Blog Posts

DIY USB Killer

In November I saw this youtube video on turning a USB Air Purifier into  a  $75 USB Killer:

My soldering skills are basically nonexistent so while I had some time off around the holidays I decided this would be a decent project to help improve them.

So in early December I ordered 3 of these from Amazon:
USB ionic Oxygen Bar Freshener Air Purifier ionizer For Laptop Black+White

These from GearBest would also work:
Rotating USB Style Air Cleaner – WHITE AND BLACK

A week or two after I ordered them this ChinaPost envelope showed up in my mailbox:  

I got my soldering station set up and was ready to go to work:
After snapping off the case the first thing your have to do is desolder the pigtail:


The next step is to solder a wire  to the resistor towards the bottom of the board:

You then solder the other end of wire to the data lead on the USB connector:

(Tip: You should probably use more than 24 awg wire.)

You now have a USB Killer to *not do* evil things with:

Disclaimer:  Dont be a JERK. This will fry motherboards.  Dont plug it into anything you are not ready to replace. 

Continue Reading

Digital Ocean Slack Bot

I had a coach whose favorite quote was “Pain is the best teacher.”  and that was the first thing that popped into my head this morning when I realized that I had left an $80 a month  Digital Ocean Droplet  running for an extra 3 weeks after I got done using it.   To be honest $60 isn’t *that* painful but  it did prod me to write a slackbot that will post all my running droplets to slack once a day:

 

Here is how I set it up:

  • Copy this line to your crontab to post a list of running droplets at 0800 everyday:
    00 08 * * * /path/to/dobot.sh
  • Enjoy not wasting money on abandoned cloud servers.

Continue Reading

Making It Snow (In Your Terminal)

I am a huge fan of snow and hacky one line linux commands.   Thanks to some amazing people on twitter and a little too much free time at the end of the year they have both combined to bring snow to your terminal window just in time for your winter based holiday.

This command works on OSX out of the box:
for((I=0;J=--I;))do clear;for((D=LINES;S=++J**3%COLUMNS,--D;))do printf %*s.\\n $S;done;sleep .1;done

This command is a little longer and requires PV (sudo apt-get install pv) but looks amazing on Ubuntu:
yes $COLUMNS $LINES|pv -qL50|perl -ne'$|=1;($c,$r)=split;$s||=$"x($c*$r);print$s;$s=$"x$c.$s;substr$s,rand$c,1,"*";$s=substr$s,0,$c*$r+$c;' 

Continue Reading

8 Security Predictions for 2017

 

What will 2017 hold for the security industry?    I sat down and looked into my crystal ball and came up with these 8 security predictions for 2017. 

A Fortune 500 Will Use “DDOS as a Service” To Attack A Competitor.
A bored VP of Marketing with a paypal account, a six pack and a nephew who can get him on the “undernet” is the cyber warrior of the future.

Internet of Thing (IoT) will continue to be used as an attack platform.
Who would have thought that un-patched, un-maintained linux operating systems exposed to the internet would be used to do evil?

Hacking As A Service Will Take Off.
Want into your bosses/spouses/political opponents email account? A hacking group will sell you access for $500.

Hackers Discover & Exploit Automation Platforms.
Hackers finally realize they only have to own the automation platform (Chef, Puppet and SaltStack) of most companies to own the whole company.

Red-Teaming Will Still Be easy.
…and there will be 437 conference talks about how awesome it is.

A Killer Android Bug Will Be Found.
A remotely exploitable android bug that allows for remote camera, microphone and speaker access will be found and will be un-patchable on 75% of phones. Causing Google to take control of the OS and push patches to all phones.

Hackers Will Interrupt A Major Sporting Event.
Just think what would happen if the Russians, Chinese or a 400-pound hacker sitting on his bed decided to take Fox offline during the opening kickoff.

Security Will Still Be Hard.
…and no one as invented the magic box you can plug into your network and make it easy.

Remember though… you can change the future of security in 2017 by working hard and doing something that makes a difference.  Get involved in the EFF,  write some amazing open source software,  volunteer to mentor someone interested in security.

Continue Reading

KaliZero: A piZero USB Gadget Running Kali

I have been playing with my stack of pizero a bunch lately and tonight I decided to put together a piZero OTG Ethernet gadget that runs Kali (Really KaToolin),  XRDP and Mate in a computer on a stick configuration.  This way I have a full (as I want it to be) Kali installation with me as long as I have access to a USB port.

 

Here are the steps to build your own:

Install your pizero as an ethernet gadget.

Share your internet connection with your piZero:

You can now login into your PiZero at:
pi@raspberrypi.local

Copy and Run this shell script:

Reboot:
sudo reboot

Configure RDP and access your KaliZero:

Use KaToolin to install the tools you want:
sudo katoolin

**Be Warned:  The piZero is slow.  It is usable for basic tasks but is not amazing.

Continue Reading

Site Footer