Skip to content

Year: 2019

Picking a Master Lock M5 Magnum

As you may or may not know, I was a locksmith for the better part of a decade, working on campus at Warren Wilson College as a student, learning the trade as I earned my BA in psychology, then being hired to work there and train other students after I graduated for about 4 years. I also ran my own business (Chatham’s Lock & Key) for about two years, and I did a stint at Willis Klein up in Louisville for a summer.

So it was interesting to me that once I started attending information security conferences, I saw how popular lock picking has become among that otherwise computer-based hacking crowd. They have “lock picking villages” where you can learn to pick locks, contests to pit your skills against others, and there are now loads of videos and tutorials online for “locksport” enthusiasts.

I was resistant to get into “locksport” for a while, perhaps because I had “been there, done that,” but also because the phrase “locksport” annoyed me.

However, I lost that battle when I found my old lock pick set from back in the day, and then found myself working a Master lock I had in the garage. Check out my first contribution to the Locksport community in this video.

Stay tuned for more.

OWASP Attack Surface Detector Project

When I did a short work stint at Secure Decisions in 2018, one of the projects I got to work on was helping to create the Attack Surface Detector plugin for ZAP and Burp Suite. I left that position before the project got published, but I am happy to see that it was a success.

Here it is in all its glory.

From the OWASP description:

The Attack Surface Detector tool uncovers the endpoints of a web application, the parameters these endpoints accept, and the data type of those parameters. This includes the unlinked endpoints a spider won’t find in client-side code, or optional parameters totally unused in client-side code. It also has the capability to calculate the changes in attack surface between two versions of an application.

There is a video that demonstrates the plugin, and yes, that is me doing the voice-over.

Kali Linux Dockerfile

Since recently discovering there is now an official Kali Linux docker image, I’ve been fiddling with it and tweaking my own setup to get it to how I like it for the things I use it for. I have a work version and a personal version. What follows is my personal version, used mostly for R&D, CTF challenges, and bug hunting in my free time.

My Kali Dockerfile (for Mac)

# The Kali linux base image
FROM kalilinux/kali-linux-docker

# Update all the things, then install my personal faves
RUN apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y && apt-get install -y \
 cadaver \
 dirb \
 exploitdb \
 exploitdb-bin-sploits \
 git \
 gdb \
 gobuster \
 hashcat \
 hydra \
 man-db \
 medusa \
 minicom \
 nasm \
 nikto \
 nmap \
 sqlmap \
 sslscan \
 webshells \
 wpscan \
 wordlists 

# Create known_hosts for git cloning things I want
RUN mkdir /root/.ssh
RUN touch /root/.ssh/known_hosts
# Add host keys
RUN ssh-keyscan bitbucket.org >> /root/.ssh/known_hosts
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts

# Clone git repos
RUN git clone https://github.com/danielmiessler/SecLists.git /opt/seclists
RUN git clone https://github.com/PowerShellMafia/PowerSploit.git /opt/powersploit
RUN git clone https://github.com/hashcat/hashcat /opt/hashcat
RUN git clone https://github.com/rebootuser/LinEnum /opt/linenum
RUN git clone https://github.com/maurosoria/dirsearch /opt/dirsearch
RUN git clone https://github.com/sdushantha/sherlock.git /opt/sherlock

# Other installs of things I need
RUN apt-get install -y \
    python-pip

RUN pip install pwntools

# Update ENV
ENV PATH=$PATH:/opt/powersploit
ENV PATH=$PATH:/opt/hashcat
ENV PATH=$PATH:/opt/dirsearch
ENV PATH=$PATH:/opt/sherlock

# Set entrypoint and working directory (Mac specific)
WORKDIR /Users/wchatham/kali/

# Expose ports 80 and 443
EXPOSE 80/tcp 443/tcp

Build it

docker build -t yourname/imagename path/to/theDockerfile 

(don’t actually put ‘Dockerfile’ in the path). Do change ‘imagename’ to something apropos, such as ‘kali’

Run it

docker run -ti -p 80:80 -p 443:443 -v /Users/yourname/Desktop:/root yourname/imagename

The above examples require you to replace ‘yourname’ with your Mac username

-ti
Indicates that we want a tty and to keep STDIN open for interactive processes

-p
Expose the listed ports

-v
Mount the defined folders to be shared from host to docker.

Hope that’s useful to someone!

Hat tip: https://www.pentestpartners.com/security-blog/docker-for-hackers-a-pen-testers-guide/

Music Updates

I just updated my My Music page, which was long overdue. There’s not a lot of new stuff to report just yet, but I am in a ska band that is practicing and trying to determine a name. Stay tuned for more about that.

Here is a Spotify playlist featuring my songs, or songs I played on over the years:


And here’s an open directory from which you can download a lot of these goodies:

https://www.willchatham.com/songs/

Lastly, here’s a crappy video I made of me playing with myself the other day:


Protect Your Phone In These 3 Ways

For most people, their phone is pretty much a constant companion throughout their daily lives. But if you are keen to make sure that you are going to be able to keep it as such, then you need to know that you are looking after it properly. Most people don’t really think too much about how to protect their phone, but it is something that all of us could benefit from looking into to some degree. As it happens, there are a lot of things you can do to make sure that your phone is truly and fully protected, and in this article we are going to take a look at just a few of them. Here are three of the best ways in which you might be able to ensure that you protect your phone as well as possible.

Track It

One of the biggest concerns with phones is that they can get lost. When this happens, it can be a surprisingly disastrous affair. For most people, it will mean that their life will be significantly uprooted for a while, and you will at the very least have to worry about trying to find it again as soon as possible – or replacing it, should it come to that. One of the best solutions for this particular problem is to find a way to track your phone, which you can now do easier than ever. So long as you have some Gadget Trackers attached to it, you will always be able to find it, no matter how far it has gone. You might not always be in a position to retrieve it, but you can at least know where it is – and more often than not, it is pretty close to home anyway, and you will be able to find it and get it back – which could save you a huge headache.

Cover It

You should also think about getting something for the screen, so that you don’t have to worry about it becoming scratched. This is important for a number of reasons. Most of all, you will be able to keep its value fairly high, which could be important if you ever hope to sell it on after you are done with it. But it will also mean that the usage of it for you personally is much better, as you won’t be having to worry about scratches and cracks and so on. You can easily get a screen protector these days, and it is definitely a good idea to get one – along with a case too, for some added extra protection.

Insure It

You never quite know what is going to happen to your phone, so insuring it is often one of the best things you can do. If you insure your phone, you should find that you are able to have more confidence and less worry surrounding it, and if nothing else that makes using it much nicer. Of course, you should shop around for an insurance policy which you feel is actually going to work out well enough for your purposes.

The Effects of Social Media on Mental Health

While social media is a bridge to greater connectivity and community, studies have often shown just how damaging it is for mental health. The rise in anxiety, depression and eating disorders have risen significantly and contributes to other negative feelings such as loneliness, jealousy and stress. Ultimately, reliance on social media had lead to people feeling more and more unhappy

Being active social media presents a number of challenges, such as online bullying, toxic comparisons and the increasing inability to socialize in the real world. Read on to learn more about the effects social media has on mental health.

Rise in depression and anxiety

A study by The University of Pittsburgh School of Medicine found that the young adults who spent a lot of time on social media were more likely to report sleeping problems and symptoms of depression. Those who experienced cyberbullying on social media saw an increase in feelings of depression, anxiety and suicidal thoughts.

Frequent social media users also have a tendency to make comparisons about physical appearances, vacations and successes, even though only the highlight reels are presented on social media. This leads to the belief that everyone else’s life is better or cooler than the user’s, when this is in fact a false reality. By placing their sense of worth based on how they are doing compared to others, they go down a social comparison spiral bound for depression and anxiety.

Negative body image

The need to get “likes” on social media for validation and approval leads the user to engage in risky and unhealthy behaviours, including altering their appearances, to gain more interaction on their social media. A study by the University of Pittsburgh found that those who spent more time on social media had 2.2 times greater risk of developing eating and body disorders. Women in particular have been proven to feel worse about themselves and more dissatisfied with their bodies when scrolling through the Instagram of someone they perceive to be more attractive than them. When toxic comparison leads to body dysmorphia, depression or anxiety, it is important to reach out to healthcare professionals or a licensed therapist and get help.

False sense of socialization

Though a user may have hundreds to thousands of friends or followers on social media, it can contribute to FOMO, or fear of missing out, when a user sees their friends attending events or parties that they didn’t get to go to. This leads to feelings of loneliness, anxiety and jealousy. Having a lot of online friends or followers does not make up for deep, connected and meaningful connections that are needed for a fulfilling and healthy life. Real human interaction is key to knowing how to communicate well, learning empathy and compassion and is vital to good mental health. However, more people are engaged with online personas than real people.

The upsides of social media

Young adults who have difficulty face-to-face socializing or finding acceptance within their social circles benefit from the fast, easy and non-threatening nature of social media. Those from the LGBTQ community or who struggle with mental illness have also motivation and friendships through online spaces. It is empowering for them to find like-minded people who encourage their progress and support them through challenges which they would otherwise face in isolation

One of the keys to good mental health in this modern, fast-paced world is balance. Social media can be good for you and even helpful, but so is real-life friendships and engaging in the present moment. We may not need to quit social media completely, but by using less social media and disconnecting in moments of real human connection, there may be a decrease feelings in depression and ironically, loneliness.

avatar

Marie Miguel

Contributor

Marie Miguel has been a writing and research expert for nearly a decade, covering a variety of health- related topics. Currently, she is contributing to the expansion and growth of a free online mental health resource with BetterHelp.com. With an interest and dedication to addressing stigmas associated with
mental health, she continues to specifically target subjects related to anxiety and depression.