BSides Asheville – 2nd Place CTF

I attended BSides Asheville today, the “other” hacker conference for IT security folks. This was Asheville’s fourth such conference (they happen in cities all over the world), and it was my first chance to go to one.

I wasn’t disappointed. I ended up spending most of my time in the “Lockpick Village” and working on the Capture The Flag competition.

The Lockpick Village was a challenge, even for someone who used to be a professional locksmith. It turns out that working under the pressure of an 8-minute timer, with people surrounding you to jeer and cheer you on does not make it easy to operate.

I was able to get out of the handcuffs rather quickly (about 1 minute), and then I picked the first lock relatively soon therafter (2 minute mark). However, my crucial mistake was that I picked it in the wrong direction, so I had to start over, and it took me much longer.

By the time I made it to the second lock, I only had about 2 minutes left, and it proved to be too much for me to conquer. It didn’t help that I’m used to using rake picks on pin tumbler locks, and they didn’t have any for me to use.

I ventured into the Capture The Flag contest after that, where I was able to put into practice all of the penetration testing skills I’ve been working diligently on since January. The Penetration Testing with Kali Linux course I’m enrolled in helped too.

I was the first person to root a Windows 2008 server and gain enough points on other servers to get into the top-three.

This turned out to be a positive affirmation that my hard work has paid off, as I took home the Second Place prize, a brand new Raspberry Pi 3 with the Canakit add-ons.

Granted, the first place winner forfeited and the team ahead of me was three professionals working together. Still, I took 2nd place after all that, and it was my first CTF.

The BSides team and volunteers put on a great day of fun. I am already looking forward to next year’s conference.

My Slides from Drupal Camp Asheville 2017

Thanks to all for coming to my talk! Here are my slides. Drupal Security #devsecops #dcavl @drupalasheville
DevSecOps – Slides

I enjoyed being at Drupal Camp, and it was good talking with the many new folks I met (as well as the ones I already know). If you have any questions or comments, feel free to post here or contact me directly.

Update:

Video is Now Available Too!

How Tech Is Improving Recruitment and Training

Soldiers with the Royal Netherlands Army conduct training in Dismounted Soldier Training Systems at the 7th Army Joint Multinational Training Command, Grafenwoehr, Germany, June 5, 2013. The DSTS is the first fully-immersive virtual simulation for infantry. (U.S. Army photo by Gertrud Zach/released)

Recruiting and training new employees is faster and cheaper than ever before thanks to today’s technological innovations. Here are just a few ways that tech is transforming these areas of HR for the better.

Efficient job posting

Whilst employers previously had to rely on newspaper ads and posters, internet advertising has allowed employers to reach out to a much larger market. The likes of Indeed are great job listing sites that can be viewed by people across the world. Apps such as Switch meanwhile are finding new ways of pairing employers and jobseekers using analytics.

Employees can also be more effectively vetted before taking them to the interview stage. You can create online quizzes to gage a better idea of the personality and know-how of each applicant.

Cyber CVs

Digital technology has also made things much easier for the applicant. By sending off CVs digitally, more information can be packed into a resume. Links can be inserted to examples of work which may be useful if applying to a journalism job and trying to show proof of published written work. There are also sites that can allow you to create a digital portfolio in a stylish manner. This could be useful for applying to a design or photography job in which media needs to be shared.

Virtual interviews

Video communication software has transformed the way in which interviews can be conducted. Applicants no longer need to spend money travelling to a job that they may not get. Similarly, the employer can benefit from being able to interview from any location, allowing the opportunity to interview someone out of the office. Video conferences can be set up in case other people need to be involved. By doing an interview via Skype on one’s phone, it’s also possible to give a virtual tour of the office.

Skype interviewing is becoming very common for these reasons and it’s been found that applicants are less likely to suffer from nerves as they can talk from a comfortable location without the whole stress of getting to the interview on time.

ID verification

For strengthening security within the recruitment stage, digital technology has also added benefits. Applicants can be more easily researched on the internet before inviting them for an interview, ensuring that they are who they say they are. For further security vetting, there are now trusted identity services allowing you to scan someone’s face against their ID. In high-risk security jobs such procedures can be very important and would have previously required expensive technology. Now such technology is available as an affordable app, allowing all kinds of employers to take advantage of this security procedure.

Digital training

Once staff are hired, technology can also be used to make the training process more efficient. Many businesses are now developing custom software and apps to train their new employees with. This may involve watching videos and partaking in interactive quizzes. This can take some of the pressure of having to manually train staff (although shouldn’t be used wholly as a replacement).

Digital technology can also be used to train up new staff in more effective ways than would be possible in real life. When hiring staff remotely, video communication software such as Skype can allow an employee to train a new employee without the two having to physically be in the same office. This can be used in conjunction with cloud software, allowing files to be shared and easily edited.

There’s also the new prospect of VR training that is already being used in some industries. Virtual reality can be used to train new recruits in potentially risky or dangerous scenarios that cannot be effectively simulated in real life. These may include military training or training for surgery. Airline pilots have used such technology for years already and technological advancements are allowing them to prepare for more and more diverse scenarios before actually taking control in a real cockpit.

It’s an uncertainty as to how far VR training will go – will we one day be training staff in retail and accountancy jobs with virtual reality. For now, however there are still many mediums such as videos and interactive quizzes never previously available that many employers could be making use of.

6 Ways Your Business Practices Can Change With Technology

Technology has been a revolution for many years now, and the continued development of different technological techniques is changing the way we do business and who we are as humans – big time. The attitudes of the people in the workplace also change due to the advances in technology. Some of these changes are irreversible and some are for the better! Most people hear the word technology and assume you’re talking about the latest pieces of kit used for working, but it’s so much more than that.

Mobile, virtual reality, cloud computing, data intelligence, AI and all number of technological revolutions that are being devised and pushed through are all things that can help your business to soar. This, of course, depends on how you want to advance your business. There are six specific ways that our business practices have been changed and it’s all because of technology. We’ve listed for you the best; most key ways these changes affect the processes you use in your day to day business activities. Check them out and see if any of these make a difference to your business life.

  1. Productivity. Computers have been moved into businesses more and more in the last twenty years, with the assumption that they will bring about increased productivity among employees. This is 100% correct. IO Zoom Windows VPS hosting is just one of the many ways that computers and technology are helping businesses to progress, with better website support. This type of support from outside companies does make employees and businesses processes more productive and efficient, because there is very little ‘slow down’ time in practice. Increasing processing power for businesses as well as the huge range of software now available has boosted productivity exponentially.
  2. Collaboration. Technology has transformed small, local businesses by giving them the power to go global. Having access to an online cloud has allowed business employees to work from wherever they are, meaning that you don’t necessarily need to have people in the office to have an effective business pow-wow. Facilitating a continued dialogue between work teams, even if some are around the world, can make a huge difference to your company profit line.
  3. Resourcing. Almost everyone in business will now be familiar with cloud computing and outsourcing, which are two of the biggest resources that technology has given businesses. Cloud computing allows a huge range of software and resources to be accessed from anywhere, giving businesses more flexibility with their people. Outsourcing allows the smaller companies to delegate important business process outside of their office but still stay connected. We need resources that are solid to survive in business and technology has given us that.
  4. Interaction. Without technology, we wouldn’t have social media sites like these, and social media has transformed the way businesses market their products. Reaching people – customers – on an hour-by-hour basis means that you can gain public opinion and give your target market a voice. This kind of voice allows you to improve as a company and gain more insight into what you could be doing better for the people you are providing a service to.
  5. Cost Management. Streamlining operations and managing costs are just two of the things that are more in demand with the increasing competition in front of you. You have to find the best solutions for your business issues and technology is providing this in spades, with programs that can support employee productivity, and solutions in-house that improve the overall organisational efficiency.
  6. Efficiency. Talking of efficiency of the company, all of these components together are there to create a more streamlined and efficient way of working for businesses. Technology has facilitated this more streamlined way of working and companies are producing more hard-working, better employees because of it.

Advances in cloud computing and the mobile revolution are allowing people to work harder and feel more freedom and autonomy within their jobs. This then creates a workforce who are more motivated and who work more diligently. The time for sitting behind a desk for nine hours a day is still here, however, with the flexibility that technology brings, companies are becoming more efficient. Embracing the technological advances available to you is so important for the future of your business. Paying bills on time and automatically, outsourcing work to external third parties and allowing people in your organisation to work from home are all ways your company will have evolved from the stagnant flow of business in years gone by. It’s a technology revolution and we should all be on board.

