Fun Staying out of the Sun

Lots of good talks at Black Hat, Bsides and DefCon this year. This is the schedule I came up with.

Wednesday - Black Hat

9:00 - 9:50 - Keynote (depends on who it is) Update: Looks like someone from Homeland Security. I'll sleep in and dream about cyberwar and full body scanners, instead.
10:00 - 11:00 - The Emperor Has No Clothes: Insecurities in Security Infrastructure
11:15 - 12:30 - Balancing the Pwn Trade Deficit
Lunch - Margaritaville, anyone?
13:45 - 15:00 - Adventures in Limited User Post Exploitation

Wednesday - Bsides

15:00 - SET 0.6 release with special PHUKD Key
16:00 - Fuck Tools, Do It Yourself Jerk
17:00 - Fierce v2
18:00 - Stupid IP Tables Tricks

Thursday - Bsides

I pulled some security shifts, but fate smiled on me and left one gap

12:00 - Fun with VxWorks

Friday

11:00 - Meet the Feds - CSI:TCP/IP
13:00 - Token Kidnapping's Revenge
15:00 - Tales from the Crypto
16:00 - Like a Boss: Attacking JBoss
17:00 - Mastering the Nmap Scripting Engine

Saturday

10:00 - Exploiting SCADA Systems
12:00 - Insecurity Engineering of Physical Security Systems: Locks, Lies, and Videotape
14:00 - Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios
15:00 - Physical Security : You're Doing It Wrong!
16:00 - Deceiving the Heavens to Cross the Sea: Using the the 36 stratagems for Social Engineering
18:00 - Blitzableiter - the Release

Sunday

10:00 - Multiplayer Metasploit
11:00 - Constricting the Web: Offensive Python for Web Hackers
12:00 - Powershell...omfg
13:00 - Build Your Own Security Operations Center for Little or No Money
14:00 - Seccubus - Analyzing vulnerability assessment data the easy way...

With any luck, I'll make it to half of those. What's that, you say? Where are the talks about dealing with compliance, or about the speaker's personal experiences in the security industry, or the panels of security rock stars that can just ramble on at each other without making a point? If they add an open bar to any of those, I'll consider it. Otherwise, bring on the tech talks, and keep your security community talks about feelings.

Oh, and please, please....no Sun Tzu.

Oh, damn. I forgot about skytalks. I think I'll also try to get these in.

Skytalks - Saturday

13:00 Nickerson Doing a Dirty Harry Impersonation

Skytalks - Sunday

13:00 Eric Smith - Roaming...er, Roman Profiles

Tampa Bay Downs 13 March 2010

Race 1 - 6 Personal Edge (7-2)

• Result - 10-9-5
  
• 6 scratched

Race 2 - 2 Dynaquake (9-2) 3 Sir Classic Chris (5-1)

• Result - 10-5-3-2

Race 3 - No Pick
Race 4 - 7 Scarlet and Gold (9-2)

• Result - 10-11-7

Race 5 - No Pick
Race 6 - 2 Tabby Lane (9-2)

• Result - 2-10-7. Returned 10.40 for 8.40 gain

Race 7 - 4 Secret Kin (8-1) 6 Dr. Zic (6-1)

• Result - 6-8-1. Returned 7.20 for gain of 3.20.

Race 8 - 6 Liberally (12-1)

• Result - 8-4-6

Race 9 - 4 Imaginary Saint (5-1)

• Result - 6-2-7
  
• Imaginary Saint brought up the rear

Race 10 - 4 Sneaking Uponyou (10-1)

• Result - 4-6-7. Sneaking Uponyou paid $17, for a gain of $15.

Race 11 Tampa Derby - 7 Odysseus (7-2)

• Result - 7-5-6. Odysseus paid $6, for a gain of $4.

Race 12 - 8 Stumbling Block (9-2) 9 Rey Del Sol (10-1)

• Result - 2-6-5.

13 win bets in 10 races for $26. One scratch drops it down to $24 wagered, and 40.60 was paid out, for a gain of $16.60.

Tampa Bay Downs 7 March 2010

Race 1 - 1 Free Candy (8-1), 7 Mardi's Magic (3-1) to win ($4)

• Result - 7-4-3. Mardi's magic paid $5.60 for $1.60 gain

Race 2 - 5 Arts and Leisure (4-1), 9 Geodi's Gold to win (7-2) ($4)

• Result 5-9-2. Arts and Leisure paid 8.20 for 4.20 gain

Race 3 - 10 El Legado (4-1) to win ($2)

• Result - El Legado Scratched

Race 4 - 1 Mrs Lovett (6-1), 9 Nikki's Wanted Too (10-1) ($4)

• Result - 7-10-3

Race 5 - 5 Robbie's Express (10-1) to win ($2)

• Result - 9-3-2

Race 6 - No pick
Race 7 - 11 Fisherman's Wharf (4-1), 12 Big Al (5-1) to win ($4)

• 11 and 12 both scratched

Race 8 - 4 Security Breach (3-1) to win ($2)

• Result - 4-6-2. Security Breach paid 7.60 for a 5.60 gain

Race 9 - 7 Beantown (12-1), 10 All the Bases (7-2) to win ($4)

• Result - 10-2-8. All the bases paid 4.20 for a .20 gain

Race 10 - 8 Imperial River (7-2), 10 Bonnistar (5-1) to win ($4)

• Result - 7-4-10

Race 11 - 4 Peteloveshisboots (7-2), 10 Snargle (3-1) to win ($4)

• Result - 6-10-4

$34 in 17 win bets over 10 races.

Tampa Bay Downs 5 March 2010 - Post-mortem

This was a much better day, although I completed missed a couple Pick-3s again. I'll probably stick to win bets exclusively from here on.

I picked winners in 9 races (placing 11 bets), and hit 3 of them. In race 6, my 2 picks came in 2nd and 4th. In race 8, my pick came in 2nd, and in race 10, my pick came in 3rd.

So, in 9 races, I had: 3 winners, 2 place and 1 show. 66% in the money is ok.

The bottom line is a 13.40 profit, which would have been 21.40 without those Pick-3s. It doesn't wipe out the terrible performance on the 3rd, but it comes close to balancing out. I have the form for the 7th. I hope I pick more like today than Wednesday.

Tampa Bay Downs 5 March 2010

All win bets are $2. Pick 3 and Pick 4 are $1 bets.

Race 1 - 8 Ocala Cruz Missile (4/1)

• Result - 3-4-9. Ocala Cruz Missile came in 6th, went off at 8-1

Race 2 - Pick 3 (1) (2,5) (1,8) $4 total

• 1 scratched. 1a heavy favorite.
  
• Result - 2-1a-3

Race 3 - 2 Stack the Deck (9/2)

• Result - 3-1-5. 2 led for 1/4 mile, and then completely tanked.

Race 4 - 8 Bankers High Yield (4/1)

• Result - 8-3-7. Bankers High Yield went off 2/1, but a win is nice. Pays $6, gain of $4

Race 5 - 4 Lady Ballavale (9/2); Pick 3 (4) (6,8) (2,6) $4 total

• Result - 8-2-1. Lady Ballavale wasn't even close.

Race 6 - 6 Stormy Ballad (15/1); 8 All the Figs Men (3/1)

• Result - 3-8-7-6. 6 led early, 8 charged late.

Race 7 - 2 She'sfitfortaking (12/1); 6 Pat Pat (8/1)

• 6 scratched
  
• Result - 2-10-4. 2 went off 11/1. Pays 24.80, gain of 22.80.

Race 8 - 5 Silver Prism (4/1)

• Result - 3-5-2

Race 9 - 1 Game Ball (7/2)

• Result - 1-9-7. 1 went off 3/1. Paid 8.60, gain of 6.60.

Race 10 - 8 Kathy's N Angel (5/1)

• Result - 3-4-8

That's 11 win bets for $22. 2 Pick 3s for $8.

