Last night at Interlock Rochester, someone did a lightning talk on Liberte Linux — one of those anonymity Linux distros similar to TAILS and the like. Everything seemed pretty standard for an anonymity machine, all traffic was tunneled over Tor using iptables, only certain software was able to be installed, full disk encryption, memory wiping — But one thing stuck out, this service called “Cables.” Cables Communication: Cables (or Cable I really don’t know) is designed by a person that goes by the name, Maxim Kammerer. He is also the creator of Liberte Linux. Its purpose is to let user A communicate with user B, in an E-mail-like way, but with anonymity and security in mind. Before this, Tor users would use services like TorMail, until that was taken down. I don’t know if that was the inspiration for this new service, but it seems like it’s an attempt to fill that hole. [

Halloween time again. Last year I tried to do a simple little hardware project to make my emoticon pumpkins glow. That’s cute and all but not very difficult. This year, I decided to work on this idea I’ve had for more than a year and a half. **The Brain – a silicone based brain with controllable LEDs inside. **I have some ideas of what to do next with it, but this first iteration is just to be a fun decoration for Halloween.

These links are meant to go along with my recent OSINT presentation. They’re provided to get you started if you wanted to start learning the craft. Meta Giant list of OSINT tools and methodology Iron Geek’s OSINT class Tools Maltego – relationship mapper FOCA – fast metadata extraction and analysis Recon-ng – OSINT framework Geostalker – fun geo-tracking tool Sites: Shodan – computer search engine CheckUsernames.com – check which sites use a username Yandex – great for custom specific searches Nerdy Data – search source code of web sites Jigsaw – business directory

Partial rant, partial useful blog post — I’m noticing that a lot of the “new” APIs for sites are starting to restrict access to content either by putting limits on content either by controlling how much of the data you’re allowed to access, or by not including the ability to access a certain amount of data over the API at all. This is different from a few years ago where sites like Twitter, would let you collect all the tweets from a user without issue. Maybe they’re being more privacy conscious (lulz) or maybe they want to charge a premium for this type of access, I don’t know.

This Friday, I’ll be presenting a weird presentation at BSides Detroit. It’s titled “Corporate Intelligence: Lisbeth Salandar vs James Bond” and it’s on a subject that has been stuck in my head for a while. It’s a talk about corporate spying, competitive intelligence, industrial espionage — the type of thing where people are stealing information from one group, and selling it to another. As is the case with most of my presentations, it has little to do with what I do for work, and more to do with play.

Can we agree that NFC is here to stay? Just about every mobile platform supports it, (I’m looking at you Apple) including simple feature phones from way back when . Let me just get to the good part: NFC input vectors for pen-testing. The scenario here is a mobile application that supports some kind of NFC exchange. Maybe it’s a Windows Phone 8 tag reader or something using Android Beam — whatever. The point is that the mobile app is receiving input from an outside source (the NFC tag), and we want to make sure it’s properly validating that input. Specifically, when an application reads in the NDEF (or proprietary) content from the NFC tag, how is it used by the application? What happens when we change this value to something unexpected? In an ideal world, it will catch the exception and stop trying to read the tag, but what about in the case of “less than ideal” programming.

InspecTor is a .onion page that kept track of bad exit nodes on the network. And it did a pretty good job. It looked for things like: SSL Stripping: Replacing HTTPS links with HTTP JavaScript injection iFrame injection Exit nodes that have no exit policy (black holes) Those are the easy to quantify bad properties. We can compare the results of connecting to a bad Exit Node and a good one and diff the results. These are some of the grey areas it also tries to look for:

Another year, another ISTS. For those that haven’t heard the Information Security Talent Search (ISTS) is a yearly event run by RIT’s SPARSA group — a student run organization. This isn’t your run-of-the-mill hacking competition. ISTS was one of the first (if not the first) to actually bring an offensive perspective to the competition. Here’s your job: Keep your services running – the longer they are up, the more points you get Stop your opponents from running services. Hack, exploit, social engineer, whatever.. make their boxes go down. Complete the business injects that are given throughout the day Complete the various challenges faster than your opponents Sounds simple right?

This is a presentation I gave about embedded security at the last 2600 meeting. This mostly just referencing other people’s work like Joe Grand and Travis Goodspeed who are embedded security gods. Pentesting embedded from antitree

Let me start by answering the short version of the question: Tor usually performs DNS requests using the exit node’s DNS server. Because Tor is TCP, it will only be able to handle TCP based DNS requests normally. Hidden services though are very different and rely on Hidden Service Directory Servers that do not use DNS at all. Read on if you don’t believe me or want more information. Here’s a reference from an old mailing list entry: