Announcement

Collapse
No announcement yet.

laptop set up for a dc

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Qsilent
    replied
    I say bring your laptop but don't drag it around with you everywere. I pretty much just used it when I went back to the room and wanted to relax abit.

    Leave a comment:


  • LosT
    replied
    Sometimes a laptop (or other device with a *DB9* port) can be useful~
    *cough* *cough**cough*

    Not that that is a hint or anything.


    LosT

    Leave a comment:


  • INIT_6
    replied
    WOW, I didn't think it would be that ruthless. It seems like a lot of script kid's and crackers go to Defcon. What ever happend to Hacker ethics. I can understand a hacker hacking into a system just to say he did it. But leave something behind to help that person learn. I thought the whole thing behind defcon was to learn.

    Thanks for all the good info, I was going to bring my laptop as-is dual boot gentoo/xp full updated. But I think I should blast my windows and reinstall then make a image of the install. That way if my windows get's hacked I can be back up and running in 30min instead of an hour+.

    I never been to one of these before. Does anyone ever setup honeypots?

    I know I was wardriving one day and hit a honeypot and mess up my computer BAD. I connected to what I thought was a cool network (open network) and in seconds (to this day I have no idea how) My laptop shutdown and when I booted up I was missing the system files.
    (note: the place I was at, was a linux/super computer factory. My friend worked there for a little while I guess they setup 3,000+ node super computers and ship them off.)

    So I guess online banking is not a good idea. :)

    Leave a comment:


  • coderman
    replied
    Originally posted by Deviant Ollam
    ... but still. gah, that's just silly to me.
    there were three of us at the table when he started to boot his laptop. one of us asked what he was doing.

    "using the wireless"

    '... in windows, without a firewall or services disabled?'

    "i need to wipe it when i get back anyway, i'll be fine."

    'you're fucking crazy!'

    [ ... 20 seconds ... ]

    "hmm, i got hacked."


    (moral of this story: learn from the mistakes of others :)

    Leave a comment:


  • Deviant Ollam
    replied
    Originally posted by coderman
    win user lasted aprox 60 seconds before rootkit'ed and running trojan zoo
    that person, sir, was an idiot. i'm not saying windows is some security beast that you can harden against everything under the sun, but anyone who gets 0wned that fast is not only running an unpatched system, but they're also more than likely not running any kind of personal firewall. that's just foolishness, in my opinion, if your system is out in the wild. if you're behind a private network's firewall maybe you don't need ZoneAlarm or TPF up and running... but still. gah, that's just silly to me.

    Leave a comment:


  • coderman
    replied
    runtime for defcon wireless

    Originally posted by loki151
    See I had the idea of just running a live eval of linux of a cd and a 2 gb hard drive for date if any

    what you all think about that?
    a good idea. at dc13 i had one friend remove his hard drive from the laptop and boot knoppix from cd. a different friend used his XP SP1 on hdd.*

    knoppix user lasted whole con without exploit or crash. (once booted it ran fine until shutdown)

    win user lasted aprox 60 seconds before rootkit'ed and running trojan zoo...

    moral: ephemeral instances of linux (auditor/knoppix/etc) and patching/securing your windows/$os is a good idea.

    and if you absolutely have to connect persistant services over wireless use IPsec or a VPN strongly keyed.

    * i didn't have a live disc ready for him in time so he decided to risk it. i'm sorry Z!

    </$0.02>

    Leave a comment:


  • loki151
    replied
    See I had the idea of just running a live eval of linux of a cd and a 2 gb hard drive for date if any

    what you all think about that?

    Leave a comment:


  • Dark Tangent
    replied
    Wehntrust is good to have in yuor windows toolkit..

    If you want to add another layer of protection the free (or commercial) version of Wehntrust is cool. Makes life a bit more difficult for all the overflow writers.

    From their web site: http://www.wehnus.com/
    WehnTrust implements Address Space Layout Randomization (ASLR) for Windows. While ASLR is a common security measure for UNIX-based operating systems thanks to the PaX Team, it has not been widely implemented for, or deployed on, Windows. When implemented properly, ASLR mitigates nearly all exploitation techniques. The commercial version of WehnTrust also provides other security mechanisms that help to augment ASLR.

    Leave a comment:


  • Opt1kal
    replied
    Originally posted by astcell
    Rats, and I ran here thinking you wanted to set up a laptop for a domain controller. That is a fun project I'll tell ya.

