Workstation just fine. My laptop is an i5-2430M and it also does 64-bit VMs in VMWare Workstation. You may want to consider asking this on http://hardforum.com/