tmacuk

As some of you may have seen on Twitter I have been working on a new project this summer called upSploit. I am due to be giving a lightning talk at BruCON 2010 about the project and hopefully will be talking at AppSEC Ireland in September about it too CFP permitting.

The project is my brainchild and the beta version (date of which will be announced early next month) is due the hard work of both myself and Duncan Alderson – @Webantix.

Without reaviling any information now I hope to get you readers on edge for what is going to be a great project to work on in the future and something I hope will help alot of people.

The official annoucement is going to be given on the 1st July 2010 both with a number of blog posts describing the service and hopefully a couple of interviews on some better known security podcasts. Please keep you eye on my blog for more information about upSploit and if you want to get involved once the announcement has been made contact us at info [AT] upsploit [DOT] com

the beta logo

Last night I performed a new talk that I have been working on called, Web Application Security using DVWA.

The aim of the talk was to get the user familiar with the DVWA project and how it can be using not to learn how to exploit, but how to stop attackers compromising the web application.

The consisted of three parts, I talked about myself slightly and introduced what I did. I then went on to talk about the DVWA project, what it was, what was happening to it, what it does, how it works and who created it. Then finally I talked about the command execution vulnerability and the cross site scripting reflected and how low, medium and high security can help a web developer secure the web app and understand how applications can be vulnerable to attack.

There were some good questions asked at the end and thankfully I could answer them all.

All in all I thought the talk went really well, there are a few things that I need to tweak slightly for future talks but apart from that I now have my first talk that I can give at other conferences/user groups. So if anyone is reading this and would like to hear the talk at their conference or user group drop me a tweet @tmacuk or an email at tmac<—@—>tmacuk.co.uk and we can arrange me coming and giving the talk.

The talk was recorded and I will upload it as soon as possible.

Cheers,

http://hackerpublicradio.org/eps/hpr0526.mp3

Arron Finnon (f1nux) – www.finux.co.uk – interview myself about the security vulnerability that I found in WordPress.

TRACsec Episode 2 – The Famous Pete Wood “better late than never” Episode

Firstly sorry for the delays in getting the show out. However it is here and ready for you download. With new host Robert “Swifty” Ladyman from http://file-away.co.uk

Robert takes over from Ryan Dewhurst who we would all like to thank for his input and wish him the best of success in the future

The show is 2 hrs and 7 minutes long.

Pete Wood joins us for this months interview. With many, many years of experience in ethical hacking and penetration testing, everyone is bound to find something in this interview to relate too

http://peterwood.com

http://www.facebook.com/PeterWoodx

Pete Wood is the founder and Chief of Operations at First Base Technologies, and is also involved in the running of the UK White-Hats group

http://firstbase.co.uk/

http://white-hats.co.uk/

This months tech segment is a gentle debate on on Professional Qualifications Vs Academic Hacking Degree’s Vs Self Taught.

The show is available for download from http://www.tracsec.com/shows/Episode2-TRACsec-Podcast.mp3

So finally the second interview has been recorded, editing and placed on the website.

After the success from my last interview, where I saw a record amount of hits/comment on the website, and a lot of replays on different security podcasts I have decided to look more in depth into the technical world of a hacker.

The interview can be found here LINK

The script that we talk about on the call can be found here LINK

Any question email me at tmac<----@---->tmacuk.co.uk

hopefully this will be uploaded on HPR very soon.

Hey again. Just a quick update that you will now be able to access my website at http://www.tmacuk.com

All these extra domain names are just part of a bigger plan I am thinking of releasing next year with a friend from University. So a list of all current domain names are -

http://www.tmacuk.co.uk

http://www.tmacuk.com

http://www.thomasmackenzie.co.uk

I want to now try and get -

http://www.tmacuk.net

http://www.thomasmackenzie.com

http://www.thomasmackenzie.net

Two of these domain are already active so I am going to have to try and negotiate with the current owners to see if I can transfer them to myself.

News regarding Interview with a Blackhat has been non existant recently. I was supposed to do the next interview last Sunday but I was unable to get my lazy backside out of bed to meet the interviewee in town. I am currently negotiating trying to do the interview over the phone but struggling with how I am going to record it as Windows Mobile has turned off recording whilst in call, and I have lost my data cable to edit the registry to allow it. I will however figure it out, even if I need to buy the interviewee a headset to speak over Skype. So rest assured the interview will be available soon enough.

Thanks

tmacuk

The views expressed here are my own and not that of my University. I do not condone any of the actions within this interview and would like to make aware that this was done for educational purposes only. I condemn any of the actions that this hacker has done that are illegal and any comments made by myself that may seem to condone/agree with them is just the way I speak and act. I again must stress that this was done for educational purposes only and I DO NOT CONDONE AND CONDEMN the actions spoke about.

——
I have been wanting to do these interviews for a while but have struggled to find someone who will actually do the interview with me. I eventually found n0g00d in some vast corner of the internet – actually he commented on my website

I asked for the interview and he was more than happy. He talks to us about where he started, what he has done in the past and the reasons why he does it. He also asks me a question too.

Please enjoy the interview which can be found HERE

He also asked me to have this screen shot available to show you evidence of the “biggest thing he has hacked”.

Another text-based interview this time with myself
———————————————-
A bit about yourself:

As you all know my name is Thomas Mackenzie and I am studying Ethical Hacking at Northumbria University (1st year). I like to have money, and when I have money I like to spend it. I love any gadgets and currently trying to break my way into Linux and set up my hack labs etc. I spend most my time online either blogging, tweeting or reading new articles and listening to podcasts. I am currently in the process of creating a podcast with Arron Finnon, Chris John Riley and Ryan Dewhurst.

