Category Archives: Class

Raspberry Pi projects

Back in May and June, I did a project for school with 6 Raspberry Pis to build a WIDs. It went good. I wrote an article, I’m waiting to hear back if it’ll get published.

After the project, I had 6 Raspberry Pis kicking around. I have a project I want to work on, that could lead to another article. I just need to build my skills up to that first.

To get there, I wanted to build an Onion Pi. This will tie in to another project I’m working on. As some of you know I’m a fan of The Onion Router (TOR), especially when I’m doing Intelligence related research. The Onion Pi would be a good thing to have in the bag of tricks.

To get the Onion Pi working, I needed to go through the Adafruit Wifi Access Point. This is the second time I build an AP. This one is just a little different than last time. This time instead of an Edimax wireless card, I went with one of my TP Link TL-WN722Ns. I wanted the external antenna. I was using the 2014-09-09_wheezy_raspbian image.

Hostapd didn’t work right. It kept throwing errors on start about nl80211 not being a known driver. I had to build hostapd from source, which needed to have libssl-dev and libnl-1.1 installed, to get hostpad to build right. Then I needed to copy my built version into the right place.

I also had problems with isc-dhcp-server and tor starting. It looks like wlan0 isn’t starting properly. I’ll have to troubleshoot it more later. Adafruit has a comment about disabling wpa_supplicant. I don’t know if that will fix the problem though. I’ll follow up after.

New Semester

Haven’t written in a while. I’m still waiting to hear back on a project, before I can write about it here.

This term I’m taking Ethical Hacking, Network Forensics, and Elementary Statistics.

Each of those deserve a post on their own. Because of Ethical Hacking, I got the latest version of “The Basics of Penetration Testing and Hacking”:. Turns out I had half the books for Network Forensics already (the other one was on my wishlist), so that’s a bonus too.

We won’t talk about Stats, I have nothing nice to say about it.

If all goes right, I should be done with undergrad in December.

using 1000 mA to power Raspberry Pi and TL-WN722N

I’m working on a project using the Raspberry Pi. The requirement was that I use the TP-LINK TL-WN722N, actually I just needed a wireless adapter with an external antenna. When I found the TL-WN722N on Amazon, the reviews said people were having no problems plugging the device straight in to the Raspberry Pi.

While researching things today, I came across this penetration testing article by Cyber Arms. There, and several places on the Raspberry Pi forums it said that people needed to use 2.1 amp usb chargers. The others wouldn’t do what was needed with the Pi, and the wireless adapter plugged in. So I went out and got 3, 2.1 amp plugs, when I bought extra Raspberry Pi units.

I’ve done some testing with the power cables I got last time. the standard 5v, 1000 mA (1 amp) ones, and it ran the plug for the wireless keyboard remote (small keyobard) and the wireless adapter, with no problem.

Here is the one I got, it’s made in China, and sold via MCM. Sorry about the flash on the photo, but that was the best one I got after 10 tries.

20140620_231412 20140620_232347

I’ve been busy again:

I know I haven’t written here lately, and I’m not getting in the number of blog posts I want per week. However I’ve been busy with school and projects. I only have time right now, because I can only run 1 Raspberry Pi (of 6) at a time (right now), and the first one is going through Kali’s apt-get upgrade. Man talk about not the fastest. Going to clone that drive and copy to other flash drives.

Currently, I’m working on a project for my independent study at Eastern Michigan University. The project and documents have to be turned in by Monday night, so I’ll talk about that after I get the stuff done.

The Eastern Michigan Campus Crime Project turned out really well. My team and I presented on it at Circle City Con in Indianapolis.  What I thought was going to be a simple 4 week project will probably take the rest of the year to complete. That’s with 4 of us working on it. There is some more interest on campus and suggestions on how to move this forward. I’ve got a really good team, and I’m really proud to have worked with them on the project.

I also dug out, and updated (slightly) my Human Trafficking talk. I’m a little wary of posting that one. Goes against my OPSEC views, but the presentation is important enough. I will say this, things have changed in a year+ since I stopped working on it. Got some good books to go with it too, I’ll get reviews of them up eventually.

There will be another book review up over the weekend (probably Sunday) as well.

It’s All Source Intelligence, not just osint

I keep forgetting, that my university teaches All Source Intelligence Analysis, not just  Open Source, but it is easy to forget when OSINT so prevalent. The school’s classes, and the IASA club does do others.

Yes we do lots of OSINT, and Social Media / Cyber Intelligence looking at the social media sites, ip address related tools, and the logs of the servers. However, we also use other for Cyber Intelligence to see what’s going on, on the servers. We use the logs, the open connections, what’s odd.

We do use tools to track wireless signals, mostly for wifi, but there are a few people at the school, in the IA program looking at more than just wifi. They even ran a Fox Hunt (hid a radio and had people go find it). We use packet captures on networks and on servers to see what is going on, on the wire.

