Digital Shokunin

I recently started with a new company doing more of the role I was in at my previous job focused on J2EE applications, etc. However, I additionally ended up taking over management of Eucalyptus which is an AWS compatible cloud solution.

It’s been an exciting change of pace over configuring, troubleshooting, and restarting JVM’s. I’ve worked heavily with it and its underlying open source components that it utilizes like KVM, qemu, S3 (which this site is hosted on an S3 bucket), creating new images (using packer and some fancy script-fu I’ve got it fully automated), and customizing them. So far doing and upgrade and setting up a new availability zone have been tasks I’ve been carrying out in the short time since I’ve started working with it. If I ever run my own lab besides the ESXi based one being setup at my local hackerspace, I may use Eucalyptus.

I’m still recovering from Vegas even a week later. So I’m just going to link a bunch of things you should check out and mention a few cool things that happened or that I saw.

• PowerShell Empire - written in my two favorite scripting languages, may replace Meterpreter someday.
• Modern Honeypot Network - build your own cloud based network of honeypots that feed results back into a centralized server.
• HoneyDrive - an okay honeypot VM image (if you for some reason want to run your honeypot in VirtualBox or VMWare)

I also put together a DarkNet badge, walked until my knee gave out, attended a lot of events. DefCon itself was overcrowded, I stayed out of the talks and main halls and focused on SkyTalks, and the villages and competition areas. The DefCon biohacking village was to me the most interesting new thing this year.

Quick summary of a few cons I went to. I went to ISSA conference in Charlotte earlier with FALE, but more recently I went to BSides Asheville as a volunteer. I also participated in their CTF with some Cha-Ha members, and we came very close to winning, but placed second. Some friends and I camped out isntead of staying in a hotel, listened to bluegrass in a mountain bar and saw some talks, etc.

My talk from CarolinaCon is up.

This is not a professional talk, by any means, it was a humorous one, at a hacker con, meant to be somewhat entertaining, delivered late at night. Some of the sites displayed contain profanity, etc. I use some profanity in the talk as well. People liked it, one person told me it was their favorite talk which shocked me. The slides are here.

I will be attending CarolinaCon again this year with FALE since we are run the LockPick Village. The big difference this year will be I am giving a talk as well. This will be my first talk at a conference of any kind.

Unless something changes I’m scheduled Friday night(Mar 20th) at 10pm. Giving a talk at all was almost unexpected and only came about because they had extended the call for papers by a few days when not enough talks were received. I and several of the FALE members rallied for more speakers online and submitted our own talks. Mine was completely off the wall and related to a treasure trove of terrible but funny defacement pages I’d discovered. I hope to give an account of defacement pages, a short history of them, and deconstruct them with humorous results. I was surprised when it was actually excepted, especially since a lot of talks were submitted and some rejected.

I’ve completely messed up my Docker install on the server I was using it on so take my post with a grain of salt. I’ve been messing with Docker for over a year and found it advantageous for a lot of situations. The main thing a Docker container or LXC containers provide me in general, is a sandbox within which to experiment that doesn’t require running a full virtual machine, an extra server, or modifying the native OS settings to try out various applications, packages, or have a self contained environment for using certain software so I can keep it isolated from my base or default environment. One obvious application is doing development.

Someone recently asked for a free pentest in a private security related group for a site they had been working on for a while before it went live. Some of us guys at FALE obliged. Since it was a free pentest, I am taking the liberty to post about it. It was actually my first shell and first box I’ve popped that wasn’t mine. So it was a learning opportunity for me with some subtle direction by those more experienced.

I managed to make it to Vegas in a rather unexpected way, what originally was a planned beach trip ended up not working out, and I ended up being able to join FALE at BSides LV and DefCon 22.

I was working in the mornings, but most of my free time at BSides LV was spent at our lockpick village where we were joined by someone making hand made lockpicks as you can see above. I didn’t get to attend any talks, but the talks were found online shortly after, my favorite one being the Hack the Gibson talk which focused on IBM mainframes. Very educational considering I work with mainframes and do some operations on them at work. Jon McAfee, yes, that McAfee also made an appearance, which was interesting to say the least. He talked a little about his version of events regarding his recent troubles in Belize. Including alleged hired assassins out to get him, his personal spy ring, and people popping out from behind trees they’re hiding behind, and snapping pictures, etc. Later, he shifted into some Snowden-esque persona rallying for personal privacy online, and plugged his new product that spys on spyware, not sure how you protect yourself from spyware by installing his “trusted” spyware, but that was the sales pitch from my view. Also, there was the tower of vendor distributed condoms, collectively named “Bonerhenge”, built by some people who apparently didn’t have a better use for them in Vegas, thus had some time on their hands.

Oscar scanner is a project I mentioned in an earlier post. I wanted to follow up on that with my progress. It’s basically working now, more or less, after some hiccups trying to run it on Arch, and lack of time or motivation, ordering wifi adapters, etc. I have a video up demonstrating it’s use.

I have a short video of my the Adafruit UPC scanner in its 3D printed case being used here:

I don’t know if its because I’m now settled into the dad life or what, but I’ve been taking on more personal projects lately, working on them until I loose interest or find something else. Of course, leaving them in various states of completion, some times returning later. Sometimes its just lack of motivation, sometimes I hit a wall, a few cases are delays since continuing requires hardware or something that costs money. Sometimes its just lack of time. A big part of it is the problems I’m working on don’t hold my interest or seem of little point. I seem to be working on tutorials or guides, or very little that isn’t already well tread. I want to learn new skills, but I also want to solve real problems, or tangible improvments to something. I’d love to get involved in some real projects (but I can’t commit due to time), not run through a tutorial that gives me an example program to write that no one would actually use. That said, here is what I have in the hopper that I’ve slowly been trudging through.