Blog Posts

Easily Check Certificate Transparency Log

Certificate transparency logs are an amazing way to get a good overview of your certificate landscape, detect fraud (bad guys also use TLS) and find shadow IT and unknown cloud services. The problem is that there are not many good places to search these logs.  The best I have found is from Symantec, although it is slow and errors out often but it works for what I need.

The best way to get the data from this service I found is with this simple bash script I put together that runs a curl command and downloads a .csv.

Running is is as simple as:
./ctlog.sh yourorgsname

The output should look like this:
(If it is blank the service likely timed out and you will need to rerun it.)

Unless you are really on top of your game you are likely to find a valid certificate you didn’t know about.

Continue Reading

Early Lessons Learned in Car hacking

Ever since Charlie Miller hacked a Jeep while it was driving on the interstate I have wanted to learn more about Car Hacking but really had not had a chance to get started with it until a month ago when I ordered a Carloop and was ready to get hacking:

… or so I thought.  Turns out car hacking is hard… like, really-really hard. While I have not “hacked” anything yet I have learned some early lessons:

Once you get the basic setup down you will spend a lot of time in your driveway and garage doing this:

“Car Hacking” is fairly new and you will likely not find a lot of information about your car online and will have to decode (and hopefully share) a lot of the information you find.  Reddit and Twitter have some fairly active discussion groups.

Car Hacking so far has been an amazingly fun project and there are amazing new tools coming out all the time.  I just backed Macchina on KickStarter this week and would like to pick up a canb.us.  I am sure my car hacking tool kit will continue to grow.

I will be blogging more about my adventures into car hacking over the next couple of months as I learn more and have more to share.

Continue Reading

Getting The Most Out Of RSA

The RSA conference starts next week and lets be honest it is becoming known as a stuffy management conference with very little useful technical information but if you know where to look you can take some deep dives.  I have put together a quick guide of some amazing talks and events I am looking forward to.

Talks:

BSidesSF –  Coming into town a few days early just to attend this conference.  There is so much good stuff on the schedule but I do not want to miss the Advanced Internet dataset combinations for #ThreatHunting & Attack Prediction talk.

Google Cloud Talks –  If you have cloud “stuff” in your company you need to swing by and catching some of these talks.  I am really looking forward to the Container Security Panel and while not technical Humanising DDoS: the technical and emotional impact of large-scale attacks on an organisation looks ridiculously intriguing.

IOActive –  IOActive always does an amazing job with their IOASIS and talks.  I am really looking forward to the Implementing Inexpensive Honeytrap Techniques  and the Hardcore Cloud Forensics talks.

DevOOPS: Attacks and Defenses for DevOps Toolchains –  This talk by Ken and Chris is the one RSA talk I will not miss.

Events:

I ♥ Cisco Umbrella Soirée – My friends at OpenDNS always do an amazing job with their RSA party and I cant wait to see what they do on Valentines day with 20,000 geeks stuck in San Francisco. 

Forescout – One, two, three and to the Snoop Doggy Dogg is at the door Ready to make an entrance so back on up.   Snoop provided the soundtrack to my 7th grade basketball team and I am really looking forward to seeing him in person.

Tenable -Tenable is having an 80’s party on Sunday and to quote Jay-Z:
Wanna bring the 80’s back?
That’s okay with me, that’s where they made me at.

BJJ Smackdown – For $50 you can be punched in the face by Jeremiah Grossman and maybe pickup some BJJ skills.

Rsaparties.io – Has a list of about 500 more parties you can attend.

If I am missing something I should be at or if you want to say hi next week you can catch me on twitter at @jgamblin.

Continue Reading

Insta360 Nano

I was lucky enough to get a hold of an Insta360 Nano this week and it is some of the most amazing technology I have seen recently.  It allows for truly instant 360 photos, videos and timelapse captures.  As one of the people I was showing it to this week said it is the “selfiestick of 2017”.

Here are some examples of some of  the stuff I captured this week.

Photo:

Time Lapse:

I am really looking forward to taking it to the RSA conference and London next month.

Continue Reading

A Threat Intelligence Thought Exercise

I was at dinner on Tuesday with 6 security professionals and I proposed this hypothetical situation and I thought it was worth writing up and sharing.

Background:

  • Six identical safes with $1,000,000 inside are being built into the side of a public building and are being randomly assigned to everyone at the dinner.
  • At the end of 90 days any money left in your safe is yours.
  • You will be given a live video feed of your safe.
  • There is an advanced and persistent team of safe crackers trying to crack all six safes.
  • You are loaned $100,000 to spend on security for your safe that must be repaid when  the project is over.
  • Everyone at the dinner is your friend.

Threat Intelligence Questions:

  • While doing video monitoring you notice that you see activity that you think is coming from the safecrackers every Monday night from 2100 to 2200.
    • Do you tell the other safe owners?
  • While looking at your safe you try the passcode 8675309 because the song is stuck in your head and find it is an unknown one time backdoor.
    • Do you tell the other  safe owners?
  • You are approached by 2 other safe owners who would like to form an alliance with where you will share all information you have on threats and at the end of the 90 days you split any remaining money evenly.
    • Do you join the alliance?
  • Does sharing what you know with the other safe owners make you more or less secure? 
  • Does joining the alliance  make you more or less secure? 
  • If 4 people are in the  alliance does that make you more or less secure? 

Bonus Traditional Security Questions:

  • A physical security firm will place an unarmed but well meaning guard in front of your safe from 0700 to 1900 every day for the 90 days. The cost is $40,000.
  • A monitoring firm will monitor the video feed of your safe for the 90 days and send you a text message if something looks wrong. The cost is $40,000.
  • A famous ex-hacker will spend two weeks trying to break into your safe and another week writing a report you will only kind of read. The cost is $60,000.
  • A company has a team of 100 less skilled but trust worthy safecrackers who they can have try to break into your safe. They will run the program for you, pay a reward to anyone who successfully cracks your safe and tell you exactly how the did it. The cost is $60,000.
    • How do you spend your money?
  • On day 30 you are told only one safe has been successfully broken into.   You have not spent any of your money.
    • Do you buy anything now? 
  • On day 60 you are told only one safe has been successfully broken into.   You have not spent any of your money.
    • Do you buy anything now? 

I think there are a bunch more questions I could ask but I think this is a great thought exercise to think through and discuss.

If you have any thoughts you can share them with me on twitter @jgamblin. I just do not have the patience to moderate blog comments.

Here is a picture of a safe so my links look better when I share this:

Continue Reading

Site Footer