Current Status
With the revival of this blog, I am currently in the process of fleshing out my first real post. This post will be targeted at automation of a baseline testing deploy. This will include tooling, configurations, and various other setups that I utilize when prepping for an engagement. Additionally, I will be creating a section to track the tools that I am adding to my list of To Be ReviewedTM. This will be used to track new tooling that is released (and most likely require time-to-time revisiting to remove clutter or do some sort of write-up. Look for that page to be added soon!
Auditing IoT and Best Practices
Proposal for updated practices regarding auditing Internet of Things (IoT) Devices
Introduction
Context
As the popularity of Internet of Things (IoT) devices grows, so does their uses in businesses, homes and even governments. These devices have a huge range of uses from industrial control systems all the way to smart plugs in the average person’s home [4]. The growing uses and connectivity of these devices, however, has made them a popular target for any potential adversaries [9]. Developing proper security measures and auditing procedures is something that is necessary because of the impact IoT devices can have on any network’s security. However, this is not easy as IoT devices typically have non traditional uses compared to most computer systems. These devices have a connection and direct impact on the physical world around them, and can be located in various environments [9]. All of these factors have led to a lack of organization and policy regarding IoT devices. Overall, IoT devices are a new category of computer systems that need to be securely implemented in their environments and conform to a set of best practices.
DEFCON 25 CTF – CHALLENGE 7 – CAPTURE_AUSTRALIA
300 PTS
Tl;dr: From the DEFCON 25 OSINT CTF (capslock enjoyed this title). This challenge was based around OSINT on the x64 Corp github. Requires general knowledge of how Git works and a willingness to look at code
Topic:
“Our company doesn’t spend a lot on paid products, and we use a lot of open source / free products. For example we use git for version controlling – https://github.com/x64Corp
Since teams don’t use any centralized chat system, it’s difficult to monitor the same. Our CTO suspects that someone is keeping an eye on our discussions. Not sure how.
Can you help?”
Two-Percent Milk 