Tag Archives: Open Source Tools

Moving WIDs to Raspi2.

So I tried to do this back in July but got sick. My next talk is at A2Y.asm on Sept 12, and rebuilding all the Pi2 again with Kali 2.0.1. I have litteraly spent most of the day trying to expand the root directory.

There is a tool called rpi-wiggle, that sounded really cool, but it hasn’t been updated in 3 years. It also didn’t work for the pi2 running Kali 2.0.1. After lots of searching, I found a forum post saying talking about it.

After running apt-get install triggerhappy lau5.1 (from Kali repos) and getting the Debian raspi-config file from Debian. It says it worked. I’m waiting for the reboot to know for sure.

And it worked. from console it says it has full space.

Now if I was making anything other than a drone, I’d run apt-get install kali-linux-full to get the whole Kali experience instead of the light version. But I’m making a drone. So here is what needs to be worked on before I start making images:

  • install: Kismet, NTP.
  • boot to cli instead of gui
  • change the root password
  • configure kismet
  • Clone
  • configure static ip, and daemon mode.

normally I’d disable ipv6, still might. but the ipv4 and ipv6 stacks are working well together right now. In the past they haven’t.

Unofficial training at Circle City Con

I’ll be presenting at Circle City Con this year, on Wireless Intrusion Detection with the Raspberry Pi. I’ve done  some test runs of the talk, and have ended with people wanting to contact me later if they have questions. Mainly if they get stuck. Also one of the comments from the reviewers when I submitted my talk was this would be better as a training class.

After talking to one of the organizers, here is how this is going to work. Currently I’m scheduled to talk on Saturday. After my talk, through the end of the Conference I can be available (as long as I’m not in a training sessions) to use some of the the common / lobby area to work with people wanting to set up the wireless drones, what kismet calls sensors.

Continue reading

Designing a new home lab

I used to have a home lab of 3 cisco routers, and 3 cisco switches. That was for my CCNA training. Problem was, they were so old, they were not worth it. The lab also had 2 Intel 32-bit PC towers and a Sun Ultra 10. The Sun box was to get the Sun certification, but never got around to it. That isn’t to say that the lab wasn’t used. Just not used for the reasons I originally bought the components for.

Now, since I graduated and I have money to spend on building a new lab, I’m looking at getting something new set up. After watching Johnny X(m4s) and Eve Adams recorded talk from Derbycon. I decided on the following design.

Lab Design v1

So this will be on a separate internet connection from my home network. That means getting a second line to the house, but it doesn’t have to be the fastest line in the world.

The hope is to have the PFSense box, the Security Onion Box, and the Vmware ESXi box all running on Micorservers. The price for the Lenovo ones are decent.

I want a Cisco 3560g switch for Gig out all the ports, plus the layer 2 / 3 routing. Again the price isn’t too bad, about the same as the Microsevers. Lastly if I decide to go for the CCNA again, it should be useful.

The wireless access point was chosen from the Offensive Security WiFu class hardware list. I could use my old Linksys WRT54GL with dd-rwt on it. But it cant’ do N. Granted it looks like the Off-Sec recommended ones are only half N.

Lastly, it would be nice to have a peg board with all my Raspberry Pi devices attached to it. Requires being easy to remove them, but not a big issue. This would give me a place to have them while working and store them when not in use. If I can get POE on the 3560g, that means I can get a POE splitter and adapter for each Raspberry Pi, and don’t have to worry about power there either.

The laptop would be as needed device. I could use my current one or buy one to dedicate to the lab. Mainly it’s there for user interface purposes than anything else.

The only downside, even though I’m not paying for college classes out of pocket any more, is that it will take a while to build this lab. I’m going to have to piece it together a little at a time.

Real-Time Rogue Wireless Access Point Detection with the Raspberry Pi

So I mentioned this previously as a teaser, but I had an article posted in the Linux Journal. It was based off my independent study at Eastern Michigan University.

It was in the December issue of the Linux Journal. Now it’s posted on their website.

This is related to the talk I am submitting for conferences this year. It has already be accepted to one conference. The talk has a little more information built in to it. For example the experience I had in an environment with heavy wifi coverage compared to home and Eastern Michigan University. A slight design modification. I don’t know yet if I’m going to rebuild using Raspberry Pi B+ or the new Raspberry Pi 2 model B.

Raspberry Pi projects

Back in May and June, I did a project for school with 6 Raspberry Pis to build a WIDs. It went good. I wrote an article, I’m waiting to hear back if it’ll get published.

After the project, I had 6 Raspberry Pis kicking around. I have a project I want to work on, that could lead to another article. I just need to build my skills up to that first.

To get there, I wanted to build an Onion Pi. This will tie in to another project I’m working on. As some of you know I’m a fan of The Onion Router (TOR), especially when I’m doing Intelligence related research. The Onion Pi would be a good thing to have in the bag of tricks.

To get the Onion Pi working, I needed to go through the Adafruit Wifi Access Point. This is the second time I build an AP. This one is just a little different than last time. This time instead of an Edimax wireless card, I went with one of my TP Link TL-WN722Ns. I wanted the external antenna. I was using the 2014-09-09_wheezy_raspbian image.

Hostapd didn’t work right. It kept throwing errors on start about nl80211 not being a known driver. I had to build hostapd from source, which needed to have libssl-dev and libnl-1.1 installed, to get hostpad to build right. Then I needed to copy my built version into the right place.

I also had problems with isc-dhcp-server and tor starting. It looks like wlan0 isn’t starting properly. I’ll have to troubleshoot it more later. Adafruit has a comment about disabling wpa_supplicant. I don’t know if that will fix the problem though. I’ll follow up after.

Practical Anonymity by Peter Loshin

I got a copy of Practical Anonymity by Peter Loshin a while back via O’Reilly, had a sell on it. I finished it about two weeks ago. For what it sounded like it would be, I’m disappointed. I was expecting something more along the lines of “How to be Invisible”. For what it was, it was pretty good.

Continue reading

One more post on Open Source Tools and DF in court.

Email from the professor this morning (Emphasis added by professor):

We also had some discussion regarding tool acceptance in court.  I wanted to provide some additional detail on this.  Remember its the testimony of the witness that is being accepted.  *Disclaimer I am not an attorney* Rule 702 of the Federal Rules of Evidence (FRE) say the following:

Rule 702. A witness who is qualified as an expert by knowledge, skill, experience, training, or education may testify in the form of an opinion or otherwise if:

(a) the expert’s scientific, technical, or other specialized knowledge will help the trier of fact to understand the evidence or to determine a fact in issue;

(b) the testimony is based on sufficient facts or data;

(c) the testimony is the product of reliable principles and methods; and

(d) the expert has reliably applied the principles and methods to the facts of the case.

END RULE 702

While several FRE rules discuss acceptance of evidence (Rules 401-404) and testimony( Article VI  and Article VII) 702 explains much. …  Michigan’s Rules of Evidence follows the FRE closely.

a little less confused now.

So, I went and looked things up on my own, in regards to my last post about being a little confused on Digital Forensics and Open Source Tools. Like usual, Google is your friend.

The search term I used was: “digital forensics open source tools court approved”, without the quotes. Which returned this page: https://www.google.com/search?q=digital+forensics+open+source+tools+court+approved

I think the best line out of everything I read was:

Saying that one tool is court approved and another is not, is like saying you can take crime scene photos with a Nikon, but not a Kodak. It’s just silly, and it’s a myth perpetuated by those who seek to benefit from the existence of such a rumor.

The Digital Standard
That really does make sense. When you think about it, it is the person on the stand and their testimony that is being checked. Yes, methodology and procedure go with the testimony but why would one tool matter, as long as it gets the same results as the expert from the other side. Does it have to have all the fancy bells and whistles, or does it just have to get the job done?

One thing that has bothered me about the “No open source tools” argument is that DD for raw disk copies is acceptable. Most of the other tools doe the same work and then add compression or other bells and whistles, but really are based off it. So why is it O.K. to use some of the tools but not all.