    What laptop for Defcon? Something you know. Preferably with a wireless network card.

    Plan on it getting wiped while you are there by a script kiddie. If it survives, plan on wiping it yourself when you get home.

    With that in mind, save your install CDs.
    Harhar, I too was thinking domain controller, great advice btw, right on the spot

    Leave a comment:


  • Cowthief
    replied
    Librertto to the rescue.

    Hello.

    I take a libretto with me, small enough to carry but close enough to a full laptop to be useful.
    On the EMP toy.
    A briefcase with a coil running around the inside edge, a few hundred turns will do, and a bank of capacitors, the kind used to "stiff" the power of car audio work well, can do wonders.
    What you do is charge the caps and discharge into the coil, simple enough?
    You are talking several hundred amps for a split second, so the switch and everything connected to it must be rugged or it may explode.
    A briefcase works well, as it does not seem odd as you put it next to the object you want to attack.

    Leave a comment:


  • xgermx
    replied
    I'm going to bring my laptop, but I plan to leave it at the hotel. I might bring it out to demonstrate something or trade files but otherwise it's like a ball and chain. If you do plan to bring yours, you might want to consider running a secure OS i.e. Anonym.OS .

    Leave a comment:


  • haden
    replied
    i really dont plan too but i do thank you for the suggestions. i already have a lot of things i want to do while at dc14 so i may not need it after all. but in any case ill have it incase thiers someone who wants to give me a few gigs of music.

    ever have about 150+cds in a case in a secure location? well obviosely my secure location wasnt very secure. only cd they missed was a linkin park cd that fell under the chair in my house.

    Leave a comment:


  • skroo
    replied
    Bring it in case you need it, don't use it unless you have to.

    Year after year, I see people sitting in the same spot in the hallway all weekend long with their laptops and wonder why they bothered even coming. They're surrounded by 5000 people hanging out, partying, having a good time, and they sit there doing exactly the same damn thing they do the other 362 days of the year at home.

    Recommendations:

    - Patch and harden the OS per relevant guidelines.

    - Bring a USB key (1GB is a good size, since that'll hold a full ISO CD image plus other bits & bobs) for transferring anything interesting that someone wants to give you. This is a lot safer than doing it over the network (though still risky).

    - Have plenty of storage space, because...

    - If you don't have a VM environment on your laptop that you can run stuff you've been given in, you're going to want to wait until you can get to one - or at least a fully-isolated (i.e., NO network connection whatsoever) sacrificial box.

    But, again: don't go to Defcon to use a computer.

    Leave a comment:


  • [Syntax]
    replied
    I've brought my laptop to many Def / cons.
    Always have your OS install discs and drivers. (I've had to reload before while at con, this was covered above, but I think it can be said again.)

    Windows machines, if your machine isnt patched for exploits or viruses because its normally behind a firewall or router, you most deffinately will be exploited or infected before you leave.

    I picked up a 0-Day virus at one con.

    I prefer dual booting OS's just because I never know whats going to be demo'd. Some talks demo windows apps, others linux apps.

    Leave a comment:


  • dYn4mic
    replied
    Yeah... I have a mixed opinion about this one... I think a lot of it depends on what you plan to do at the con.

    I've brought my laptop for the last three years. As I've wanted and needed it sometimes, I also would enjoy not lugging it around or worring about its safety.
    But, I think i'll continue to bring it, and just pull it out if I need it. Its nice if you get an idea for some code or trick or something...

    A legal pad and paper is great for notes, even though it might be slower than typing... its easier to draw arrows, underline, circle, etc....

    If you are bringing a laptop...

    1. Use a strong tunnel / crypto of some kind (be prepared to verify your ssh keys if somehow you think they could've changed and use proto v2 always) OpenVPN or SSH work well for me. You also could use tor and/or SSLv3 whenever possible. Oh and PGP of course...(but your ALREADY doing all of that... right ;-) )

    2. Try not to use wireless, if you need to... be sure to follow step one.

    3. Keep it in a safe place, even if its in your room (this seems like common sense, but thats not all so common)

    4. Keep it away from drinks/pools/liquid/etc... (water splashes, people get thrown in the pool w/ eletronics sometimes)

    Keep an eye on this thread... and keep in mind the other things people have said so far as they are vaild points as well.

    Leave a comment:

Working...
X