Answer honestly, as it may affect the content of the meetups.
[democracy id=”2″]
Certs and continuing education
Just a reminder that attending conferences, security group meetings, and similar activities can count toward continuing education credits for maintaining certifications.
I picked up CEH last April, and thanks in a large part to attending DEFCON twice and BSidesLV once, I’ve already got 89 credits toward the 120 required for maintaining my certification..
Over the winter, I intend to take on OSCP. What certs to you folks have?
Here are the activities that qualify as continuing education credits for CEH:
- Volunteering – 1 credit for each hour you will spend
- Association/Organization Chapter Meeting (per Meeting) – 1 credit per hour
- Author Article/Book Chapter/White Paper – You can contribute to authoring an IT security related book, chapter or paper and earn 20 ECE credits. Note that, if you write the whole book, you will earn 100 ECE credits.
- Education Course – You can earn one ECE credit per hour for any IT security related course you will attend.
- Seminar/Conference/Event – You will earn one ECE credit for every hour of a seminar, conference or similar event you will attend.
- Higher Education – If you are continuing to higher education in IT security (e.g. Masters or PhD) you can earn 15 credits per semester hour
- Identify New Vulnerability – If you identify an IT security related vulnerability, you can earn up to 10 ECE credits
- Presentation – You can share your IT security knowledge with your colleagues, in a chapter meeting or in a conference. You will earn three ECE credits per every hour you will present.
- Reading an Information Security Resource – You can earn up to five credits by reading an IT security related book, article, review or case study.
- Teach New – You can prepare a course or organize a workshop and teach people about IT security. You will earn 21 credits per day for teaching IT security. This is generally an eight hours per day course.
Hackerboxes #0033
Better late than never. I think this one was released in time for subscribers to assemble it before Defcon. I slapped this together over the weekend. About the simplest project you can imagine. The switches turn the individual LEDs on, and the LEDs each have either a slow transition or fast transition IC built-in. The resistors are purely for decoration. It’s pretty and blinky, so I can’t complain.
The kit also came with a MicroPython PyBoard to experiment with. Going to have to steal some time to play with it, it really sounds like a lot of fun.
Proxmark 3 RDV4
I was excited to pick up the new Proxmark 3 RDV4 from its Kickstarter, before the official, far more expensive release at Defcon 26. I’d been playing with it since I got it, cloned my office entry HID card, and tried out a couple of the Android apps to run it.
There are two Android apps that I’m aware of. Walrus is the one that seems promising to me. It leverages the ability to read, write and simulate (playback) RFID cards native to the Proxmark, and supposedly a feature under development is to brute force readers using bulk-collected tags. Sounds like a fun tool for physical pentesters. Collect cards in a crowded elevator, then try to get into offices using the cards you’ve collected. I haven’t checked for an update since downloading the software, so I have no idea whether it’s been implemented yet. The other one, AndProx, is a standard Proxmark CLI, and I’m not much for typing on phones. It’ll work in a pinch, but I prefer my trusty Macbook for that. Also, it didn’t seem to recognize the Proxmark from my phone. Maybe I need an OTG cable.
I picked up some keyfob tags on Amazon, because I have this annoying habit of forgetting my work card every once in a while and having to borrow a temporary card from the receptionist, and I figure if I have one on the same ring as my car keys it’ll be far less likely that I’ll leave it at home (or in the car). However, my RFID tag knowledge isn’t super deep, and apparently just looking for T5577 cards isn’t good enough. They read as “Indala” in the Proxmark, and I’m unable to clone my HID card to them as I could with the included Proxgrind card, or other random cards in my collection.
So I looked a little closer this time, and ordered another set of fobs that one reviewer claims he was able to clone HID with. Science is all trial and error, right?
If you’re considering getting a Proxmark, I’ll share a couple of experiences. Trying to update the bootloader and firmware from a Linux VM was problematic. The update hung and bricked the Proxmark. This was easily fixed by holding down the button on the unit while powering it up, and while re-uploading the bootloader and firmware directly from MacOS. If you get weird command errors, it’s because your client and firmware versions are out of sync. Once everything’s in sync, it’s like clockwork.
Side note: I’m getting to be known as “that guy” at work. A coworker asked me if I could pick tubular locks today. Gotta dig out my tubular pick set to bring in tomorrow. He wants to replace a drive in a locked drive array and doesn’t know where the key is.
Indala Update 2018-09-09: I somehow managed to get the “Indala” card to work. Hints from iceman gave me confidence that the reader may have just been misreading the tags, so I played around with t55xx commands until I managed to get it right. I will try to duplicate the process in my spare time so that I have a documented solution. The good news is that it does work. Now what to do with these 19 extra fobs. 🙂
CHV Badge
Received the Car Hacking Village badge today. The fucker has a beautiful display, nice fluid LED transitions, and an OBD-II port. Looking forward to seeing what its capabilities are. I know it has CAN and NFC capabilities from the website at http://www.specsolns.com/defcon…
Show us your nerdspace.
Hackerboxes #0028: Jam Box
The soldering for this one was a piece of cake. Everything was nicely padded and spaced. Big pads make soldering way easier than a tiny ring.
EXCEPT for the potentiometers. The strain-relief legs didn’t fit into the PCB holes, and Hackerboxes just suggested shaping them into a tube to make them fit, without any real guidelines on how to do that. Anyway…
I hadn’t yet installed the Arduino IDE on my primary Macbook. No issues there. Had to install the ESP32 board into the Board Manager. Then I had to install the VCP USB UART driver so that the serial port would show up in the Arduino IDE.
Then, BAM. My sketch uploaded and works.
Yes, I know I didn’t install the pots yet. I also didn’t install the DAC yet. Maybe tomorrow. I just wanted to light up the MAX7219 8x8s.
Status update
Three weeks and one day until the first meet, and we’re up to twenty in the Meetup group, and eight have RSVPd for the first meeting. The room has a capacity of 25, so that’s working out well.
Drink all the Booze, Hack all the Things!
Well, that’s interesting. Reading the fine print of the library agreement. The library allows alcohol in its meeting rooms. HOWEVER, and it’s a big however, even if it’s BYOB, it’s only allowed with a state permit. So from my brief research, a $55 “Banquet” license would allow us to either BYOB at the meetings (YES, it would feel gloriously naughty to drink beer in the LIBRARY) or to actually sell beer & wine. I’d be curious if anyone in this group thinks that’d be worth pursuing.
Tell you what… Get your company to sponsor the meetup for $150 and I’ll get the license and bring quality beers for everyone who’s legal.
BSides DC tix 2nd round on sale
I got mine, how many of my other 540ers are going to be there? I decided, since Nick Cave is the night before at Anthem, that I’m going to stay at the venue in DC rather than commuting from home. Anyone doing any of the classes?