Cutter - A GUI for radare2

 Posted on February 16, 2018  |  2 minutes  |  216 words  |  David Mitchell

I’ve recently been using radare2 for a bit of reverse engineering and have used it a little bit in the past for CTF competions. (Side note: scaleway.com is a great cloud/VPS service if you need an ARM based server/machine for a something like a CTF to analyze ARM binaries and do not have a Raspberry Pi, ODroid or similar ARM based computer handy.) I discovered Cutter recently, which has some instructions to compile it using cmake (also qmake but I had and used cmake). [Read More]
hacking  infosec  reverse engineering 

CarolinaCon 12

 Posted on March 7, 2016  |  2 minutes  |  398 words  |  David Mitchell

I gave another talk for this year’s CarolinaCon 12 called “Never Go Full Spectrum Cyber”. For this talk I focused on mistakes “hackers” and even some InfoSec professionals have made and then a short summary at the end of OpSec lessons that could have prevented the mistakes covered earlier in the talk. The talk slides are here. [UPDATE: The talk video is here.] I referenced OpSec work and talks done by the grugq. [Read More]
hacking  security  infosec  opsec 

DefCon 23 and BSides LV

 Posted on August 15, 2015  |  1 minutes  |  145 words  |  David Mitchell

I’m still recovering from Vegas even a week later. So I’m just going to link a bunch of things you should check out and mention a few cool things that happened or that I saw. PowerShell Empire - written in my two favorite scripting languages, may replace Meterpreter someday. Modern Honeypot Network - build your own cloud based network of honeypots that feed results back into a centralized server. HoneyDrive - an okay honeypot VM image (if you for some reason want to run your honeypot in VirtualBox or VMWare) I also put together a DarkNet badge, walked until my knee gave out, attended a lot of events. [Read More]
hacking  security  infosec 

BSides Asheville 2015

 Posted on June 30, 2015  |  1 minutes  |  149 words  |  David Mitchell

Quick summary of a few cons I went to. I went to ISSA conference in Charlotte earlier with FALE, but more recently I went to BSides Asheville as a volunteer. I also participated in their CTF with some Cha-Ha members, and we came very close to winning, but placed second. Some friends and I camped out isntead of staying in a hotel, listened to bluegrass in a mountain bar and saw some talks, etc. [Read More]
hacking  security  infosec 

Defacement Page Design talk

 Posted on March 27, 2015  |  1 minutes  |  69 words  |  David Mitchell

My talk from CarolinaCon is up.

This is not a professional talk, by any means, it was a humorous one, at a hacker con, meant to be somewhat entertaining, delivered late at night. Some of the sites displayed contain profanity, etc. I use some profanity in the talk as well. People liked it, one person told me it was their favorite talk which shocked me. The slides are here.

hacking  funny 

Talk at CarolinaCon

 Posted on February 2, 2015  |  2 minutes  |  236 words  |  David Mitchell

I will be attending CarolinaCon again this year with FALE since we are run the LockPick Village. The big difference this year will be I am giving a talk as well. This will be my first talk at a conference of any kind. Unless something changes I’m scheduled Friday night(Mar 20th) at 10pm. Giving a talk at all was almost unexpected and only came about because they had extended the call for papers by a few days when not enough talks were received. [Read More]
hacking  security  infosec 

Website input command injection

 Posted on October 2, 2014  |  2 minutes  |  308 words  |  David Mitchell

Someone recently asked for a free pentest in a private security related group for a site they had been working on for a while before it went live. Some of us guys at FALE obliged. Since it was a free pentest, I am taking the liberty to post about it. It was actually my first shell and first box I’ve popped that wasn’t mine. So it was a learning opportunity for me with some subtle direction by those more experienced. [Read More]
hacking  security 

DefCon 22 and BSides LV recap

 Posted on September 2, 2014  |  5 minutes  |  890 words  |  David Mitchell

I managed to make it to Vegas in a rather unexpected way, what originally was a planned beach trip ended up not working out, and I ended up being able to join FALE at BSides LV and DefCon 22. I was working in the mornings, but most of my free time at BSides LV was spent at our lockpick village where we were joined by someone making hand made lockpicks as you can see above. [Read More]
hacking  security 

CarolinaCon 9

 Posted on March 17, 2013  |  2 minutes  |  352 words  |  David Mitchell

CarolinaCon 9 was this weekend in Raleigh, NC which I attended Saturday. I was also there as a representative of FALE to help host their lock pick village. There were several talks given by some of the FALE members, one titled “Terminal Cornucopia” by treefort was on how ineffective TSA security theater is at preventing weapons from making it onto an airplane. There was a demonstration of a club called “Murica” made with items purchased in the terminal behind TSA security checkpoints consisting of a copy of the Declaration of Independence, with a pointy metal souvenir model of the Washington monument protruding from it. [Read More]
security  hacking  lockpicking 

CarolinaCon 2017

 Posted on January 1, 0001  |  1 minutes  |  120 words  |  David Mitchell

Iworked another year as staff for CarolinaCon 2017. This year I helped run the hardware hacking village with my friends and fellow members of FALE which was mostly if not completely used to assemble badges for the conference which where Atmel based hardware badges that communicated wirelessly with RF modules on the ~900+Mhz frequency range. The badges were designed by my friend melvin2001 whom I miss badly now that he’s moved across country. [Read More]
hacking  infosec  arduino