We do Human Intelligence probably the most without realizing it. Any time we have to interact with someone, usually as a customer on the phone. We have to elicit the information needed from them. There is lots of cruft to discard to get the data we need, but we can’t fix their issues until we do. We don’t have to be help desk to get that level. Sure we’re not turning people, to help us spy on things, but it’s still getting the info, finding what is realization via analysis, and then having and end “product”.

I know I’ve used Google Earth to find information, by looking at the images, and building out from there. Where I want to live, aerial views of crime locations, working with a team to plot those locations.

Ok, so I can’t think of anything where MASINT comes in to play, at least not off the top of my head, but I’m sure there is something. I’m sure that mapping out nuclear bomb blast radius for Disaster Recovery at work does not count. Don’t ask, but like I said, I’m pretty sure it didn’t count. I didn’t do measurements and used someone else’s tools on the web which just overlaid on Google Maps. I don’t have a way to test and validate, well I guess I could doing OSINT at a library, and then mapping by hand once I understood the bomb blasts radius.

I must remember, the degree program taught me things that I don’t think about daily too.

Crime Profiling Project

For the last several weeks, I’ve been working with three other students from Eastern Michigan University’s Information Assurance program researching and mapping the Campus’ Crime Stats. If people take the time to look, they can find a map of the last 60 days and the daily crime logs for the last 60 days. We’re looking beyond those, but it’s interesting none the less.

Continue reading

Credibility and Critical Thinking

One of the classes I’m taking for my General Education requirements is Psychology. It has a 1 credit hour lab, which is separate from the lecture class. The very first night of class in the Lab, the professor went over Credibility and Critical thinking.

This week we talked about Facial Emotions and Goal Driven Imagery. He stated up front that he didn’t like either topic and was going to push through them as quick as he could. Which is fine if you’re a professor and don’t like the topics. Even if you admit that you use one in your daily clinical work.

So on the Facial Emotion (and on body language) he was talking about how it was bunk, and when we started talking about the work of Paul Ekman, the professor started going off about how Ekman was recently completely discredited, proven to be a fraud, etc. Now I have a couple of Ekman’s books, and I’ve skimmed them. So I asked the professor what research hew as talking about. To which he destroyed his credibility by saying he wasn’t sure.

Enter twitter: I asked @humanhacker (Chris Hadnagy) about it. He provided quick background (after a little prodding) to @PaulEkman’s public reply. The reply also links to the original article. Which is both interesting stuff.

However, my point is, if you’re an “authority” figure by being a professor, and you don’t agree with a branch of your industry, don’t show your bias and take glee in saying it’s been debunked, while not having the proof to back it up. Your first night told us to question you on that stuff. Don’t be surprised when there is a non-psych major willing to call you on it, and be able to quote your sources.

Research Project I’m trying to get off the ground

There is a project idea I’ve had for a few months now, tracking what happens to credit and debit cards that get posted to twitter. People are posting pictures of their cards to twitter. If I had to guess, because they are excited, want to show off, and think only their friends can read it.

Continue reading

One more post on Open Source Tools and DF in court.

Email from the professor this morning (Emphasis added by professor):

We also had some discussion regarding tool acceptance in court.  I wanted to provide some additional detail on this.  Remember its the testimony of the witness that is being accepted.  *Disclaimer I am not an attorney* Rule 702 of the Federal Rules of Evidence (FRE) say the following:

Rule 702. A witness who is qualified as an expert by knowledge, skill, experience, training, or education may testify in the form of an opinion or otherwise if:

(a) the expert’s scientific, technical, or other specialized knowledge will help the trier of fact to understand the evidence or to determine a fact in issue;

(b) the testimony is based on sufficient facts or data;

(c) the testimony is the product of reliable principles and methods; and

(d) the expert has reliably applied the principles and methods to the facts of the case.

END RULE 702

While several FRE rules discuss acceptance of evidence (Rules 401-404) and testimony( Article VI  and Article VII) 702 explains much. …  Michigan’s Rules of Evidence follows the FRE closely.

a little less confused now.

So, I went and looked things up on my own, in regards to my last post about being a little confused on Digital Forensics and Open Source Tools. Like usual, Google is your friend.

The search term I used was: “digital forensics open source tools court approved”, without the quotes. Which returned this page: https://www.google.com/search?q=digital+forensics+open+source+tools+court+approved

I think the best line out of everything I read was:

Saying that one tool is court approved and another is not, is like saying you can take crime scene photos with a Nikon, but not a Kodak. It’s just silly, and it’s a myth perpetuated by those who seek to benefit from the existence of such a rumor.

The Digital Standard
That really does make sense. When you think about it, it is the person on the stand and their testimony that is being checked. Yes, methodology and procedure go with the testimony but why would one tool matter, as long as it gets the same results as the expert from the other side. Does it have to have all the fancy bells and whistles, or does it just have to get the job done?

One thing that has bothered me about the “No open source tools” argument is that DD for raw disk copies is acceptable. Most of the other tools doe the same work and then add compression or other bells and whistles, but really are based off it. So why is it O.K. to use some of the tools but not all.