antiTree | posts and projects

BSidesROC is over. I thought it might be interesting to give a behind-the-scenes look at some of the stuff that makes BSidesROC run. OPs We have “Ops”. A few years ago we decided to try to organize BSides like an IRC network where each channel has an Op and an Op controls what happens in that channel. So for us Ops are trusted volunteers, and the channels are facets of BSidesROC such as the website, Hacker Battleship, or T-shirts. This is a cheeky way of letting people manage stuff they want to manage. So when someone says “Man the website is great!” We can say – well you should thank the Website Op. But that also means, “Hey can you put this on the website,” it’s expected that the Website Op handles this.

Rochester’s version of a Security B-Sides is coming up next week. There’s a rush to finalize everything and there might be a question about this new event I’ve referenced as “Privacy Workshop”, “OPSEC Training”, or just AntiTree talks for 3 hours. The Privacy Workshop Track is something that came out of an ad-hoc event that @CJP has been doing for the last couple of BSidesROC’s. He would walk in and say “I want to do a key signing party” and we’d go “Awesome!” and set him up with a table. This workshop/lecture series is an expansion on this idea where we said we’d like to do more than just key signing, we wanted to teach you what you’re doing get you started. As GPG is a pretty good answer to some of the surveillance out there, I thought I would expand it into a series of presentations focusing on other tools with a similar goal. I’ve broken it down into three parts; Connectivity, Communication, and Operations. The tools I’ll be focusing on will be Tor, TAILS, and GPG. Operational security with TAILS, anonymous connectivity with Tor, and secure communications with GPG.

Last year, I was bit by the idea of intel as a research project. I presented at BSidesDetroit on the topic of corporate espionage and the contrast between HUMINT and TECHINT. My Defcon Skytalk was titled “Bringin Intelligence Back To The Hacker Community” and I did a GRRConCon talk on the capabilities and structure of a normal private intelligence campaign. The research had a side-affect of replacing a generally apathetic outlook on the topic, with a more specific abhorrence toward the intelligence community as a whole — specifically private intelligence groups working under the auspices of the U.S government and other nation states.

For a few years now, I’ve been stating my plans for the rest of the year, and reviewing how the previous year went. Here’s the review: Last Year Major Con Presentation One of my goals was to be accepted into a “Major Con” for some definition of that word. This year I presented at Derbycon, GRRCon, Defcon Skytalks, BSides Detroit, and the Rochester Security Summit. I will say that my moon shot was to be accepted into 30C3 but I was aptly turned down.

Last night at Interlock Rochester, someone did a lightning talk on Liberte Linux — one of those anonymity Linux distros similar to TAILS and the like. Everything seemed pretty standard for an anonymity machine, all traffic was tunneled over Tor using iptables, only certain software was able to be installed, full disk encryption, memory wiping — But one thing stuck out, this service called “Cables.” Cables Communication: Cables (or Cable I really don’t know) is designed by a person that goes by the name, Maxim Kammerer. He is also the creator of Liberte Linux. Its purpose is to let user A communicate with user B, in an E-mail-like way, but with anonymity and security in mind. Before this, Tor users would use services like TorMail, until that was taken down. I don’t know if that was the inspiration for this new service, but it seems like it’s an attempt to fill that hole. [

Halloween time again. Last year I tried to do a simple little hardware project to make my emoticon pumpkins glow. That’s cute and all but not very difficult. This year, I decided to work on this idea I’ve had for more than a year and a half. **The Brain – a silicone based brain with controllable LEDs inside. **I have some ideas of what to do next with it, but this first iteration is just to be a fun decoration for Halloween.

These links are meant to go along with my recent OSINT presentation. They’re provided to get you started if you wanted to start learning the craft. Meta Giant list of OSINT tools and methodology Iron Geek’s OSINT class Tools Maltego – relationship mapper FOCA – fast metadata extraction and analysis Recon-ng – OSINT framework Geostalker – fun geo-tracking tool Sites: Shodan – computer search engine CheckUsernames.com – check which sites use a username Yandex – great for custom specific searches Nerdy Data – search source code of web sites Jigsaw – business directory

Partial rant, partial useful blog post — I’m noticing that a lot of the “new” APIs for sites are starting to restrict access to content either by putting limits on content either by controlling how much of the data you’re allowed to access, or by not including the ability to access a certain amount of data over the API at all. This is different from a few years ago where sites like Twitter, would let you collect all the tweets from a user without issue. Maybe they’re being more privacy conscious (lulz) or maybe they want to charge a premium for this type of access, I don’t know.

This Friday, I’ll be presenting a weird presentation at BSides Detroit. It’s titled “Corporate Intelligence: Lisbeth Salandar vs James Bond” and it’s on a subject that has been stuck in my head for a while. It’s a talk about corporate spying, competitive intelligence, industrial espionage — the type of thing where people are stealing information from one group, and selling it to another. As is the case with most of my presentations, it has little to do with what I do for work, and more to do with play.

Can we agree that NFC is here to stay? Just about every mobile platform supports it, (I’m looking at you Apple) including simple feature phones from way back when . Let me just get to the good part: NFC input vectors for pen-testing. The scenario here is a mobile application that supports some kind of NFC exchange. Maybe it’s a Windows Phone 8 tag reader or something using Android Beam — whatever. The point is that the mobile app is receiving input from an outside source (the NFC tag), and we want to make sure it’s properly validating that input. Specifically, when an application reads in the NDEF (or proprietary) content from the NFC tag, how is it used by the application? What happens when we change this value to something unexpected? In an ideal world, it will catch the exception and stop trying to read the tag, but what about in the case of “less than ideal” programming.