The mic recording is funky in this episode - sometimes the background noise disappears and the sound is crisp... Must be an error ;-)

Im a Script Kiddie and I can do everything SILICA can do using BackTrack. $2,500 for wireless pen testing or all-round pen testing. Get serious, I thought this video was a joke.

Honestly,

1) Darren does a good job with interviews as he usually can find a balance between who his audience is.

2) 10+ min on WEP lol) what year is it?

3) It is "Backtrack" not "backtracks" and currently can do all this w/ GUI.

4) The tool aimed at in-house IT right? Sounded like it. If the market exists they can sell it. Selling it at Defcon, well that is just funny.

5) I think Darren was just a bit like "I have to interview him and it is my job...but man...you never heard of the pineapple.

where can i get i pirated version of this software???

@ransi1234 Nowhere.

Your not a hacker if your using a Mac...

@00011theman why not? it's basically bsd with a nice gui.

@Yahnthepyroman Then why doesnt BSD programs work on a mac?

@00011theman Your operating system and hardware has nothing to do with you being a hacker or not

So its an open source project that costs money? Alot of money?... ok then.

@pspheaven and $2000 for it to go apt-get update?

@scuba323 Its been a while since I've seen this video.. but I think its a windows app? Idk might be wrong.. I havn't watched this in along ass time.

@pspheaven virtual machine :P

@scuba323 Gah... Hell with the vm. Anytime you interface with an external device such as wireless adapters you should reallllly boot the true os

@pspheaven dude. word! like really? $2500 for stuff that is already in bt5. (most of it) all there doing is throwing a few more things on it and a gui. i wish someone would be a true open source company and make a free one. just to show ppl like them what the community is really about

Any torrents for it?

what kind of kevin mitnick is going to pay $2500 for that?

noobs these days man...

@tehpr0lol big companies who want their testing teams to run the software on their systems. A good GUI means less training time/costs, so is appealing to executives

Yea, cause the best business models for pentesters is to make it so a retarded monkey can run a GUI..Its because most people are too stupid to actually use the tools that are out there...

thats awsome its like a hackers dream

Macbook air ? :)

This argument about BT vs Silica is stupid, If your business is PEN testing or security testing $2500 is not much money to spend on a tool designed to make doing the job easier. Does that mean BT or Silica are worse than the other? No. If I can spend a little money to make my job easier and faster and increase revenue far more than the tool cost me I will buy it.

I have been on penetration tests in corporate environments where they specifically ban backtracks from use on their networks (although I'm not sure exactly why). Silica is a professional product that is only sold to professionals. Silica will quickly demonstrate the insecurities of wireless networks and the clients that are associated to that network. Silica is a good choice when you need to do something quickly and efficiently and focus on that task at hand.

Lol @ $2500, nobodies going to pay that. Can someone link me to a pirated version please?

Why use silica instead of backtracks?  I'll tell you why:

1) BT has only been updated 5 times since 2006. silica updates all the time.

2) you waste a lot of time with BT.

3) no support at all with BT (unless you count forums with guys like you all letting everyone know how cool you are and make fun of everyone for asking questions

4) exploits in silica are COMMERCIAL which means MONEY WAS SPENT to make them BETTER

5) silica masters wifi test space. BT tries to master everything (and fails).

@wifijunky Lol someones bitter at not knowing how to learn on BackTrack, and I have found the community with BackTrack to be friendly, and I'm pretty new to it so I had to ask a few questions like most people and I got good answers. Plus I found tons of tutorials. Also why would you pay 2500$ for something that specifies in 1 thing but you have BackTrack which is free and does a lot of things, and it does them very well.

You my sir, fail.

@Robbi159 I didn't say that I didn't know how to use BT - I said it wastes my time. BT doesn't do everything I need but SILICA does. And thanks for helping me prove my point about why BT support is such a joke - it's people like you with bad attitudes telling people they "fail" because they have an opinion and do things differently. LOL $2500 is not a lot of money to pay for an excellent utility. Just because I have the means to make my job easier doesn't make me any less capable.

