What Change? - An Infosec Opinion

For quite some time, I was under the impression that infosec was notoriously fickle. In that, I mean that both defensive and offensive capabilities are constantly evolving. It wasn’t until recently that I started noticing that my logic was a bit flawed and I began questioning the industry. Is infosec the rapidly-evolving animal that we portray it as? Or, is the argument of rapid change just a fallacy? Before I continue, I must state that this is all entirely opinion driven and that I could 100% be wrong in every way. This is just how I’m starting to…

Read More

A Quest For Data and The Adventure It Took Me On

Those that know me know that I love messing with data. For some time now, I've operated several collection nodes for data ranging from pastebin scraping, Twitter "stuff", open systems on the net, and more. Over the past weekend, I decided that I wanted to collect data from Twitter via specified keywords. Having done this numerous times, it was decided that things needed to be done a bit differently. This time, I was going to actually see my data. I'll try to make this as quick as possible. The Problem Perhaps a big problem with someone like me;…

Read More

Security (RSS) Feeds

Part of my duties, aside from breaking things, is to ensure that my management and teams are informed with current security events and happenings. Generally, these are in a presentation form and are encouraged to be a discussion as well as briefing. Quite frequently, I am asked what RSS feeds I subscribe to. While my list is not amazing nor has thousands of entries, it seems to work quite well. The idea behind this list was to condense the amount of subscriptions so that I was getting almost as much coverage as the 'mega lists' out there for security without…

Read More

Assessing IOT pt. 1 - Preparing for the assessment

"How you climb a mountain is more important than reaching the top." -Yvon Chouinard Perhaps one of the largest issues in IoT isn't the fact that you can hack it, rather, the lack of a formal process for evaluating it and lack of how to begin assessing/evaluating IoT. In this post (part 1), we will take the perspective of a consultant hired to perform an assessment on an IoT device. What questions should I ask? Do I need to buy additional hardware or software? I hope to address these questions and many more via this post. Go…

Read More

Building an IoT Lab - Tools

After discussing some IoT security issues and my lab on IRC, I was asked if I had a blog post on setting up an IoT testing lab. The major question that I was asked in additional places is what tools (mainly hardware) I use to evaluate IoT devices. In this post, I'll highlight some of the hardware tools that I use to evaluate IoT. This post will be mostly high level and some assumptions will be made. Define your goal Before going buck wild and ordering every piece of equipment possible, take some time to actually define what is it…

Read More

Owntracks - Creeping on IoT with MQTT

It seems that IoT is everywhere these days. While many people love to see what things can be done with IoT, some see much of it as a privacy (maybe even safety) concern. I was recently contacted by a friend asking to do an evaluation of their IoT setup for their house and see if someone could easily spy on them or potentially even harm them. In this post, I'll show how IoT (to me) became horrifying. Before I begin, I was authorized to perform testing on my friend's connection. Always get consent before poking things you do not own.…

Read More

Adding DNSCrypt to Unbound

In my last post Setting Up a FreeBSD DNS Adblocker, I discussed how to setup an Unbound DNS server on FreeBSD to block ads. In this post, we'll take a look at adding DNSCrypt to resolve queries sent to our FreeBSD Unbound server in order to add an additional layer of protection for you and your users. DNSCrypt DNSCrypt, as defined by their website is: A protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered…

Read More

Setting Up a FreeBSD DNS Adblocker

I've come across a few sites that will instruct you with how to setup an adblock dns server on FreeBSD. Unfortunately, many of them are either out of date, over complicated, request referral clicks, or aren't whole. Now, I'm not saying that mine will be any better, but, here we go. The DNS service I help run use both Ubuntu with Bind9 and FreeBSD with Unbound. In this post, we will talk about setting up a FreeBSD-based DNS adblocker running Unbound. UPDATE: If you're interested in adding DNSCrypt to this server, I've added a post on setting up DNSCrypt with…

Read More

Join EFF!