Category: Hacking

Certificate transparency logs are an amazing way to get a good overview of your certificate landscape, detect fraud (bad guys also use TLS) and find shadow IT and unknown cloud services. The problem is that there are not many good places to search these logs.  The best I have found is from Symantec, although it is slow and errors out often but it works for what I need.
The best way to get the data from this service I found is with this simple bash script I put together that runs a curl command and downloads a .csv.
Running is is as simple as:
./ctlog.sh yourorgsname
https://gist.github.com/jgamblin/8b34ba91825a8c2859720033bfe81da8
The output should look like this:
(If it is blank the service likely timed out and you will need to rerun it.)
Unless you are really on top of your game you are likely to find a valid certificate you didn’t know about.

Ever since Charlie Miller hacked a Jeep while it was driving on the interstate I have wanted to learn more about Car Hacking but really had not had a chance to get started with it until a month ago when I ordered a Carloop and was ready to get hacking:

… or so I thought.  Turns out car hacking is hard… like, really-really hard. While I have not “hacked” anything yet I have learned some early lessons:

• The Carloop.io is an amazing tool but the Carloop Pro for $150 is overkill to get started and the Carloop Basic for $55 is all you need (and all the test code is built for it).
• Get a copy of “The Car Hackers Handbook” (You can download it for free here)
• You will need an ODBII Extension Cable.
• You will want to setup a Ubuntu VM with the following tools to start:
  • Can-Utils
  • Kayak 
  • SocketCand
  • CaringCaribou

Once you get the basic setup down you will spend a lot of time in your driveway and garage doing this:

“Car Hacking” is fairly new and you will likely not find a lot of information about your car online and will have to decode (and hopefully share) a lot of the information you find.  Reddit and Twitter have some fairly active discussion groups.
Car Hacking so far has been an amazingly fun project and there are amazing new tools coming out all the time.  I just backed Macchina on KickStarter this week and would like to pick up a canb.us.  I am sure my car hacking tool kit will continue to grow.
I will be blogging more about my adventures into car hacking over the next couple of months as I learn more and have more to share.

I was lucky enough to get a hold of an Insta360 Nano this week and it is some of the most amazing technology I have seen recently.  It allows for truly instant 360 photos, videos and timelapse captures.  As one of the people I was showing it to this week said it is the “selfiestick of 2017”.
Here are some examples of some of  the stuff I captured this week.
Photo:

Time Lapse:

I am really looking forward to taking it to the RSA conference and London next month.

I am a huge fan of snow and hacky one line linux commands.   Thanks to some amazing people on twitter and a little too much free time at the end of the year they have both combined to bring snow to your terminal window just in time for your winter based holiday.
This command works on OSX out of the box:
for((I=0;J=--I;))do clear;for((D=LINES;S=++J**3%COLUMNS,--D;))do printf %*s.\\n $S;done;sleep .1;done

This command is a little longer and requires PV (sudo apt-get install pv) but looks amazing on Ubuntu:
yes $COLUMNS $LINES|pv -qL50|perl -ne'$|=1;($c,$r)=split;$s||=$"x($c*$r);print$s;$s=$"x$c.$s;substr$s,rand$c,1,"*";$s=substr$s,0,$c*$r+$c;'