Author Archives: Chris J

About Chris J

Chris J studies physical and information security. He started the Ann Arbor Chapter of TOOOL, attended Eastern Michigan University got a degree in Applied Information Assurance. Work involves Threat Intelligence.

Raspberry Pi WPA_Supplicant setup taking way longer than it should

—- TL/DR —-
If you want to connect a raspberry pi to a hidden access point your wpa_supplicant.conf needs to have the following in the network statement.

Don’t put a ” or a ) in your ASCII PSK it causes problems. I couldn’t get it to work with the hex psk using wpa_passphrase but I broke the rules of troubleshooting making multiple changes at a time instead of one and resetting it.

—– End TL/DR —-

I got a new phone. Nexus 5x.  But this isn’t what this post is about. My SO got a new phone last August. It was an unplanned by after the last one went for a porta-john swim. Again. not what this is about.

A co-worker suggested setting up a NAS to back up the pictures to. Being a poor college student, yes still grad school isn’t cheap, that really isn’t an option. Then he said well if it’s just the phones, why not use one of your Raspberry Pis?

The problem is getting the wpa_suplicant.conf file talking. It has taken me 2 days. Mainly because I don’t mess with that file much.

it hated my passphrase because of the ” and the ) in the middle example:

I tried wpa_passphrase with the file, but it didn’t like that either. (although I kind of want to go back and test it again, in case I missed something.

Which I couldn’t find out until after I set the AP to broadcast. So after more digging I found that

scan_ssid=1 has to be in the config.

Sigh. This is taking way longer than need be, and I’d just wire it, but it’s going to not be near the cables, because of power.

Spending a weekend re-installing my firewall appliance was not my plan

So recently while trouble shooting that mail log in problem from my phone, I started going through the web interface on my pfSense box. While in the LAN interface, and it being 4am, I was like why is block RFC1918 for the Wan (which is on every interface tab), and block Bogons, not checked.

So I did what anyone half sleep deprived would do, I checked the boxes and hit apply.  Then I couldn’t get back in to the silly thing. Console wouldn’t work. I just got a blank screen, rebooting while consoled  in would go through the post and loading of BSD but after pfSense started, I didn’t get a menu.

Hey I know, I’m a Nix person, I’ll boot from the live image, go in to recovery find and turn off that setting, sync to the hard drive and reboot.

Continue reading

It’s all about the pcaps baby

So my android phone as an interesting problem, granted it’s an S4, running not the latest build so I don’t know if that problem still exists. Apparently the way the default mail application is set up, it can’t sync the mailboxes unless the Sync button is turned on. But that doesn’t stop that the mail application from trying to sync on a schedule.

Continue reading

Book Review: The Complete Guide to Shodan

I’ve stumbled around with Shodan.io for a while now. It’s a great tool, but using it effectively has always eluded me. John Matherly has given me some great advice on twitter, and I like Daniel Miessler’s Shodan Primer. But I never really find the information I need at the time.

While I know it is great to find webcams and spying Super Gnomes, that is just something I don’t use Shodan for. A lot of the reason I use Shodan lately is for work. Usually someone in management asks will if anyone knows what Shodan knows about the company. Which of our systems are listed on there.

Today while stumbling around trying to look up the company name and the netblocks, and using Dan’s cheatsheet (linked above), I noticed a new link on the page. Book.

This link goes to Lean Pub’s “The Complete Guide to Shodan” by John Matherly. It is a pay what you want book. They suggest just under $5.00 USD, for the 60 page booklet. I’m saying it’s worth more than that. I paid $10.00, which I still think is too low for this book.

The book can be delivered to your Kindle or downloaded as a pdf, an Epub, or Mobi file. I grabbed the PDF and Kindle copies of the file (too small to read on my phone and never figured out how to get it to show up in the Kindle Cloud reader).

This book is divided up in to Web Interface, External Tools (like the linux command line), Developer API, Industrial Control Systems, Appendices, and Exercise Solution.

There are exercises at the end of the Web Interface, External Tools, and API sections. Not all of them worked the way they were described in the book. For example I couldn’t find the Rastalvskarn Powerplant, even though it shows up with the link in the solution section.

I’ve read some documents on the API and struggled to get them to work. After reading the book, while I still have some questions, I know I can write the Network Alert that management wants.