@wifijunky Me? Bad attitude? I reply to you the way you are speaking to us ;)

Also I dont see anywhere I am saying bad things about Silica, other than that its overpriced. Its YOU who is speaking badly about BT and I honestly cant see why one has to be the superior one. BT can do multiple things and is free while Silica can do 1 thing and is not free. If you honestly cant see why 95% of people with the will to learn will go for BT you were dropped as a child.

@Robbi159 If you go through the comments you will find most of the BT fans having something negative to say. My "use silica over BT" comment was basically in response to someone saying "why use this shit when you have free stuff". So I was just defending silica because it does things that BT can't. BT is a learning tool - this is true and I totally agree with you. But a company is not going to hire you to do a pen test if you are still learning.

why use this expensive shit when you got backtrack and armitage ???

2500 yea right lol, lame.

"explotating"

I'm glade that Youtube has added "Reactions". Now I can mark that I found this video "funny"

Yay! $2,500 for software that does what FOSS already does! SIGN ME UP!

Can't wait for the Defcon episode! I'm waiting patiently.

The host is annoying as hell. He needs to learn to shut up and let the man answer his questions.

He must have been nervous so he slipped up on some words here and there. But let's not focus on words and focus on how awesome the tool is :) What you can do with SILICA you *can't* do with backtracks unless you code it yourself. It's that simple.

$2,500 ouch

Or at least I have not found it on their website.

I don't know what he was talking about, 'cause it isn't open sourced.

So they basically got everything into one easily used thing, so they are allowing script kiddies to go wilder now ! well done !

I LOL'd at the Mac Mini comment. It's a MAcBook AIR! He must've been nervous.

@flameof2142 I doubt most script kiddies have that kind of money. This is more for lazy IT professionals with money.

@mdgeppelt He didn't say it was open source. He said it had an open plugin architecture so you can add on features, etc.

I have silica (we use it at work) and it's amazing. It does stuff that backtracks can't. BT has its place and is a useful tool but let's be honest it takes 15 minutes of typing on the command line just to set up 1 attack and you're all over the place in different terminals. Plus if something goes wrong I can call up Immunity for support which is not the same with open source tools. If I ask questions in forums I just get responses from haters and bullies like some of you people.

@wifijunky ok BT can do everything that silica can way more in fact (perhaps you should take some courses if your company pays that much for software they offensive security trainings might be interesting) . and yes you have to type a lot in BT (i know )the advantage of that is that you know what you're doing . and if you really hate it write a script.

@ConteValkone So you're saying that I don't know what I'm doing because I like to automate things? LOL You're so ignorant and close minded. So according to your logic I only "know what I'm doing" if I choose to waste my time? Wow. Why don't you post your phone number here so that I can call you the next time backtracks breaks or doesn't have a feature I need, lol. Corporations pay for support and updates - they don't choose "free" for many reasons. silica has great support and updates.

News update: The MacBook Air is now called "Mac mini", according to Nerdington McDorkfester, sitting on the step.

Did he just say "exploitating"? Stupid Americans! *sigh*

I stop watching when he said the price....

Immunity had a BlackHat booth and SILICA was presented at the Arsenal. With a commercial product like SILICA you get money behind the development of quality exploits, updates and support that you don't [always] get in free tools. I'm a huge fan of open source tools but SILICA makes my job easier and that's something that can't be ignored. When you can demonstrate to your client how a simple right-click can result in the complete compromise of their security - it's worth the price.

Daren you're a douche

i dont think that could be so expensive for a users maybe $1500 what do you think ?

i m completely agree with Conte Valkone please come back to Blackhat is the best place for sell this tools ;-D $2500 Defcon is a more underground

Searching in the Inmunity Website

Silica does much much more than what backtracks can do. Sure backtracks if full of good stuff but where's the functionality in BT to automatically decrypt wifi traffic, inject exploits into normal web traffic, automatically use local privilege escalation vulnerability to get root or system and then install a backdoor or download wireless keys to other networks? This is completely automated in silica and can't be done in backtracks.