4 External USB Wifi Adapters for Kali Linux Pentesting

If you are like me, you have been working with Kali Linux, the Linux distribution for penetration testing and ethical hacking, and have been running it as a virtual machine on your 2015 Macbook Pro. And, you have been having issues with sniffing packets because your 2015 Macbook’s built-in wifi adapter is not going into true promiscuous mode — only a limited version that doesn’t give you everything you need. Sadly, other versions of the Macbook don’t seem to have this problem at all, so you may be finding yourself in need of an additional interface.

Or, perhaps you are not like me, and the chipset driving your PC’s Wifi adapter doesn’t let you do much at all, and you just want an external USB Wifi adapter that will make it easy to use tools such as Aircrack-ng for ethical hacking jobs.

Whatever the case, I’ve done some research and will present a few options that don’t break the bank and should provide you with a quick and easy way to do all the proper packet sniffing you deserve.

TP-Link N150

The first option on this list is the $13.45 TP-Link N150 dongle. A small USB device that sports a detachable antenna, it should get the job done if you prefer portability over power. This device uses the Atheros AR9271 chipset, which is known to work smoothly in Kali Linux (and probably most other distros).

USB Rt3070

The cheapest USB adapter, at a paltry $11.99, is the generic USB Rt3070, another dongle style device that is also the smallest you will find here. With similar specs as the TP-Link device, this one is even easier to conceal, and probably won’t raise any suspicions if you have it plugged into your laptop in a crowded place. While not the most powerful device by any means, if you are near the router you want to connect to, it shouldn’t be a problem.

Alfa AWUS051NH

Taking a big step up in everything, including features, power, and profile, we have the Alfa AWUS051NH. This one has been sitting on my Amazon wishlist for quite a while, and I think it’s about time I pick it up. It even has a holster with suction cups to stick to a window, and it will pick signals up from long range.

If you are needing to physically stay away from the target you are testing, while still being able to test it, try this sucker.

Alfa AWUS036NHA

Lastly, we have another Alfa device, both of which get really good reviews for Kali Linux in particular. At only $6 more than the AWUS051NH, the Alfa AWUS036NHA looks cooler and has a boost in power to let it pick up signals from even farther away. It also comes with the holster and suction cups for the windows of your vehicle, office, or home. According to its description, what sets it apart is the “High Transmitter Power of 28dBm – for Long-Rang and High Gain Wi-Fi.”

 

Are there others?

Have you tried any of these? What did you think? Know of any others that do a good job?

Future Of Disaster: How Tech Can Improve Humanitarian Response

The world is plagued by disaster on a daily basis, whether it be man made or a force of nature. But just like it has done with so many other areas of human existence, the advancements in technology could allow us to drastically improve our prevention methods and response efforts when it comes to the horrible topic of disaster.

Of course, no one can guess what the future entails, but that doesn’t mean we can’t make educated predictions. As such, we have compiled a list of ways in which we believe the next generation of technology may improve this area of life.

An Increase In Funding

As it stands today, we spend around $25 billion annually on providing assistance to those people that have been drastically affected by natural disasters and wars. That figure is spent by the international community as a collective. Of course, it is impossible to put a figure down when it comes to helping those that urgently require life-saving assistance, however, the United Nations strongly believes that an additional $15 billion a year is needed as a matter of urgency. The additional funding would be spent on much-needed technological advancements in the area of Artificial Intelligence and Robotics, both of which would improve our ability to offer humanitarian existence in the three most important ways possible; time-effective, cost-efficient and higher survival rate.

Self-Sufficiency Is Needed

At the moment we operate under a top-down approach, which is something that humanitarian organisations the world over have voiced their concern over, and this voice is finally being heard. As such, we are hopeful that the future of humanitarian assistance will see a complete reversal whereby technology will be made available to the beneficiaries that need it. This isn’t so much about getting technophobes into tech; it is about getting those who don’t even know about the latest tech advancements proficient in using it. This will not only enable them to have a say in their survival when the time comes, it will also provide them with the tools to better organise themselves instead of relying solely on rescue teams and humanitarian organisations. Obviously, this is a change that is needed immediately but, as with everything that operates under a bureaucratic system, who knows how long it could take for this switch to take place.

Prevent Not Aid

There has been a drastic shift in the way technology aims to deal with natural disasters, with more and more advancements focussing on the need to prevent and limit the damage as opposed to assisting when it is too late. On the flooding side of things, HEC-RAS modelling programs are the leading light, able to monitor the hydraulics of natural water flow, evaluate floodway encroachments, modify channels and provide dam breach analysis to name just a few. By sharing and using this data we will be able to prevent the damage of all sorts of natural flooding. Earthquakes are another area where technology is making huge improvements on all fronts. Levitating foundations, shock absorbers, shut down systems on high-speed transport, pendulum power and replaceable fuses. Pointing the focus on technology in this direction is one of the most important variables when it comes to reducing the damage of natural disaster inflicted on human-lives.

