I was lucky enough to get a hold of an Insta360 Nano this week and it is some of the most amazing technology I have seen recently. It allows for truly instant 360 photos, videos and timelapse captures. As one of the people I was showing it to this week said it is the “selfiestick of 2017”.
Here are some examples of some of the stuff I captured this week.
Photo:
Time Lapse:
I am really looking forward to taking it to the RSA conference and London next month.
Blog Posts
I was at dinner on Tuesday with 6 security professionals and I proposed this hypothetical situation and I thought it was worth writing up and sharing.
Background:
- Six identical safes with $1,000,000 inside are being built into the side of a public building and are being randomly assigned to everyone at the dinner.
- At the end of 90 days any money left in your safe is yours.
- You will be given a live video feed of your safe.
- There is an advanced and persistent team of safe crackers trying to crack all six safes.
- You are loaned $100,000 to spend on security for your safe that must be repaid when the project is over.
- Everyone at the dinner is your friend.
Threat Intelligence Questions:
- While doing video monitoring you notice that you see activity that you think is coming from the safecrackers every Monday night from 2100 to 2200.
- Do you tell the other safe owners?
- While looking at your safe you try the passcode 8675309 because the song is stuck in your head and find it is an unknown one time backdoor.
- Do you tell the other safe owners?
- You are approached by 2 other safe owners who would like to form an alliance with where you will share all information you have on threats and at the end of the 90 days you split any remaining money evenly.
- Do you join the alliance?
- Does sharing what you know with the other safe owners make you more or less secure?
- Does joining the alliance make you more or less secure?
- If 4 people are in the alliance does that make you more or less secure?
Bonus Traditional Security Questions:
- A physical security firm will place an unarmed but well meaning guard in front of your safe from 0700 to 1900 every day for the 90 days. The cost is $40,000.
- A monitoring firm will monitor the video feed of your safe for the 90 days and send you a text message if something looks wrong. The cost is $40,000.
- A famous ex-hacker will spend two weeks trying to break into your safe and another week writing a report you will only kind of read. The cost is $60,000.
- A company has a team of 100 less skilled but trust worthy safecrackers who they can have try to break into your safe. They will run the program for you, pay a reward to anyone who successfully cracks your safe and tell you exactly how the did it. The cost is $60,000.
- How do you spend your money?
- On day 30 you are told only one safe has been successfully broken into. You have not spent any of your money.
- Do you buy anything now?
- On day 60 you are told only one safe has been successfully broken into. You have not spent any of your money.
- Do you buy anything now?
I think there are a bunch more questions I could ask but I think this is a great thought exercise to think through and discuss.
If you have any thoughts you can share them with me on twitter @jgamblin. I just do not have the patience to moderate blog comments.
Here is a picture of a safe so my links look better when I share this:
Scanning a host with Nmap is a fairly routine act for some in security to do but you from time to time you want to either get a different view of a host or try to conceal your public IP. In this case I use this simple “trick” to run an nmap scan through TOR.
To do so you need to make sure you have nmap, tor and proxychains installed on your machine.
The simplest way to install these tools on ubuntu is with this command:
sudo apt-get update -y && sudo apt-get dist-upgrade -y && sudo apt-get install tor nmap proxychains -y
Once that is complete proxychains nmap +options +target will run your nmap scan through the TOR network via proxychains. In this example I ran proxychains nmap --top-ports 10 -sT -PN -n -sV 50.87.249.69 against my blog:
A couple of protips:
- This method is slow. You will want to know the hosts and the ports (
-top-ports 10) you want to scan and scope limit as much as possible. - This *isnt* 100% anonymous. While using proxychains and tor will give you a basic level of anonymity its not irreversible.
- Wear mittens when it is cold outside.
Yesterday US-Cert released information on GRIZZLY STEPPE the malware used in the DNC hack. The IP and hash information provided by the US-Cert was really lacking so I decided to dig through it and see if I could make more of it.
The first thing I did was to run the IPs through an ipinfo2sheets spreadsheet I put together earlier this year and got way better data:
Once I got more data for the IPs I noticed that it looked like there were a lot of TOR exit nodes on the list. So I cross referenced the IP addresses from the US-Cert against the TOR exit node list and 21% (191 of 876) of them were TOR exit nodes:
From there I decided to map the IPs on a google map to see where they were all located:
Next I looked at the hashes and this morning VirusTotal says that only 28% of AV detects the Grizzly Steppe files:
I put a copy of this spreadsheet here.
Overall after spending a few hours looking at the Grizzly Steppe data it is disjointed, ambiguous and really doesn’t provide any actionable data for most companies.
In November I saw this youtube video on turning a USB Air Purifier into a $75 USB Killer:
My soldering skills are basically nonexistent so while I had some time off around the holidays I decided this would be a decent project to help improve them.
So in early December I ordered 3 of these from Amazon:
USB ionic Oxygen Bar Freshener Air Purifier ionizer For Laptop Black+White
These from GearBest would also work:
Rotating USB Style Air Cleaner – WHITE AND BLACK
A week or two after I ordered them this ChinaPost envelope showed up in my mailbox: 
I got my soldering station set up and was ready to go to work:
After snapping off the case the first thing your have to do is desolder the pigtail:
The next step is to solder a wire to the resistor towards the bottom of the board:
You then solder the other end of wire to the data lead on the USB connector:
(Tip: You should probably use more than 24 awg wire.)