SILICA does not sit on top of open source code. All attacks are written by the developers at Immunity and it includes CANVAS exploits (CANVAS the best exploitation framework, in my opinion). Yes there are free tools out there that can crack WEP/WPA keys but SILICA offers so much more than that. The one feature I like is that it will build decryption routines for all WPA clients so hijacking web application sessions is made really easy. Are there Android and iPhone exploits in BT5??

Do you recommend the Offensive Security training for people who are beginner to wireless and Linux?

out of my price class but it was a really intresting video =)

So the code and app are open to be edited and added to but only after you pay the Fee to acquire it. Why on earth would you want to pay $2500 for a single tool which can be found across several other open source and free tools. Even when you donate to keep those tools alive and working it would still become less than $2500

$2500 damn I want it just $2499 out of my price range

I didn't know "Exploitating" was a word...

@SeawolfRN be nice ... interviews like this are not easy. The tool looks great!

mac mini?? umm the fuck he doesn't know a mac book air is when he is using one....

Really, is he being serious $2500 a year

Il rob the federal reserves to get that. (not rely going to do that)

dont worry guys..soon this will be on torrent :D

A $2500 tool... to open up wireshark... nice!

Sweet dude! ...$2500 WHAT THE F#@K!

not gonna lie i want this

It'd be cool if it were open source.

give..... PLZ :)

Thing is its still gunna be a cunt to crack a wpa key... even with amazons services. Are they willing to crack your keys on a super computer... no

kinda want but i got my lovely BT5

what samsung is that?

WTF! Nobody is gonna pay $2500 for that shit

Lord allmighty, i want Silica

I'm scared...

Ill stick with Backtrack 5 thanks. fuck $2500 when i can hack for free.

so that's 2500 $ a year for a GUI

who's going to pay that when you can do the same for free with the following

-brains

-BackTrack

@ConteValkone Looks like a really nice app tho. Ill download a copy then test it out. Like you said i aint paying £2500 for a GUI sat on top of Open source code.

The guys craaaazy!!!!!!

@thegroove2000 i never said it was on top of open source i only said that the additional value of this is the GUI

because it is another framework than metasploit (called canvas)

@ConteValkone I added the open source part. OK now?

@ConteValkone Guys who have too much money and who shouldnt actually be network administrator at all

Idiot tools will.

:"3 the original Commando kitteh

@ConteValkone - The $2,500 is paid for after one wireless penetration test. If you do them alone (like I do) it's nice to have a tool that makes things quick and easy. But SILICA has features that other tools don't (like traffic injection to "force" wireless clients to interact with client-side exploits, custom and static post-exploitation actions that run on the victim host after compromise, passive session hijacking (under WEP *and* WPA networks), decryption of WPA traffic, etc).

@patzan9229 the forcing is called arp poisoning combined with dns spoofing

combine this with the the metasploit (if you are fcking lazy use social engeneering toolkit than you only have to select the correct number) and you also have some nice post exploitation called meterpreter (i bet they use the same )

as for WPA they are using brute force or dictionary (revolutionary no ? LOL)

@ConteValkone SILICA does have the ability to do mitm but it doesn't need it because everything is over wifi. SILICA can inject passively into client's web traffic which is an awesome feature (in fact it doesn't even need to be connected to the same network as the victim). SILICA uses MOSDEF from CANVAS as an in-memory post-exploitation engine. It's true that BT can do lots of stuff but it doesn't have WPA decryption and an easy way to audit corporate Intranets without coding stuff myself.

@patzan9229 I checked and the WPA decryption used by SILICA is brute force or dictionary .

in BT you can do that as you ca even use GPU's .

about the passive hijacking in backtrack that would be ettercap and firesheep (for h t t p (but i think that is the only hijacking SILICA is capable of ) the rest i would have to look up)

srry forgot about MOSDEF witch has it's pro's(but think is risky(because memory can run out with big exploits) and unstable)

network analyser myself :D

@ConteValkone Oh no I don't mean the cracking of WPA pass I mean the *actual* decryption of WPA client traffic. For example SILICA listens for clients connected to a WPA network then it will build a decryption routine for *each* client. Then it will parse all cookies (even on Intranet sites that I audit unlike firesheep only parsing popular sites) from the WPA decrypted traffic and it will store all decrypted traffic in pcap format for later analysis. It's a powerful feature of SILICA.