Data Sharing Improvements

The one thing technology repeatedly manages to do is improve our ability to share information and connect at faster rates, to the extent that most of the things we are able to engage with nowadays are up-to-the-second reports. Even social media has headed that way with its live video function, something that may be able to improve response times if used wisely. For example, by having a live video function we are able to put the beneficiaries of a natural disaster, or even a war, in the driving seat a bit more by allowing them to provide response efforts to see real-time data. Sharing data gives us is improved efficiency. The big issue that is crippling this progress, however, is the lack of collaboration. We have the technology to allow us to improve our efforts, but we need to be more comfortable with sharing the information we have gathered with other humanitarian organisations, something that needs to be tackled on a political level as much as anything. Technology holds much of the key, but it still requires someone to turn it.

Improved Security Protocols

This links with the point above, which is what makes it such an important area for the future of technology in the area of humanitarian response. The world is not a wish-making factory full of nothing but rainbows, roses and unicorns that smell of Nutella. No. The world is full of dangers and one of the most prolific areas in that respect is data. You see, data can be – and is – used to harm people, and the data collected by humanitarian organisations involves some of the most vulnerable people on the planet where threat models are rife. As such, there needs to be an increased focus on data security and end-to-end encryption. Serious security protocols are absolutely necessary in order to protect the vulnerable, while also encouraging an economy of sharing among organisations.

Money Moving Needs

One area that technology has had a massive improvement in assisting those in need of assistance in with moving money. Nothing in this world is free and the cost of humanitarian response and assistance can be extremely high, not to mention being able to support those individuals that have lost everything. So our ability to now move money to those places that need it and offer a relief package of cash is something that is commonly cited by relied aids as extremely beneficial. There is always room for improvement, we know that, but electronic payments have made it so that money gets to those people who need it in a timely fashion, at cost-effective rates and securely. The last point is of crucial importance. Good work, technology.

Technology Used Properly

This is something that we need to focus on more as a collective unit because no matter how fast we can come up with the next advancement of tech if we don’t know how to effectively use it then we aren’t moving forward as fast as we can. That isn’t the only area of concern, though. The other area we need to really concentrate our focus is improved clarity. We need to be clear on what technology we are using, why we are using it and what outcome we hope it will have. We need to amalgamate the tool with the problem. Let’s take the latest craze in technology, which is undeniably the rise of drones. There is absolutely no denying that these bits of kit can be essential when it comes to assessing the situation of a natural disaster and knowing exactly what a response team is faced with. However, they can only solve-problems and do so efficiently if they are used to the best of their ability, and that means using them to complement the other assessment tools available, while also having a clear idea of what data you require to do a better job.

Social Media Favoritism

There is no denying the good that has come out of social media when it comes to humanitarian needs. This is largely to do with the fact so many people around the world are familiar with the way in which social media works. As such, a lot of communities have been able to hold agencies to account, highlighting problems that have arisen and casting a light on where money is being spent. We have seen this with those that have been relocated from war torn countries and into sub-standard refugee camps where conditions are no better. The problem is seeing the big picture. A lot of people, millions and millions, do not have access to social media or any such technology and so it is increasingly easy to forget about them. That is where social media can have a hugely adverse effect on what we are trying to achieve as an international community in the hope of aiding those that need it most. We run the risk of forgetting those that are more vulnerable than everyone else. This is something that emergency agencies will surely start to understand more and more.

Better Prepared Organisations

A few times throughout this article, we have mentioned that technology on its own is not enough and that we need to focus on the organisations and individuals using it too. That requires an ongoing solution whereby we are able to train organisations and local response teams in a way that we reshape assistance methods and bring them up to date. Technology is a huge part of improving our ability to help those affected by war and natural disaster, but it is far from being the entire solution. It is just a cog, and without being able to educate those that are using it we will continue to be faced with a situation whereby tech is only as good, bad, neutral, misused or misguided as those that are in control. This is something that will surely see much more proactivity in the coming years. Luckily, technology has improved the way we learn as much as anything and these advancements in teaching could be the answer to better use of the tech itself.