Often while doing research I need temporary access to a bunch of different virtual machines. While it is possible to do this on my Macbook using VMWare Fusion or Virtualbox the overhead seems unnecessary for something I will delete in under a week.
My goto solution is a virtualization stack of: 16GB DigitalOcean Droplet + Wok + Kimchi
Here is the shell script I use to build it:
After the server is rebooted you can access the web interface at https://ip:8001:
The next step is to add the templates you want to build VMs for:
You can use these commands to grab newer isos (there is a feature request to automate this):
Once you are done with that is is amazingly easy to spin up VMs and manage them in the browser:
I use this virtualization stack a lot in my research and it is amazing. If you have any questions feel free to reach out to me on twitter.
Certificate transparency logs are an amazing way to get a good overview of your certificate landscape, detect fraud (bad guys also use TLS) and find shadow IT and unknown cloud services. The problem is that there are not many good places to search these logs. The best I have found is from Symantec, although it is slow and errors out often but it works for what I need.
The best way to get the data from this service I found is with this simple bash script I put together that runs a curl command and downloads a .csv.
Running is is as simple as: ./ctlog.sh yourorgsname
The output should look like this: (If it is blank the service likely timed out and you will need to rerun it.)
Unless you are really on top of your game you are likely to find a valid certificate you didn’t know about.
Ever since Charlie Miller hacked a Jeep while it was driving on the interstate I have wanted to learn more about Car Hacking but really had not had a chance to get started with it until a month ago when I ordered a Carloop and was ready to get hacking:
… or so I thought. Turns out car hacking is hard… like, really-really hard. While I have not “hacked” anything yet I have learned some early lessons:
The Carloop.io is an amazing tool but the Carloop Pro for $150 is overkill to get started and the Carloop Basic for $55 is all you need (and all the test code is built for it).
Once you get the basic setup down you will spend a lot of time in your driveway and garage doing this:
“Car Hacking” is fairly new and you will likely not find a lot of information about your car online and will have to decode (and hopefully share) a lot of the information you find. Reddit and Twitter have some fairly active discussion groups.
Car Hacking so far has been an amazingly fun project and there are amazing new tools coming out all the time. I just backed Macchina on KickStarter this week and would like to pick up a canb.us. I am sure my car hacking tool kit will continue to grow.
I will be blogging more about my adventures into car hacking over the next couple of months as I learn more and have more to share.
I was lucky enough to get a hold of an Insta360 Nano this week and it is some of the most amazing technology I have seen recently. It allows for truly instant 360 photos, videos and timelapse captures. As one of the people I was showing it to this week said it is the “selfiestick of 2017”.
Here are some examples of some of the stuff I captured this week. Photo:
I am really looking forward to taking it to the RSA conference and London next month.
Scanning a host with Nmap is a fairly routine act for some in security to do but you from time to time you want to either get a different view of a host or try toconceal your public IP. In this case I use this simple “trick” to run an nmap scan through TOR.
To do so you need to make sure you have nmap, tor and proxychains installed on your machine.
The simplest way to install these tools on ubuntu is with this command: sudo apt-get update -y && sudo apt-get dist-upgrade -y && sudo apt-get install tor nmap proxychains -y
Once that is complete proxychains nmap +options +target will run your nmap scan through the TOR network via proxychains. In this example I ran proxychains nmap --top-ports 10 -sT -PN -n -sV 220.127.116.11 against my blog:
A couple of protips:
This method is slow. You will want to know the hosts and the ports (-top-ports 10) you want to scan and scope limit as much as possible.
This *isnt* 100% anonymous. While using proxychains and tor will give you a basic level of anonymity its not irreversible.
Yesterday US-Cert released information on GRIZZLY STEPPE the malware used in the DNC hack. The IP and hash information provided by the US-Cert was really lacking so I decided to dig through it and see if I could make more of it.
The first thing I did was to run the IPs through an ipinfo2sheets spreadsheet I put together earlier this year and got way better data:
Once I got more data for the IPs I noticed that it looked like there were a lot of TOR exit nodes on the list. So I cross referenced the IP addresses from the US-Cert against the TOR exit node list and 21% (191 of 876) of them were TOR exit nodes: From there I decided to map the IPs on a google map to see where they were all located:
Next I looked at the hashes and this morning VirusTotal says that only 28% of AV detects the Grizzly Steppe files:
These from GearBest would also work: Rotating USB Style Air Cleaner – WHITE AND BLACK
A week or two after I ordered them this ChinaPost envelope showed up in my mailbox:
I got my soldering station set up and was ready to go to work:
After snapping off the case the first thing your have to do is desolder the pigtail: The next step is to solder a wire to the resistor towards the bottom of the board:
You then solder the other end of wire to the data lead on the USB connector:
(Tip: You should probably use more than 24 awg wire.)
You now have a USB Killer to *not do* evil things with: Disclaimer: Dont be a JERK. This will fry motherboards. Dont plug it into anything you are not ready to replace.
I had a coach whose favorite quote was “Pain is the best teacher.” and that was the first thing that popped into my head this morning when I realized that I had left an $80 a month Digital Ocean Droplet running for an extra 3 weeks after I got done using it. To be honest $60 isn’t *that* painful but it did prod me to write a slackbot that will post all my running droplets to slack once a day:
I am a huge fan of snow and hacky one line linux commands. Thanks to some amazing people on twitter and a little too much free time at the end of the year they have both combined to bring snow to your terminal window just in time for your winter based holiday.
This command works on OSX out of the box: for((I=0;J=--I;))do clear;for((D=LINES;S=++J**3%COLUMNS,--D;))do printf %*s.\\n $S;done;sleep .1;done
This command is a little longer and requires PV (sudo apt-get install pv) but looks amazing on Ubuntu: yes $COLUMNS $LINES|pv -qL50|perl -ne'$|=1;($c,$r)=split;$s||=$"x($c*$r);print$s;$s=$"x$c.$s;substr$s,rand$c,1,"*";$s=substr$s,0,$c*$r+$c;'