$30 in bets returned 43.40 for a 13.40 profit. I'm thinking that the Pick-3s are a less good idea, and may just sprinkle in some more win bets.

Tampa Bay Downs 3 March 2010 - Post mortem

All the picks cost $60, and $32 of that was the Pick 6. Pick 6 may be the biggest return, but it requires a ton of money to fund, and so we probably won't be playing too many of those.

None of the picks hit, but that doesn't mean they were all bad. Of the 9 races where I picked a winner, 1 horse was scratched, 2 came in 2nd, 1 came in 3rd and 2 came in 4th. That's 3 horses in 8 races in the money, and 5 in a decent position at the finish (I think 4th is a decent position). I only hit 1 of 3 in both Pick 3s.

So far, down $58 on minimum bets (although it should have only been 26. Damned Pick 6 siren song).

Tampa Bay Downs 3 March 2010

I'll update with results following the race, and with the cost of the P3 and P6 tickets. All win bets $2.

Race 1 - 5 Embark (3-1) to Win
- Result - Embark came in 7th
Race 2 - 5 Main Street Girl (9-2) to Win; (5,8) (5,7) (1) on the Pick 3 (2,3,4)
- Result - Main Street Girl came in 3rd. 3 won, the Pick 3 is done.
Race 3 - 7 Lite Brigade (4-1) to Win
- Result - Lite Brigade came in 4th, 5 came in 3rd
Race 4 - 11 Pyrite Smokin (12-1) to Win
- Result - Pyrite Smokin was scratched. 1 came in 1st.
- $2 Pick 3 (3-3-1) 3 Correct Paid $303.80
Race 5 - 10 Tahoe Lake (15-1) to Win
- Result - Tahoe Lake took 2nd. 6 came in 4th (busted pick 6)
Race 6 - (3,5) (4,7) (4) on the Pick 3
- Result - 5 wins, 3 comes in 6th.
Race 7 - 7 Will Prevail (6-1) to Win
- Result - Will prevail comes in 4th. 8-6-5.
Race 8 - 4 Little Schnuck (7-2) to Win
- Result - Little Schnuck comes in 2nd. 7-4-3
Race 9 - 5 Anachini (7-2) and 9 Implicate (15-1) to Win
- Result - Anachini and Implicate came in 6 & 8. 1-2-4
Race 10 - 1 Merrymonthofmay (12-1) to win
- Result - Merrymonthofmay came in 6th. 4-9-5

Race 2 Pick 3

2 x 2 x 1 x $1 = $4

Race 6 Pick 3

2 x 2 x 1 x $1 = $4

Race 5 Pick 6

6,10
3,5
4,7
4
5,9
1

2 x 2 x 2 x 1 x 2 x 1 x $2 = $32

Upgrade to Snort 2.8.4

Sourcefire has changed the dcerpc preprocessor in Snort, so you have to upgrade to 2.8.4 if you want netbios rules to continue to work. This is the procedure I followed to upgrade my snort boxes.

Get Snort 2.8.4

# wget http://www.snort.org/dl/snort-2.8.4.tar.gz

Build and install snort

# tar zxvf snort-2.8.4.tar.gz
# cd snort-2.8.4
# ./configure --with-mysql --enable-dynamicplugin
# make
# service snort stop
# make install

Replace old netbios rules

# wget http://www.snort.org/vrt/tools/dcerpc2-snort-2.8.4-RC-1.rules
# cp /etc/snort/rules/netbios.rules /etc/snort/rules/netbios.rules.old
# cp dcerpc2-snort-2.8.4-RC-1.rules /etc/snort/rules/netbios.rules

Disable old dcerpc processor:

In snort.conf:

#preprocessor dcerpc: \
#    autodetect \
#    max_frag_size 3000 \
#    memcap 100000

Enable new dcerpc processor

In snort.conf:

preprocessor dcerpc2
preprocessor dcerpc2_server: default