Category Archives: Security Not Included

BSides Denver 2018 – Hacking the Mile High City

I traveled out to BSides Denver 2018 this past weekend, and had a great time!

BSides Denver 2018 – Introduction

This was my first time in Colorado, and I really enjoyed it.

BSides Denver was a fun conference sponsored by SecureSet Academy.

Of course, I had to rep SwAG during my time out there!

BSides Denver 2018 - SwAG

Venue, Area, Food and Drinks

While it was great that SecureSet sponsored the conference, the venue(s) were a bit crowded.

Two of the speaking tracks were in their downtown offices in some conference rooms. This led to a lot of talks having to turn people away due to seating reasons. Additionally, it was hard to hang out in the con area without being too loud for the conference rooms.

The third track + hang out area and meals was held at the Blake St. Tavern down the road. This was a bit less crowded, and I ended up hanging out here more often than not.

Denver was great, and I ended up having some awesome food and drinks during my time there.

BSides Denver 2018 - Dinner

BSides Denver 2018 - Dessert

Other than that, I visited the USAFA (United States Air Force Academy) since I know someone going there!

We walked around campus, and I got to take pictures of some of the awesome looking buildings.

BSides Denver 2018 - USAFA

BSides Denver 2018 - USAFA Building

There was also an F15 there, but they told me that it doesn’t actually run anymore.

BSides Denver 2018 - F15

Finally, the mountains around campus (and the city in general) were gorgeous, and I wish I got some more pictures.

BSides Denver 2018 - USAFA Mountains

The beer in Denver was great, and I tried to make it to as many brew-pubs and/or places with local beer as possible.

Talks

I went to 4 talks this conference, and they were all pretty great.

  • Ducky-in-the-middle: Injecting keystokes into plaintext protocols – this was a fun talk about intercepting plaintext protocols for mouse/keyboard input and hijacking them. N00py mentioned a few neat tools, and I’d love to take a look as some of them.
  • GreatSCT: Gotta Catch ‘Em AWL – this was a tool by ConsciousHacker that I’ve meant to look into for a while now. That said, after this talk, it has moved rapidly up my list. This is a framework that manually builds Metasploit payloads that can bypass anti-virus as well as application whitelisting solutions. You can find the source here, and I hope to blog about it fairly soon.
  • WiFiPi: Rasperries and Radios and Antennas, oh my! – This was my talk, and it went pretty well here! An infomercial styled talk about my WiFiPi and how to use it for wireless assessments. While I was unable to make the drink that I made at CarolinaCon, I still shared the recipe with my fans. I hope that the videos/slides will be up soon, but please let me know if there is anything specific that you want/need in the meantime.
  • Why Hackers Still Get In – this was a more basic talk given by B1tWr4ngl3r of Rapid7, but it was still a good one. The biggest takeaway for defenders (and attackers) were that passwords are bad. That said, I think I have a mouse that is vulnerable to JackIt, so I’m looking forward to playing with it.

Unfortunately, BSides Denver did not record any of these talks. That said, you can find a few of them from previous conferences below.

BSides Denver 2018 – Speaking

I spoke at BSides Denver this year, which was my main reason to go out there! This was my 5th total presentation, and second for this talk.

I definitely feel like I’ve got the speaking bug, and I’m constantly improving. That said, filler words and going too quickly are still where I have some issues.

There were no technical difficulties this time, but the talk wasn’t recorded. That said, the CarolinaCon recording should be up soon, and if not, blame Curbob.

I did not make the themed drink at this venue, but I still shared the recipe for any brave souls.

This talk went very similarly to my CarolinaCon version, only with a few more slides. I tried to cover the questions that I was asked at CarolinaCon during the presentation, and that went well.

That said, there was even more questions than last time, which was awesome. My talk went a bit quickly (30 minutes), so I had almost 15 minutes left for questions, discussions, and demonstrations.

I’ll be giving this talk one more time this year, , but be on the lookout for slides and a video when that is complete.

Finally, if you have any feedback (positive, negative, or neutral) about the content or presentation, then please let me know!

Villages/Events

There was a lock picking village at the Blake Street Tavern, so I popped over there for a bit to watch some people.

Other than that, I briefly participated in the CTF.

BSides Denver 2018 - CTF

While this was a great idea, there wasn’t enough time or automation in place for it to work really well. That said, it was pretty neat, and I got 4/5 of the required e-mail addresses.

If you have any tips for obtaining e-mail addresses from a LinkedIn profile, then I’d love to hear them!

BSides Denver 2018 – Conclusion

This was a great con, and I’m glad that they invited me to come out and speak.

I was able to do a little (ok more than a little) eating, a little drinking, some networking, and some exploring.

That said, I wasn’t able to escape my travel bad luck.

BSides Denver 2018 - Travel Woes

While that screenshot wasn’t the real issue, I still had to deal with a 2 hour delay for my flight back home.

Leave a Comment

Filed under Security Not Included

Extract Android Chrome Tabs via USB Debugging

While only partially security related, I finally learned out to get my Android Chrome tabs to my desktop.

Continue reading

Leave a Comment

Filed under Security Not Included

Alfa AWUS051NH Installation and Configuration (VMware on MacOS)

I had a few questions about using an Alfa AWUS051NH wireless card, so I figured I would share a quick write-up about it.

Continue reading

Leave a Comment

Filed under Security Not Included

XSS Phishing for Fun and Credentials!

Since it came up in a recent conversation, I figured I would share an XSS phishing technique!

Continue reading

Leave a Comment

Filed under Security Not Included

CarolinaCon 14 – Shall we Play a Game?

Another weekend is over, and CarolinaCon 14 is in the books.

Continue reading

Leave a Comment

Filed under Security Not Included

Subdomain Hijacking in the EverSec CTF (BSides Raleigh ’17)

Just in time for CarolinaCon, here is my subdomain hijacking write-up for the EverSec CTF at BSides Raleigh 2017.

Continue reading

2 Comments

Filed under Security Not Included

Guacamole Installation in my Homelab

I finally finished my Guacamole installation for my homelab, and I wanted to share how it went.

Continue reading

Leave a Comment

Filed under Security Not Included

GXPN Review – SANS660 (Advanced Penetration Testing, Exploit Writing, and Ethical Hacking)

Although I passed it last month, I’m just now getting to my GXPN review after a long on-site engagement!

Continue reading

2 Comments

Filed under Security Not Included

sshuttle – Poor Man’s VPN via SSH (Great for Pivoting!)

I’ve recently been using sshuttle again, and I wanted to share how easy it is.

Continue reading

Leave a Comment

Filed under Security Not Included

pfSense DNSBL Whitelisting to Unblock Specific Sites

While I was away, someone asked me about pfSense DNSBL whitelisting, so I wanted to share a tutorial for it.

Continue reading

Leave a Comment

Filed under Security Not Included