Something that bothers me, and I often comment about during my presentations is the media’s portrayal of a “hacker”. Hackers are shown as someone wearing gloves and a ski mask on a computer. I know that this is for effect to show criminal activity, but the issue here is that these sort of ideas stick … More Spotting the Social Engineer
Thanks for those who reached out afterwards, asking more information about project management and other items we discussed at our Wellness Village talk at DerbyCon this year! Also, HUGE thanks to Amanda Berlin for letting us speak, and for creating the Wellness Village. Hopefully it will become a regular part of the conference. After a … More DerbyCon 8 – Wellness Village Talk
For those who travel and want to protect from the Under-the-Door tool, there is a very quick, and simple way to do so. First, if you’re not familiar with the Under-the-Door (UtDT), it’s a device that fits between the physical gap at the bottom of doors, is then rotated upwards, grasps the lever-style door handle, … More Protecting from the Under-the-Door Tool
Just for fun, I decided to make a few crash bar (J tool) bypass tools to hand out at DEF CON 26. They are made with weldable wire, and some heat shrink for the grip, and to help prevent scratching. Also, for the sake of size, I decided to create a very small hook that … More Crash Bar Bypass Tools for DEF CON 26
Found some awesome write-ups from Alex Dib regarding building your own RFID cloner and a useful Proxmark3 cheat sheet, and wanted to share! Proxmark3 Cheat Sheet Great cheat sheet for those using the Proxmark3 software. https://scund00r.com/all/rfid/2018/06/05/proxmark-cheatsheet.html RFID Thief v2.0 Very detailed write-up for building your own long-range RFID cloner. https://scund00r.com/all/rfid/tutorial/2018/07/12/rfid-theif-v2.html
Here are some presentations that I made for “Who’s Slide Is It Anyway”, “Slideshow Karaoke”, “Slideshow Roulette”, or whatever else you want to call it. They are pretty random, and a fun play on popular topics and buzzwords within the #InfoSec community. They are meant to be fun and technically inaccurate on purpose, and in … More Who’s Slide Is It Anyway
While working on a two-week long engagement with a client, we had built enough rapport to joke openly, and be ourselves (which is a scary thought). Through this, I had started teasing him about his departments “security awareness” posters. These things were so cheesy. So, at the end of the two weeks, as we were … More Vintage Security Awareness Posters
Make an Incomplete Nmap Scan .xml File Usable for Rawr and Other Applications That Accept .csv File-types This is a very non-technical how-to for newcomers who have found themselves in a situation where for some reason or another, their Nmap scan wasn’t able to complete. This can be a problem when you were planning on feeding … More Make an Incomplete Nmap .xml File Usable Again
Recently, I performed a physical assessment against a large hospital. There are several gaps that were discovered, but I will not cover those in this post. With the high level of traffic in an environment like a hospital with many employee types, patients, vendors, volunteers, etc., it’s common for many people to be in/out of … More Physical Assessments Against Hospitals
Resource to flash the Proxmark3 from the standard HF mode, to LF mode: https://legacysecuritygroup.com/index.php/projects/categories/9-rfid/7-proxmark-3-emulating-hid-tags-in-standalone-mode WINDOWS Download the github proxmark3 standalone LF emulator Master by Corey Harding —https://github.com/exploitagency/github-proxmark3-standalone-lf-emulator Run Easy Flash Utility for Windows .bat This tool is handy for reflashing your Proxmark3 for whatever you need it for Reference: https://www.youtube.com/watch?v=06DgTuJcMQ8 Plug in your Proxmark3 and … More Proxmark3 Resources
