I am getting ready to teach a “Building Your Own Security Lab” series of classes and I really needed a safe place for people to try their hand at wireless hacking.
I built HackAPie that uses a RaspberryPI (this canakit) and openwrt that broadcasts 5 unique wireless networks to crack using tools like wifite and kali.
There are still a few bugs to work out but people have asked me if I would share this and I think I have it in a place where I am comfortable doing that. If you have any suggestions or questions please reach out to me at [email protected] or @jgamblin on twitter.
My mentor and I are in the middle of spinning up an information sharing group with local security professionals and next Friday is our first “working session” and we are discussing what building a security lab* looks like and costs.
We really hope to start walking through the tools in future meetings but here is what my security lab build looks like and roughly costs.
If you do not have unlimited data on your iOS device you will want to turn off Wi-Fi Assist in iOS9. Wi-fi Assist uses your data connection when you are on a slow Wi-Fi network.
To turn it off go to Settings > Cellular > Wi-Fi Assist > Off.
I have been looking for sometime to get a few security cameras setup around my house. I have thought about the dropcam and oco options but they were both fairly expensive and didn’t have the options that I wanted.
What I did have was a raspberry pi 2, two old web cameras and a 6 year old who likes to build stuff. We spent some time this weekend working with a project called MotionPie based off of MotionEye this weekend and we really like it.
It does take a fair amount of computer, network and linux knowledge but if you have a raspberry pi and google I am sure you could figure out.
I hope to see added (and help since it is an open source project): Dropbox support. Ability to select motion detection area. Ability to change the theme colors.
People ask me all time what the one thing they should do to “stay safe” on the internet is. If I had to pick one it would be to use a VPN when you are on a network you dont own or trust.
It has always taken a little bit of technical skill to setup a private VPN but my friends at WebDigi have done an amazing job of making setting up a free (if you dont use it too much) private VPN on AWS easy.
My mentor asked me that question this week as we were talking about what “true success” looks like. In the end you will never feel truly successful if you are not doing what you are passionate bout. There are people who are passionate about being amazing help desk technicians who feel (and are) more successful than the CIO who would really rather be the CFO.
As a reminder to do everything I do with passion I now have this as the lock screen on my phone:
Since it is that time of the year for all good security professionals to get ready to fly to Vegas I decided to put together my own “Surviving Blackhat” blog post.
Make a Friend. Being in security is sometimes a thankless job. You are going to a place with 30,000 other professionals who do the same thing you do and know the struggle is real.
Sure, someone may try to social engineer you into you telling them your mothers maiden name but you might find a friend who does forensics that you can call at 0200 when you think you are 10 minutes away from being fired.
Have A Meal With An Important Security Partner. The companies that help you secure your company are at blackhat and want to hang out with you. Take advantage of it.
Have A Meal With Some Friends (That You Pay For). Pick a night (I suggest Tuesday) and make plans with a group of friends to have an amazing meal somewhere in Vegas without a vendor (unless you are really friends with a vendor).
Dress Like An Adult (for meetings). Save the Black T-shirts and Flip-Flops for DEFCON. To quote Jay-Z:
I don’t wear jersey’s. I’m 30 plus gimmie a crisp pair of jeans and a button up.
Get Swag And Give It Away. Pick up way more swag then you need. You have co-workers that are covering for you. Nothing says “Thank you” like showing up on the 10th with a book bag of T-Shirts from companies you never heard of.
Get Smart! 90% of the smartest people in the industry are going to be within 4 miles of each other for 168 hours. LEARN.AS.MUCH.AS.YOU.CAN.
Have Fun! Part of the reason you are in Vegas is to recharge your batteries and have fun. Do that.
I spend a lot of time working in the starbucks near my office. It is a great place to slip away from the office for an hour when I need to do some heads down work but dont want to be completely anti-social.
Even though I always use a VPN one thing that always bothered my was that Starbucks was grabbing my MAC address every-time I logged in:
I am not a big fan of being tracked like this so this weekend I wrote randomMAC for OSX to quickly change my MAC address.
So now when I log in at Starbucks I am passing it a random MAC:
