I blogged about this before, but its now officically available. Check it out and donate – http://www.offensive-security.com/metasploit-unleashed/

This is the free online version of the course. If you enjoy it and find it useful, we ask that you make a donation to the HFC (Hackers For Charity), $4.00 will feed a child for a month, so any contribution is welcome. We hope you enjoy this course as much as we enjoyed making it.

The “full” version of this course includes a PDF guide (it has the same material as the wiki) and a set of flash videos which walk you though the modules. You may purchase these materials from the Offensive Security Training page. All proceeds from this course go to HFC.

What are the goals of social-engineer.org?

Primarily our goal is to bring awareness to the threats out there.  The threats in phishing, cons, identity theft… the malicious parts of social engineering that are robbing from so many of us.

We also want a community where people from all walks of life that use aspects of social engineering can come and  share their experiences.  This is what we tried to create at www.social-engineer.org.  Our key feature being the webs only Social Engineering Framework.  A outline of all the aspects of social engineering and how they relate to security, to life, to our jobs and hobbies.  We have collected news reports, stories and experiences from the web as well as research from industry experts and compiled it all to make this an amazing tool for all to use.

The Framework, as well as the site, will be a living, breathing entity…. it will continue to grow as time passes.  More in depth research, more how-tos and videos, more tools – all will continue to enhance the site.

Our Vision

Our  vision is to continue to add to the framework and research new and exciting vectors in this field. To work together with industry experts in expanding this technology.  To continue working together to create a truly unique and special community of people interested in social engineering.

Check out EP #34 of Exotic Liability to hear from the creators.

I thought it was about time I put a post up about the RSA Europe Conference Security Bloggers Meet-up 2009 in London.
Kevin Riggins, Benny Ketelslegers and myself (Dale Pearson) are responsible for setting this up, getting sponsors, location and all the other bits and bobs. So if your in the InfoSec community and your a bloggger, podcasters, or reporter this is the meet-up for you.

We are keeping all the official details upto date on the RSA Conference Blog so keep an eye there for more information and if your interested in attending as spaces are limited. Also if your interested in sponsoring the event or providing some give aways then please get in contact “bloggermeetup[at]securityactive.co.uk”.

Here’s the high level detail so far:

Time: 20:00 (8:00 PM) GST
Date: Tuesday October 20th, 2009
Place: Somewhere in London

The more we use computers, the more data we store on them. This data can be personal information, financial information, pictures of our family and friends, and more. However computers don’t last forever, and neither foes the hard disks we use to store our data on. This also includes our MP3 players, removable storage, digital cameras, etc.
I am sure you will have all seen the numerous stories in the media this year about camera’s, computers and hard disks being put up for sale on eBay only to find its got top secret military plans, or under cover spy information, customers financial records and pictures of things no one ever wanted to see. You may find this amazing, and often funny, but have you thought about your own data when you come to sell on your computer, give it to a friend or charity? Simple formatting and reinstalling the operating system is no guarantee your old data cant be recovered. You may also be responsible for hardware disposal at your organisation, perhaps you work in a government environment and are expected to remove all data from drives before disposal or selling.
The aim of this blog post is just to inform you about some of the opensource and commercial products that are available to help you securely erase your information, and reduce the risk of someone recovering your precious data.

Physical Destruction
Physical destruction of a hard disk is the most extreme method, but in some ways the most secure. Simply smashing up a hard disk with a hammer can be very effective and enjoyable Just make sure you give it a good beating, as it is possible to restore the platters on occasion. The other method is to utilise the hard disk shredding facilities many companies offer, its not always cheap but it would make it a time consuming job to try and stick it all back together blue peter style. Finally degaussing is another method that can be used, this is passing a high powered magnet over the drive to scramble the data. Unlike the other methods a hard disk can sometimes be used after it has been degaussed.

Software Destruction
The programs mentioned below offer logical options for securely erasing your data. This is achieved by multiple overwrites of random data. Depending on the level of guarantee you want you can select more or less overwrite passes, obviously this can be time consuming, so its a trade off. When dealing with military or government grade material, where physical destruction is not required there are specific defined requirements on the number of passes required, along with the type of data overwrite.

Secure Erase
Secure erase is built into the  hard disk drive itself and thus is far less susceptible to malicious software attack than external software utilities.
The SE command is implemented in all ATA interface drives manufactured after 2001 (drives with capacities greater than 15 GB), according to testing by CMRR. Secure erase is a positive  easy-to-use data destroy command, amounting to “electronic data shredding.” Executing the command causes a drive to internally completely erase all possible user data record areas by overwriting, including g-list records that could contain readable data in reallocated disk sectors (sectors that the drive no longer uses because they have hard errors).
SE is a simple addition to the existing “format drive” command present in computer operating systems and storage system software, and adds no  cost to hard disk drives. Because the Secure Erase command is carried out within hard disk drives, no additional software is required either.

Eraser
Eraser is a nifty piece of software that you can use to do secure deletes of files from within your OS as well as securely overwriting the empty space on your drives. Eraser works with most version of Microsoft Windows and its an opensource product. It has various overwrite modes so there is something for everyone. I really like this tools, it does the job with no fuss.

DBAN
Darik’s Boot and Nuke is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.
DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware. DBAN prevents or thoroughly hinders all known techniques of hard disk forensic analysis. DBAN is a free software product that can be used at home or in a business at zero cost.
I have been using this for a long time now, both at home and at work. You may be familiar with it if your a user of the Ultimate Boot CD.

Wipe Drive Pro
Wipe Drive Pro is a commercial product used by many government organisations to securely erase hard disks and over removable media. There is a demo available, but the product itself costs about $100. I have personally not used this product myself, but is an option for you to look into.

BC Wipe
BC Wipe is a commercial product used by many government and defense agencies. BC Wipe enables you to permanently erase files so that they can never be recovered or undeleted. BCWipe embeds itself within Windows and can be activated from the Explorer FILE Menu OR from the context (right click) menu OR from a command-line prompt. BCWipe complies with both the U.S. Department of Defense (DoD 5220.22-M) standard or the Peter Gutmann wiping schemes, either of which can be invoked from within the product. You can also create and use your own customized wiping scheme to wipe sensitive information from storage devices installed on your computer. BC Wipe has offerings for Windows, Mac and Linux, and costs around $40.

Blancco
Blancco like the other tools is again a commercial product used by many government organisations to securely erase data from hard disks. Permanently erase data to prevent data recovery from unwanted sources, use a data shredder product such as Blancco File Shredder for day-to-day needs, or get IT asset management software to control, redeploy or resell your company’s IT assets. Blancco’s products and services are for professional use, often referred to as ‘enterprise grade’ and offer data erasure, reporting and auditing. Blancco starts at about £22 for the standard edition, and currently is only available for Windows.

IBAS Expert Eraser
ExpertEraser is a program that runs from your floppy drive, allowing your entire hard disk to be overwritten securely. It can run on any computer that can boot to DOS from a floppy diskette  / CDROM, regardless of how the drive was formatted. The program exceeds US DoD standard 5220.22-M. The purpose of ExpertEraser is to remove all traces of information from a hard drive. By utilising cutting edge erasure technology, ExpertEraser provides users with an efficient tool for removing all traces of data from hard drive slated for disposal, recycling or reuse.

KROLL Ontrack Eraser
Ontrack Eraser software is an easy-to-use, highly flexible data erasure tool that erases all traces of data stored on a targeted media – ensuring that sensitive information does not fall into the wrong hands. Ontrack Eraser has been approved by the CESG to the highest HMG Infosec 5 standards.