@patzan9229 you can only decrypt WPA with the password (yes even SILICA i just checked)

and idd firesheep is GUIish do if you want all the cookies you should just capture traffic with wireshark ( wich can also store in pcap (i think SILICA uses wireshark correct me if i'am wrong))and mine the cookies with ferret and use them with hamster

@ConteValkone Yes - once you have a WPA key (if SILICA cracks it or you already know the key) then SILICA can decrypt everyone else's WPA traffic which is awesome. Then SILICA makes it easy to replay the decrypted cookies to get into sessions. Firesheep only steals cookies for a predefined list of known targets which is useless on a corporate network and against custom applications. SILICA only pipes decrypted data to a named pipe that wireshark is listening on but SILICA decrypts it first

@patzan9229 in wich case i do not believe this is the place to present it because normally a pentester will not search for intel or tools on youtube ( only if they are bored and/or want to check the level of skills script kiddies and n00bs (not saying you are one ) are having )

@ConteValkone In the end BT is good for general pentesting and it covers a wide range of attacks. SILICA only has 1 purpose - to audit the security of wireless networks and clients. The convenience, the time saved and ease of use of SILICA are worth the price alone. If you are a wireless pentester I'm sure you would agree. I'm sure you are a hardcore commandline junky but not everybody has time and knowledge to manually bring everything together like you do :)

@patzan9229 if you prefer speed (relative) above control and you're a paid pentester and you are willing to use a usb wificard with limited commandline skills ( have to meet the first pentester that has limited commandline skills because new "pentestthings"(not a word) are always available in commandline before ther is a gui ) than it might be interesting

@ConteValkone I'm a wireless penetration tester and a lot of the time I'm alone on a test. So having a tool like SILICA that can give me immediate results without having to mess around with multiple tools or commandline options offers a huge advantage. With SILICA everything is automated so I can quickly break into hosts and spend my time finding other vulnerabilities deeper in the network instead of wasting time setting everything up. It's just an extra tool in an auditor's toolkit.

@ConteValkone SILICA does have customizable post-exploitation actions as well. So if you want to run commands on a host as soon as a compromise takes place it's possible. For example, as soon as it breaks into a windows/*nix host you can have it automatically download files, password hashes, edit registry keys values, install rootkits, etc. Or drop into a shell on the victim device to run your own commands. It takes 5 seconds to setup an attack to automatically own all wireless clients.

@patzan9229 if you are a pentester i advise you to acquire some more knowledge about the topic because it is your field of work . and what you described is perfectly possible with BT5 (mainly metasploit )in fact with a bit scripting you can do it way faster even the post explotation . if you can't write script's (what would be embarrassing seeing your line of work(i believe they say so in English)) you could use a gui like armitage

so far nothing yet backtrack can't do (better)

@ConteValkone I have all the knowledge I need to do my job. Just because I value saved time doesn't mean that I don't have a technical knowledge of all the attacks. The time wasted in BT on the commandline could be used elsewhere. SILICA makes everything easy. I also have used BT since the very 1st version. It's a great tool but it *can't* do everything that SILICA can. You have never used SILICA so how can you even compare the two? BT is awesome and SILICA is awesome. It's not a contest.

@ConteValkone oh and injection is NEVER passive .

99 reasons not to go to defcon...

facebook hacking made easy.. lol.. just kidding!!!!!!!!

@kungfumaster12 this was already easy check ettercap use mitm arp spoof the dns and use social engineering toolkit

@ConteValkone lol.. already seen that.. :)

The 20% off coupon is a lie.

10 More seconds..

Nice 

You forget to switch the mic back an forth Darren!

@Rudde47 He usually does at cons. They really need quick-setup mic packs for who they're chatting with.

@DarkStar851 I agree!

@Rudde47 Even a wide-field microphone like used with speakerphones would work (obviously something of higher quality, but it'd work.)

Ad Stops at 7:16

@ovdroidx o i thaught the entire vid was an add :D

So it comes with a blackbird?

Cool! :)

First?!

@zomgl0l lol

@zomgl0l Kappa