Spicy Mango is a project that Chris Centore started and presented on at Derbycon this year. It’s difficult to describe completely but in essence, it is an intelligence collection and analysis engine that helps you parse large amounts of data to extract items of interest. For example, say that you wanted to keep track of your nym and how it was used on the net. You could do something like a Google Alert that sends you an email every time “AntiTree” appears in the search engine. With Spicy Mango, you can search multiple sources (such as forums, blogs, news outlets) for relevant data and then carve out what is actionable. You probably don’t want to see Tweets that you sent yourself but you might want to see them referencing your account.
I love excessively documented things. Design documents, protocols specs…whatever and Tor is one of those projects that I’ve always loved to randomly poke around into. I got sucked into Tor’s source code today and was entertained by the results. Beware, crypto time suck ahead. ControlPort Tor is controllable by making socket connections to it’s aptly named “ControlPort” usually on port 9051. The control port is not enabled by default if you’ve just installed Tor on Ubuntu or something, but it is enabled on the Windows packages that use front-ends like Vidalia. Anyways, this gives various third parties the ability to control all aspects of Tor on-the-fly.
Late next week, JustBill and I will be presenting at Defcon/303 Skytalks in Las Vegas. The presentation, Jukebox Jacking, is a project I’ve been working on for longer than I want to admit. The short version is that I’ve been messing around with a jukebox in my spare time as a weird side project. It started out as just a mobile hacking project and then turned into RF and hardware hacking. Here’s the link: https://skytalks.info/talks.html#8
BSidesROC is over. There’s no reason to really give you a blow by blow but I think it might be entertaining to see some of the feedback we received from attendees. Both years that we’ve done BSidesROC we’ve sent out a survey email right after the event with a very quick survey that gave us some feedback on what people thought about the event. I really do take it seriously but also some of the responses were very interesting.
BSidesROC is this Saturday at 8am. Holy crap. I wanted to give a final post before the con so you can figure out what to expect the day of the event. If you haven’t signed up, you should get a ticket right now. Do so on the website. http://www.bsidesroc.com Capture All The Flags We will have a capture the flag style competition. The open competition will involve you and your team being rewarded for cracking security challenges. It’s going to be run by RIT’s student security organization SPARSA. The skill level is from into to 1337 so if you just wanted to take a crack at it, you can.
There’s only a few days left for this years BSidesROC on 5/12/12. “Rochester’s first and only hacker con”. « Do you know why we say that? Not because we’re the only computer security conference, and not because we think other security conferences suck (well some do), but it’s because an info sec event is not the same as a hacker con. I’m talking about Rochester Security Summit for example. It’s been going on for years run by the local ISSA chapter and they do a good job. It is a corporate crowd. You expect that when you pay a certain amount of money that there’s a certain level of professionalism. And the people that attend are info sec professionals. A hacker con on the other hand…
The first official meeting of the Rochester TOOOL chapter happened this last Thursday. Jason Ross, the organizer of the group, you may have met at 2600 meetings, BSidesROC, seen present at BlackHat, or whatever infosec you’ve been to in the area. He’s been working with TOOOL.us to get a chapter started locally which makes Rochester a part of a small group of TOOOL chapters in the US.
It’s been 6 months since I started running a Tor bridge node on an Amazon EC2 instance. Back then, Tor had just announced an initiative to get people setting up cloud images to run as bridge nodes. This was during the then recent upheaval in the Middle East where connections to the Internet were either disabled completely, or they were extremely restricted as to what sites they were allowed to see. Tor couldn’t directly help with re-establishing network connectivity, but those that blocked Twitter and other social networking sites, could be evaded by Tor and their bridge nodes.
Here is a brain dump of what happened this weekend at ISTS 9, SPARSA’s Information Security and Talent Search. A bunch of the people from 2600, Raphael Mudge, Punkrokk, Joe, Gerry, and others were part of the Red Team. Define:ISTS The event worked like so: There were 13 Blue Teams, groups competing in the event. Their job was to take the 5 servers that they were given, run specific services in order to get points, and, something a little different than other competitions, hack into other groups for points. If you do this, you will receive points that are tracked throughout the weekend. Finally, challenges were to be performed that were worth more points.
I think it was less than a week after I announced my little Android Manifest auditor tool, Manitree, that Anthony Desnos, the developer of Androguard, sent me a message in the tone of “hey, why didn’t you use Androguard for that?” If nothing else, why didn’t I use Andoguard’s native AXML converter? Andoguard is this immense Android app analysis project. If you take a look at the first page, you may get overwhelmed pretty quickly. I hope Anthony doesn’t take this the wrong way because it’s an impressive tool when I’ve seen it working, and it’s great for all kinds of things besides malware analysis. For instance it can analyze apks, diff binary apps, visualize the flow of an app between classes — fun stuff. But for my dinky project, most of the work was focused on the AndroidManifest.xml file. But the simplest feature was most impressive to me: a native python Android XML file format converter. As of writing this, I’ve not seen someone publicly do this.