Thursday, August 1, 2013

I Found My Phone (Not That I Was Looking For It)

In today's hyperconnected world, the phone/internet is a vital part of ones day. It's how I keep in touch with work, research new projects, game and watch movies. But the phone (my iPhone 4S specifically) has all that connectivity at the fingertips.

In the living room
In the kitchen
In the car
On the toilet
Two people talking to each other (head down of course)

I lost my phone 2 weeks ago. Mostly because I was busy, I gave up searching for it around day 3. Almost like a drug, I was without withdrawal symptoms by day 5. That's when you become aware of your surroundings...

The birthday party at the park, little kids fighting for their parents attention, 5 out of 9 of them face down in a phone. One got frustrated "get away, stop being annoying"

The guy pushing his kid on the swings talking on the phone.

The couple at the Hunter Museum, overlooking the Tennessee river. They each enjoyed it separately with a few hasty clicks of their camera phone then left.

Now hey, it may be the beer talking, but they are all missing so much. Not to say that we need to go cold turkey on the hyperconnectiveness like I did. But every now and then it's nice to step back and enjoy your 'local area network'.

So, I stopped looking for my phone. Today my wife got frustrated and looked in the couch cushions. Success! My phone is charged and all my notifications gone (OMG OCD), but I'm going to miss my time without the phone.  

P.S.  OMG I need a new phone, maybe an android this time...recommendations?  =P

Wednesday, July 31, 2013

Gaming Framework - Campaign Structure

We left off yesterday with some rambling on about games, newbs and context.  Oh and some pentest application.

Let's back up.  In my opinion there are a few key items that separate a 'pentest' from a vulnerability assessment (with validation):

  • Pentests are focused.  VAs need to cover every system
  • Pentests have a critical human element
  • Pentests should be flexible (eww what's that?  poke...)
  • Pentests should have the least amount of concessions/constraints as operationally, financially and timely as possible.  Should be event based unlike VAs, which are continuos, open info sharing, etc.
With that in mind, let's dissect the DnD model (condensed as best I could)

The Catalyst

There are 4 main components (well 3 and the DM).  We're first going to head down the 'Catalyst' path.  The catalyst in gaming is that event that sets our hero/es off to their destiny.  This could be an attack on a town, someone being kidnapped, or waking up in a jail cell, not knowing how you got there or who you are (this is going to happen quite a bit this week in LV)

Ugh, Pwn'd Again

A system breach, a regulatory requirement, or a concerned CISO could all be catalysts that take us down the penetration testing path.  Whatever the case, our heroes, erm, testers just can't go storm the castle jumping on turtles.  This is especially true if our main objective is to train as well as assess.  Unlike actually gaming, where there is a steady progression towards the end boss, in penetration testing you can just arrive at the loot with few hops.  This is equivalent the existing backdoor, the warp zone, the cheat code.

Sometimes, It's This Easy

Let's forget that though.  Here we'll assume a simple progression towards an end goal, where information/access/credentials helps you in the next quest.

Red Line = Main Path

The Campaign

All penetration tests should simulate some sort of campaign.  Campaigns vs. driveby attacks or skiddies, usually have a more formulated end goal/objective and involve more thought (stealth) in the actions taken.  Your vulnerability assessments and network monitoring should take care of the drivebys/skiddies.

Once the main goal is established it's time to adventure!  Your adventure could be broken up into multiple, chained quests (defeat the orc to get a sword that kills the dragon that drops the key that opens the dungeon to kill the boss for phat lewtz!!!)  Most quests will have an adversary or challenge that may include individual encounters (like how you keep defeating bowser but he gets away).  You get the idea.

When you pentesterize this:

Campaign -> Quest Example (Can Loop Back Around)

Plowing through the red line without the blue line context is how we conduct our testing and training today (for the most part).  Tomorrow we'll start the walk through this process in depth and start to document our scenario more thoroughly.  (as long as I don't get a migraine =P)

Monday, July 29, 2013

Gaming Mindset - The DnD Way

Anyone who has spent time playing Dungeons and Dragons will tell you... have an imagination or GTFO. Without it, DnD or any other table top game is just an exercise in rolling dice and excel sheets.

So why do we try to teach our young hackers with lack of imagination? Because being the Dungeon Master is hard work, takes time/passion and a deep understanding of 'the rules'.  Gamification, while a nasty buzzword, does have applications to the real world of penetration testing.  

The Real World...Doesn't Have to Be Like This

First The Problem

The most often compliant I hear about 'bad pentesting' is the lack of real world context or just a basic Nessus report (*shudder*).  Other problems include
  • Too Many Constraints 
    • "We want a pentest, just without client side attacks, web app, social engineering, physical attacks, phishing, etc.
  • Generic Technical Skills
    • IT folks trying to test, enterprise folks trying to test non-enterprise
  • Pentests That Aren't
    • Check the box pentests (to meet NIST, whatever)
    • Vulnerability assessments called pentests (buzzword) 

Gaming Mindset As a Solution

There are a number of benefits that both directly and indirectly common pentest problems.  Mainly, it allows the tester to elevate themselves above that of 'button pusher' and become more involved.  The tester/player now takes into context:
  • The System Environment  -  The Game World
  • The Users / Admin / Attacker  -  The Cast
  • The Team Leads (Target and Team)  -  The Dungeon Masters
From here, your newbie sword of pwnage that knocks over the imp outside the castle gates can have a tangible relation to the overall quest/campaign.

HAIL!  You Do 67 dmg.  Imp Vaporizes

Tomorrow I'll delve into the bag of cats that is my mindmap on this, introducing concepts of campaigning, setting, quests, NPC, PCs, and raids?  Going to be fun.

LFM Mage Spec'd Metasploit

Sunday, July 28, 2013

Blogging the Obvious - 30 Days | 30 Posts

So a lot has happened in the past few days.  Like a geek country music song, I lost my iPhone, my contract was cancelled and I'm sure my laptop will die at any minute.

But let's forget that.  Time to start documenting the obvious...welp, the obvious to me.  Because what is obvious to some is not to other, and because I need some karmic retribution, I'll post here every day for the next 30 or so days.  Somethings I've learned, maybe the hard way.

Friday, May 17, 2013

Apple Disk ][ - Reborn

The Concept

I'm slowly moving to an all mac/linux environment at home, consisting of a macbook air, a hackintosh and an old mini.  I wanted some portable storage that looked nice, wasn't your typical WD MyBook (bad reviews...) and was...welp interesting!

Not Interesting Enough

Trolled around for vintage apple stuff I found her.  The beautiful, heavy, Apple Disk ][.  I needed this to work.

The Parts

1 x Apple Disk ][  -  Does not need to work!
2 x Hard Drives  -  I went with 2 x 2TB WD Red 
1 x 'Hard Drive Dock'  -  I bought the 'Syba USB 3.0 Dual Hard Drive SATA II Docking Station'
2 x 22 Pin SATA Cables  -  You will need female to male <--Like these
Misc  :  Rubber grommets or sheet, foam squares, hot glue.

The Build

Pretty straight forward.  The old apple disks are simple to take apart (various sized philips screwdrivers are your friend).  Strip it down to the shell.

Pop the top off and reveal the sweet analog card

Now take apart your harddrive dock and get the bare board out.  Your size/shape may vary but don't go for an OMG humungous dock.

Syba Dock Board Exposed

Get the bottom half of the Apple Disk ][, your dock board, rubber, and hot glue and get to work.  First we need to attach the board to the back of the Disk ][ bottom shell.  Using rubber grommets or a rubber sheet, first attach rubber to the 4 corners of the board and then board to the vertical side of the shell.  I used the sheet as a shim to ensure the board did not touch the shell on the bottom.


Next break out your foam and hardrives.  The foam helps in 2 ways, one it will allow for spacing between the drives for air flow.  Second it will provide vibration isolation to reduce noise.  Let the stacking begin.

Note first SATA extension cable installed.

And second SATA extension cable installed

Add foam to the top drive and compress as necessary.  You want a nice tight fit to avoid too much horizontal motion.


Now for the dry fit


The Rest

Everything afterwards is easy peasy.  Ensure everything powers on, format drives as you please.  I wanted a large JBOD as I wasn't using these drives as backups, just mass semi portable storage.  Using this guide I created my 4TB JBOD and it sure is pretty.

What's Left

There are still some cosmetic items to take care of. 

External cabling.  There is already a gap in the back shell that I plan on dremeling (carefully) out to accomodate the power and USB 3.0 cable. 

Also going to secure the front plate and maybe even get the integrated red LED to show disk activity.

So, could I have gotten a JBOD 4 TB disk cheaper, easier, and cheaper?  Sure...but man is she gorgeous.

Sunday, November 11, 2012

Beer, Glorious Freaking Beer

In order to bribe, err, encourage more consistent attendance at the DC423 meetings, I am back into monthly homebrews and will be giving them away.  I have 1 liter ez flip cap bottles that I will be filling with my finest, all I ask is:

  • You reserve your bottle at:
  • You return the bottle (they are expense)
  • You consider making a donation for supplies (not necessary, but appreciated)
  • You enjoy your brew and provide honest feedback (help me improve)

Are you a homebrew geek?  Want to learn?  Head over to /make for the recipe and results of the brew.


Wednesday, November 7, 2012

RFCat - I Can Haz Megahurtz?

***props again to @tothehilt / all info below is his

The RFCat is a neat piece of kit from atlas 0f d00000000000000m that is a custom flashed Texas Instruments C1111 with python code.  Please reference @at1as information [here]  This USB dongle allows you to play with the sub-GHZ range of RF (think car keyfobs, baby monitors, smart meters, etc)

But enough with the background, how do we get this thing to work?

RFcat Setup:

Plug in RFcat
Make sure your firmware is correct:  

  sudo lsusb

Output should include OpenMoko

  Bus 002 Device 007: ID 1d50:6048 OpenMoko, Inc.

See that on the CC1111 and you are good.
Now unplug dongle, and don't plug in until you get rfcat running.  If you don't you may need to talk to atlas on freenode #rfcat

Complete the rest as follows:

  sudo apt-get install mercurial
  hg clone
  sudo add-apt-repository ppa:pyside #(for specan)
  sudo apt-get update
  apt-get install python-pyside.qtgui #(for specan)
  cd rfcat
  sudo python ./ build
  sudo python ./ install
  rfcat -r

Now plug in your dongle, and enjoy :)

d.specan showing us activity ~908mhzcommand->  d.specan(908e6,25000,51)

Refrences: (specan)