July, 2017 | Will Chatham

BSides Asheville – 2nd Place CTF

Published by Will Chatham on 7/29/2017

I attended BSides Asheville today, the “other” hacker conference for IT security folks. This was Asheville’s fourth such conference (they happen in cities all over the world), and it was my first chance to go to one.

I wasn’t disappointed. I ended up spending most of my time in the “Lockpick Village” and working on the Capture The Flag competition.

The Lockpick Village was a challenge, even for someone who used to be a professional locksmith. It turns out that working under the pressure of an 8-minute timer, with people surrounding you to jeer and cheer you on does not make it easy to operate.

I was able to get out of the handcuffs rather quickly (about 1 minute), and then I picked the first lock relatively soon therafter (2 minute mark). However, my crucial mistake was that I picked it in the wrong direction, so I had to start over, and it took me much longer.

By the time I made it to the second lock, I only had about 2 minutes left, and it proved to be too much for me to conquer. It didn’t help that I’m used to using rake picks on pin tumbler locks, and they didn’t have any for me to use.

I ventured into the Capture The Flag contest after that, where I was able to put into practice all of the penetration testing skills I’ve been working diligently on since January. The Penetration Testing with Kali Linux course I’m enrolled in helped too.

I was the first person to root a Windows 2008 server and gain enough points on other servers to get into the top-three.

This turned out to be a positive affirmation that my hard work has paid off, as I took home the Second Place prize, a brand new Raspberry Pi 3 with the Canakit add-ons.

Granted, the first place winner forfeited and the team ahead of me was three professionals working together. Still, I took 2nd place after all that, and it was my first CTF.

The BSides team and volunteers put on a great day of fun. I am already looking forward to next year’s conference.

My Slides from Drupal Camp Asheville 2017

Published by Will Chatham on 7/27/2017

Thanks to all for coming to my talk! Here are my slides. Drupal Security #devsecops #dcavl @drupalasheville
DevSecOps – Slides

I enjoyed being at Drupal Camp, and it was good talking with the many new folks I met (as well as the ones I already know). If you have any questions or comments, feel free to post here or contact me directly.

Update:

Video is Now Available Too!

4 External USB Wifi Adapters for Kali Linux Pentesting

Published by Will Chatham on 7/12/2017

If you are like me, you have been working with Kali Linux, the Linux distribution for penetration testing and ethical hacking, and have been running it as a virtual machine on your 2015 Macbook Pro. And, you have been having issues with sniffing packets because your 2015 Macbook’s built-in wifi adapter is not going into true promiscuous mode — only a limited version that doesn’t give you everything you need. Sadly, other versions of the Macbook don’t seem to have this problem at all, so you may be finding yourself in need of an additional interface.

Or, perhaps you are not like me, and the chipset driving your PC’s Wifi adapter doesn’t let you do much at all, and you just want an external USB Wifi adapter that will make it easy to use tools such as Aircrack-ng for ethical hacking jobs.

Whatever the case, I’ve done some research and will present a few options that don’t break the bank and should provide you with a quick and easy way to do all the proper packet sniffing you deserve.

TP-Link N150

The first option on this list is the $13.45 TP-Link N150 dongle. A small USB device that sports a detachable antenna, it should get the job done if you prefer portability over power. This device uses the Atheros AR9271 chipset, which is known to work smoothly in Kali Linux (and probably most other distros).

USB Rt3070

The cheapest USB adapter, at a paltry $11.99, is the generic USB Rt3070, another dongle style device that is also the smallest you will find here. With similar specs as the TP-Link device, this one is even easier to conceal, and probably won’t raise any suspicions if you have it plugged into your laptop in a crowded place. While not the most powerful device by any means, if you are near the router you want to connect to, it shouldn’t be a problem.

Alfa AWUS051NH

Taking a big step up in everything, including features, power, and profile, we have the Alfa AWUS051NH. This one has been sitting on my Amazon wishlist for quite a while, and I think it’s about time I pick it up. It even has a holster with suction cups to stick to a window, and it will pick signals up from long range.

If you are needing to physically stay away from the target you are testing, while still being able to test it, try this sucker.

Alfa AWUS036NHA

Lastly, we have another Alfa device, both of which get really good reviews for Kali Linux in particular. At only $6 more than the AWUS051NH, the Alfa AWUS036NHA looks cooler and has a boost in power to let it pick up signals from even farther away. It also comes with the holster and suction cups for the windows of your vehicle, office, or home. According to its description, what sets it apart is the “High Transmitter Power of 28dBm – for Long-Rang and High Gain Wi-Fi.”

Are there others?

Have you tried any of these? What did you think? Know of any others that do a good job?

A Review of EaseUS Data Recovery Software for Mac

Published by Will Chatham on 7/11/2017

I have never really had the need for data recovery software until recently, when I mistakenly deleted a bunch of data off of a USB thumb drive, thinking I had backed it up somewhere. Much to my chagrin, I had not in fact backed it up. There were some files I was really going to miss, such as recordings of music I had made in Logic, and some various photos I’ve carried around with me over the years.

As I quickly learned, these type of apps do not run cheap. After doing some digging, I ran across a promising candidate called EaseUS Data Recovery. As far as data recovery software goes, they seemed to have been around a while, and had some good reviews. At $89.95, though, I expected it to do great things. Not only did I want Mac data recovery, I wanted a tool that would let me recover data from external hard drives, USB thumbs drives, and more. EaseUS promised to do that.

Installing The App

There were a few concerning things that happened during the installation process. For starters, Little Snitch reported outbound connections to track.easus.com. I could understand the need to reach out and check the license key, but over port 80? The subdomain “track” indicated that this was collecting some sort of metrics. I’m not sure I feel OK about that, especially over an unencrypted connection.

I let it pass through, and the installation continued. Another outbound connection warning appeared:

Hmm…another non-SSL connection to their website. I would hope that a company charging $90 for an application would be able to (and be smart enough to) get an SSL certificate to encrypt these connections, thereby helping protect their customer’s privacy.

Post Installation

Once installed, I went to plug in the license information that EaseUS had provided to me to register the product and assure I was getting all the features. When I did this, another unencrypted outbound alert appeared, which I can only assume contained my license key information as the software called home to validate it:

EaseUS doesn’t seem to care about encrypted data transfers. Not good!

The last complaint about the installation process is that I was left with a new taskbar widget that looked like a weather alert. 35 degrees? What is that?

Turns out this is a widget that provides “S.M.A.R.T.” monitoring of my drives. I’m not sure what that acronym stands for, but this widget was added for me without my knowledge, and it was promising to monitor my drives for issues. I decided to disable it since I am not a fan of widgets being added for me without asking.

Recovering Data with the Recovery Wizard

At this point, things got considerably better. The application was a breeze to figure out and use. I was first asked what type of files I wanted to recover. I left all of them checked since I wasn’t sure what all was on my deleted USB thumb drive.

From there, I was given a list of drives on my system:

Selecting my USB drive, I proceeded. Within a minute I was shown a bunch of files that were recoverable from my USB drive. I was able to choose what I wanted to be restored.

After that, all it took was clicking the Restore button, and I was asked where I wanted to save everything. Another 2 minutes later, I had all my files back! I’m not sure why I’d want to Tweet about that or “share my happiness” on Facebook, but I was given that option when the operation was complete.

MP3’s worked, images were viewable, and everything was good. I did notice a few filename characters had been replaced with a “#” sign, but they still operated normally. The EaseUS software did exactly what it said it would do.

Summary

All in all, this is a good product based my testing experience, and I’d recommend it if you need to recover data from a computer or external drive. There are some installation shenanigans to be aware of, as the software tries to install its monitoring widget without your consent. The worst part of it all is that the outbound calls to easus.com are not encrypted. EaseUS: get your stuff encrypted, please!

Month: July 2017