Tuesday, May 30, 2017

Raspberry Pi SSH configuration

tcpwrappers worked for me.


Todo: http://jjjjango.blogspot.com/2015/01/secure-your-raspberry-pi.html


https://www.raspberrypi.org/forums/viewtopic.php?f=36&t=138899 - Disabling ipv6. Last entry worked:

Add ipv6.disable=1 to cmdline.txt

cat /etc/modprobe.d/ipv6.conf
# Don't load ipv6 by default
alias net-pf-10 off
# uncommented
alias ipv6 off
# added
options ipv6 disable_ipv6=1
# this is needed for not loading ipv6 driver
blacklist ipv6

 
Posted by at No comments:

Monday, May 29, 2017

Another slow-day work break

May has been quite busy. First there were two night-shift weeks in Sioux City, SD (a town truly in the middle of nowhere, but with an exquisite Music Museum an hour away and a nice indoor gun range), then a long week of reporting and beautifying a Powerpoint presentation, then a week in an airport terminal. This adds up to a month where my focus has been entirely on what is rapidly becoming a career rather than just a job (or already was, I just didn't realize), leaving no brain power for home network or really any of the other ideas.

I really need to tack a long-term tasklist up on the wall.

The discussion on /r/netsec on the AppSec EU 2017 videos posted to YouTube led me to this: https://www.reddit.com/r/netsec/comments/6aqj0k/exploiting_the_unexploitable_with_lesser_known/, which is quite enjoyable, especially the logically-explained surprise on the AppCache Fallback attack.
Posted by at No comments:

Tuesday, May 09, 2017

Work Break

Truly, Facebook's character has never changed. I'd still get flayed alive for posting this comic there:

http://www.smbc-comics.com/comic/2011-08-06
Posted by at No comments:

Monday, May 08, 2017

Pentest in Sioux City

Interesting place. The Musical Instruments Museum in Vermillion, SD is a must-see. The gun range was great too - accidentally asked for a 9mm instead of a .22. The bullets for the former are rather more expensive, but I'm getting better at not flinching from the noise and the recoil.

This post is really about noting that while I've been focusing on networking the last few months my pentest skills have really withered. The last full pentest, from start to finish, was in September, and I'd forgotten what it really meant to use ingenuity, a bit of scripting, and a lot of research to exploit vulnerabilities in which I don't fully grok what is going on (thanks btw to Robert Heinlein for the word). It's not just Nmap - Nessus - Exploitation, there's a lot more to do. I also realized that the lack of tools for parsing Nessus files are really hurting me. Once nmap has run, I need to be able to see what's on the network as fast as possible. Parsing out all the ports open by IP/port is not cutting it; things need to be much more visual.

Above all however, it's time to really sit down and perform the exercises in self-flagellation and frustration that are pentest VMs, for only by doing those can I become better, faster, and ultimately happier at my job. The issues with the Thinkpad laptop have been resolved, so it's time to install VMWare workstation on it and get to hacking. But first I gotta do some reports.


Posted by at No comments:
Subscribe to: Posts (Atom)