What got you interested in infosec?

Probably since I got a virus on my PC that set my BIOS clock back to some stupid date and time and stopped allowing me to update and log into MSN.

When you saw the course did you know it was something you wanted to do straightaway?

Yes I had always been interested in ‘hacking’. The way in which people were able to break into systems and thinking how cool it was. This is the best of both worlds, its legal and super uber cool .

Did you have a look at the other universities that offer the course and if so why did you pick Northumbria?

I went to Coventry Uni and Sunderland Uni. Coventry wasn’t a nice area at all, it looked really run down and the tutor didn’t seems to know what they were talking about – in fact we spend half our time talking about how robots fight on computer games. Sunderland was nice but it was a brand new course and the facilities weren’t the best. Northumbria seemed the best option for the facilities and the fact that if my girlfriend didn’t get into Cambridge Uni she was going to Durham (unlucky she got in ). I think the final push was meeting Ryan online and him telling me about the course which I am hoping I will be able to do with someone this year.

If the course wasn’t available what would you be doing now?

This will sound really wierd but I was applying to do Performing Art Musical Theatre before I realised this course existed. If I am honest that would have been my number one choice but it is expensive to go to drama school and also the job prospects are not great.

Are you enjoying the course, if so what you enjoying the most?

I love the course. A lot more than I thought I would because I thought I would regret not doing Acting. However this course is challenging and I am learning a lot more about Information Security. It is definatetly something I want to stick with for the rest of my life and keep acting as a hobby.

Career plans?

I have a ten year plan that has different variables. In the end I want to be a millionaire by 30 and own my own business. There are many different factors there though i.e. girlfriend/masters degree/placement in 3rd year.

What would you class as your code of conduct?

The law is the law and it is there to be stood by. Ethics only come into play when you have a choice within a legal scope. As long as your ethics are legal than that is fine. Although if it was a matter of life and death my morals/ethics would struggle to cope with that and will take any consequence given. Although I am hoping it won’t come to that

Another text-based interview with a student from my course. Check his blog at http://www.matthewhughes.co.uk/
———————————————-
A bit about yourself:

Hey there! My name is Matthew Hughes and I am studying Ethical Hacking at Northumbria University. I’ve been interested in computers all my life, and I’ve always used them. My first computer was an old Amiga, and ever since then, I’ve been hooked. In my spare time, I play FPS’ and RPG’s and blog.

What got you interested in infosec?

I saw an interview with the legendary hacker Kevin Mitnik on Kevin Rose’s podcast, The Br0ken, and I instantly thought that he was the coolest guy ever! I just started reading more and more, and eventually, I had landed on what had amounted to an obsession!

When you saw the course did you know it was something you wanted to do straightaway?

When I chose the course, I was at a point where I was unsure on what to do. I was looking through the UCAS website, and I just landed on the course. I knew that it was something I ought to do.

Did you have a look at the other universities that offer the course and if so why did you pick Northumbria?

As far as I know, the only two universities in the UK that do it are Coventry and Dundee. Dundee is too far away, and Coventry didn’t really seem like the right city for me to move to. Newcastle was a pretty good compromise. I did apply to Sheffield Hallam, Leeds Met and LJMU to do computer forensics also, but I settled on Northumbria.

If the course wasn’t available what would you be doing now?

Probably something in the medical sciences. I’m a real science geek, and I like helping people. Medical sciences seem to satisfy that.

Are you enjoying the course, if so what you enjoying the most?

I am actually! I rather enjoy databases, and I love our lectures on computer crime. I always try to keep on top and read around the subject, and I’m really passionate about what I’m learning.

Career plans?

I want to work in the Middle East, if I could, as a security contractor. Otherwise, I’d like to work in North America.

What would you class as your code of conduct?

Without a doubt, obey the law. Don’t touch systems you aren’t allowed to, and if you find something criminally inappropriate, alert the authorities.

Here comes the first of a new series of posts. The interviews are with students in Ethical Hacking for Computer Security and Northumbria University.

————————————————–

A bit about yourself:

Hello, my name is Shaun Duncan. I am 20 years old and have just started my first year studying Ethical Hacking BSc at Northumbria University. I have had a keen interest in computers since a very early age, from both hardware and software perspectives. I spent the last five years learning several programming languages during my spare time including C++, VB and Delphi. I also completed the Cisco CCNA-1 course in 2005.

What got you interested in infosec?

I have always enjoyed the two-part puzzle of trying to break or manipulate the way computers work and then attempting to create a solution for the problem found.

When you saw the course did you know it was something you wanted to do straightaway?

Yes definitely. I first found out about the course when I attended Northumbria University’s open day. Chris Laing was giving his presentation on the course, which was very good by the way, and it caught my interest immediately. I have always enjoyed tinkering with computers so it seemed a natural choice for me.

Did you have a look at the other universities that offer the course and if so why did you pick Northumbria?

Yes but nowhere else was close enough to Newcastle.

If the course wasn’t available what would you be doing now?

A degree in software engineering.

Are you enjoying the course, if so what you enjoying the most?

Yes, very much so. I have found the introduction to ethical hacking and the computer crime investigation lectures/seminars the most enjoyable so far. These classes contain a lot of ideas and concepts that are new to me and I find this exciting.

Career plans?

I plan to work as some form of penetration tester/security auditor. I would love to work for an international company and spend time working abroad.

What would you class as your code of conduct?

Above all else the number one priority is the law and always will be. All ethical issues come second however it is always important to protect yourself.