Get this book, it’s worth more than anything you’ll pay for it. While it is only just over 60 pages, the content is great! Especially especially the Filter list in Appendix B.

p.s. It is worth getting an account, and paying for access.

 

Oh look HTTPS

Testing out Let’s Encrypt public beta. My thoughts so far:

90 days for the SSL certificate. Does that mean we’ll be seeing spammers setting these up to make their sites look more legit?

Mainly made for HTTPS on web servers. There is a walk through on making it work with email, using links, and some other dark Unix magic (what not everyone is running a linux mail server?). I saw a file for exchange but that’s not my cup of tea. It also brings up that whole 90 days thing again. So for now my mail server has something else.

So while the SSL Cert is good for 90 days, they tell you to update it every 60. Can’t wait to try that in 2 months. (that was sarcasm).

To be honest though, I do like the idea of Let’s Encrypt. I like that it has Debian love and script to make magic happen in the background. Less fiddling under the hood. I like that you can set up either Secure only (all HTTPS all the time) or HTTP and HTTPS. This site used to use a self signed cert for Administration, but now it’s all SSL.

Hopefully in the future we can get at least 365 day certs, more services covered, and most importantly MORE PEOPLE ENCRYPTING their web traffic.

Business Email Compromise

Last week or so, I read the Symantec Security Response blog, talking about Business Email Compromise. Short version it talks about campaigns targeting C-level employees to try and do wire transfers. There were 2 type, one is the CEO emailing another C-level because he’s stuck in meetings and needs a wire transfer. The other version is an acquisition email, that hasn’t been announced yet.

The blog linked above has screen shot examples.

At my day job, I do occasionally work on Phishing emails. While the Symantec article was good, it is missing that the example emails are no longer going to the C-levels. While I haven’t seen the acquisition email yet, I have seen lots of the person in the meeting email going around.

It isn’t just at the C-levels. I’m seeing emails claiming to be from VPs and Directors, to underlings using the same comment about being tied up in meetings and needing the wire transfer done. Where I work the C-levels are good at catching them and reporting to them. The lower levels however have been fruitful targets.  Not realizing it is a phishing attempt and trying to comply.

We need to warn the lower level people in positions to send money.

pulled in many directions

So my current reading list had changed 3 times in the last 3 weeks or so since the Fall class ended. I had started with:

Then it was going to be some Social Media Intelligence books:

Now it’s Counterhack Reloaded (Amazon affiliate link), which I’m using as my only study materials before the GCIH exam in a couple of months.

Can someone tell me again, why I try to make plans since I always seem to get pulled in many directions at once and not study what I want?

* Update 2024-10-01: changed to Amazon Affiliate Link, which I earn a commission from qualifying purchases.

UMUC CSEC610

So I completed the first class in University of Maryland University Center’s Cybersecurity program. The class was CSEC610 “Cyberspace and Cybersecurity”. I was extremely disappointed with the class. Full disclosure, I got an A in it. If you’ve followed my academic career, you’ll know I’m used to that grade.

The class felt more like a community college weeder class, if community colleges had those. The content covered in the class was the same I did in a Computer Information Systems program in the late 90s, at a community college before Infosec was a thing.

If you have experience in Infosec, this class will most likely be a waste of time, since it’s an overview class.

Continue reading

New and Improved WiFi Intrusion Detection System. Pi 2.

So my last post I was fighting the Raspberry Pi 2, with Kali Linux 2.0.1, when it came to starting kistmet_drone on boot. Ian had a work around, but it wasn’t what I wanted. I wanted the built in tools to do their job. Well it turns out it’s a SystemD problem. I spent probably about 12 hours bashing my head against it, making changes and trying things.

Finally, I got smart with my Google searching, and found a slightly better way, but still didn’t want to call an external shell script. Then I spent time smacking my head on the desk. SSHD works, and starts by systemd, why not look at it’s config. Seriously the better you are at something, the less you think of the simple answers that made you good to start with.

2 new lines. One made SystemD wait until after networking was up. The second was a strange sshd -D option. man ssh. Oh doesn’t run ssh as a daemon…

remove –daemonize from Kismet… It worked.

SO….

 

Now to get everything ready before I leave for GrrCon in 17 hours, I’ll be presenting Saturday last I heard.