You now have a USB Killer to *not do* evil things with:
Disclaimer: Dont be a JERK. This will fry motherboards. Dont plug it into anything you are not ready to replace.
I had a coach whose favorite quote was “Pain is the best teacher.” and that was the first thing that popped into my head this morning when I realized that I had left an $80 a month Digital Ocean Droplet running for an extra 3 weeks after I got done using it. To be honest $60 isn’t *that* painful but it did prod me to write a slackbot that will post all my running droplets to slack once a day:
Here is how I set it up:
- Create a SlackBot and copy API Key.
- Create a *read only* Digital Ocean API Key.
- Copy this shell script to a Digital Ocean droplet:
https://gist.github.com/jgamblin/83f7eb018d7953497e30802ed23e2041
- Copy this line to your crontab to post a list of running droplets at 0800 everyday:
00 08 * * * /path/to/dobot.sh - Enjoy not wasting money on abandoned cloud servers.
I am a huge fan of snow and hacky one line linux commands. Thanks to some amazing people on twitter and a little too much free time at the end of the year they have both combined to bring snow to your terminal window just in time for your winter based holiday.
This command works on OSX out of the box:
for((I=0;J=--I;))do clear;for((D=LINES;S=++J**3%COLUMNS,--D;))do printf %*s.\\n $S;done;sleep .1;done
This command is a little longer and requires PV (sudo apt-get install pv) but looks amazing on Ubuntu:
yes $COLUMNS $LINES|pv -qL50|perl -ne'$|=1;($c,$r)=split;$s||=$"x($c*$r);print$s;$s=$"x$c.$s;substr$s,rand$c,1,"*";$s=substr$s,0,$c*$r+$c;'
What will 2017 hold for the security industry? I sat down and looked into my crystal ball and came up with these 8 security predictions for 2017.
A Fortune 500 Will Use “DDOS as a Service” To Attack A Competitor.
A bored VP of Marketing with a paypal account, a six pack and a nephew who can get him on the “undernet” is the cyber warrior of the future.
Internet of Thing (IoT) will continue to be used as an attack platform.
Who would have thought that un-patched, un-maintained linux operating systems exposed to the internet would be used to do evil?
Hacking As A Service Will Take Off.
Want into your bosses/spouses/political opponents email account? A hacking group will sell you access for $500.
Hackers Discover & Exploit Automation Platforms.
Hackers finally realize they only have to own the automation platform (Chef, Puppet and SaltStack) of most companies to own the whole company.
Red-Teaming Will Still Be easy.
…and there will be 437 conference talks about how awesome it is.
A Killer Android Bug Will Be Found.
A remotely exploitable android bug that allows for remote camera, microphone and speaker access will be found and will be un-patchable on 75% of phones. Causing Google to take control of the OS and push patches to all phones.
Hackers Will Interrupt A Major Sporting Event.
Just think what would happen if the Russians, Chinese or a 400-pound hacker sitting on his bed decided to take Fox offline during the opening kickoff.
Security Will Still Be Hard.
…and no one as invented the magic box you can plug into your network and make it easy.
Remember though… you can change the future of security in 2017 by working hard and doing something that makes a difference. Get involved in the EFF, write some amazing open source software, volunteer to mentor someone interested in security.
I have been playing with my stack of pizero a bunch lately and tonight I decided to put together a piZero OTG Ethernet gadget that runs Kali (Really KaToolin), XRDP and Mate in a computer on a stick configuration. This way I have a full (as I want it to be) Kali installation with me as long as I have access to a USB port.
Here are the steps to build your own:
Install your pizero as an ethernet gadget.
Share your internet connection with your piZero:
You can now login into your PiZero at:
[email protected]
Copy and Run this shell script:
https://gist.github.com/jgamblin/d929d98acca84140684f1d06bfaf6336
Reboot:
sudo reboot
Configure RDP and access your KaliZero:
Use KaToolin to install the tools you want:
sudo katoolin
**Be Warned: The piZero is slow. It is usable for basic tasks but is not amazing.
I have been playing with my stack of piZero’s recently and started to read about the kernel OTG gadgets and was intrigued by the OTG_HID gadget. So after doing some reading I found that someone had ported the USB Rubber Ducky platform to the piZero and called it rspiducky.
Building it is fairly straight forward but if you if you want a ready made solution I put a precompiled copy of the .img file here.
Once you get the image to your SD card (sudo dd if=duckberrypi_zero_minibian_05.img of=/dev/disk*/ bs=4m) you then start putting your payload into (surprise) payload.dd.
It is amazingly easy to drop a NetCat backdoor using this method. You just need a publically available server you can run nc -l -p 443 -vvv on.
Here is a non-persistent example:
https://gist.github.com/jgamblin/348254c8d3e9b94f9214e9ad5473a44e
Here is a persistent example via a cron job:
https://gist.github.com/jgamblin/158ea8a5c2459e74541f89ca728e66a0
Here is the script running:
Here is what the NC backdoor looks like:
Bonus Scripts:
Type the longest word in the world 100,000 times:
https://gist.github.com/jgamblin/c18c5818c6055cb9bb7394787cf8f9a5
Hide all windows 100,000 times:
https://gist.github.com/jgamblin/f2762d9da59c07a273a2028379052cc2
Hello World test script:
https://gist.github.com/jgamblin/0c2ca413b90e72c1e3fa1f9f53dc6fc6
As always have fun and only do good with these tools.