Tuesday, October 22, 2019


Have posted my tweaks of shark-1.0 (to control the RadioShark v1) to:


I've tweaked the original source code slightly, to work around a couple complaints that GCC generates.  The older version of Fedora is needed as it was the last version to support the older libhid library.

Basically, the above creates a Fedora 25 image that can be called (as a temporary container) to control the white version of the RadioShark (white, v1) device (which can still be purchased via various online markets or from junk-boxes at local social events).  I don't know if it'll work with the black, v2 device but will know shortly, as a friend picked up a v2 device at the Richmond Hamfest.

Monday, October 21, 2019

Still still here

A month goes by fast! Still here, still busy has heck, but it's getting better.

Last week, I participated in the first annual President's Cup CTF. I was able to squeak by, right around the 50th percentile. Not too shabby for a non-pro. Those questions were hard!

This past Saturday, I participated on a team at ODU's CyberOPS 2019 CTF. We ended up in a 4-way tie for fifth place. Although we'd like to do better, we're quite happy with where we placed. Topics we need to brush up on: reverse engineering, image manipulation using GIMP (for the second year), and the more esoteric approaches to SQL injection (A union? Really?).

I'll be demoing the sudo bug (and giving a very short presentation) at this week's Cyber Club meeting. Once again, the media put a bit more OMG into their news articles than was needed, as exploitation of the bug requires a pre-existing "bad idea" in the config file.

I've been improving my Docker containers and have my article tracker (based on Wallabag v1) back online. On the to do list: I'll be needing to grab the source code for the various support libraries, just so a package update doesn't destroy (again) my ability to use the tool.  Will post the source on the school's Docker repository shortly.

Sunday, September 22, 2019

Still here

Just wanted to let y'all know that I'm still here. I've just been extremely busy with work, travel, and getting the school's cyber range stood up.

To update the last post about linked clones: the VirtualBox version worked nicely. The ESXi version was a horror. For the latter, the was a less-than-optimal bottleneck relating to accessing the hard drives. Standing up five clones produced an escalating read/write latency which eventually renders the box unusable. Short version: the ESXi effort abandoned.

The DMS code is working well (though redundant functions need culling). Using it was a loader for the Recoll search engine appears to be the best approach (though I sometimes miss the Sphinx search engine).

In any case, the cyber range is up and running with two new machines, supporting twice as many students (some of which are also Cyber Club members). My "free time" has gradually increased to the point where I'm writing again. I do have a serious backlog of "things to read" though and I intend on visiting the nearest Hungry Howie's (about 200 miles away) in the next few weeks.

Sunday, March 31, 2019

Playing with VirtualBox linked-clones

Have been experimenting with rapid deployment of cloned VMs and having some fun. Using VirtualBox's linked clone feature, I can create and start 30 instances to Kali Linux (30 being the number of classroom seats) in a matter of seconds. I've also worked out how to push new network configuration onto each instance. In-progress notes are on the TC4 internal Gitea server. Will also post 'em to Github when things are further along.

There's a bunch of other things to figure out and instantiate but they'll have to go on the "to do" list. Have signed up for my second season in the NCLs. Not sure if I'll be competing remotely (separate from the class), but I want to do better than last year. This means working through the harder parts of the gym, which opened a few days ago.

Tuesday, March 26, 2019

undefined reference to "show_hash"

Note to self: when compiling older software, the fix for the "undefined reference to 'show_hash'" error appears to be "apt-get install uthash-dev". That, or libhashkit-dev, but I believe that it's the uthash-dev library.

Monday, January 28, 2019

Chrome and xclip

Have been watching a number of crackme-type walk-throughs, where the speaker relies heavily on xclip to capture a command line output so that the mouse can be used to paste data into the browser. I could never get it to work with Chrome, until today. To use xclip with Chrome, add the following to ~/.bashrc (or .bash_aliases if you have it): alias xclip="xclip -selection clipboard" After that, it should work as expected.

Thursday, January 10, 2019

My VLAN beef

After all these years, why is it that pundits still associate use of VLANs with security? Any security afforded by use of a VLAN is a side effect and is considered (by those in security) as not assurable (e.g., it cannot be proven by testing), is easily broken, and is very easily mis-configured.

A VLAN is a traffic management tool, designed to increase overall (employable) bandwidth in an architecture. It does not employ authentication or encryption. Security is increased (often negligibly) by ensuring that traffic doesn't "go" somewhere. In some architectures (e.g., VoIP phones on the same network segments as the workstations), this separation doesn't exist.