Over the last two weeks I’ve seen some stuff shared publicly in Threat Intelligence Platforms, that really shouldn’t have been. The data wasn’t valid, at the time of sharing.
Last talk I have, I expected audience participation, because I asked for it. I failed the audience. I know how to improve the talk for last time.
What was my bias that lead to me failing the audience? I’m used to participation being part of my grade, and having to participate. Others in classes were the same way. Yes we had some that barely participated. But usually half the class did.
Because that’s what I was used to in college class setting, that’s what I expected at a conference talk. The result was I failed my audience with expectations that I shouldn’t have put on them.
So my last post I was fighting the Raspberry Pi 2, with Kali Linux 2.0.1, when it came to starting kistmet_drone on boot. Ian had a work around, but it wasn’t what I wanted. I wanted the built in tools to do their job. Well it turns out it’s a SystemD problem. I spent probably about 12 hours bashing my head against it, making changes and trying things.
Finally, I got smart with my Google searching, and found a slightly better way, but still didn’t want to call an external shell script. Then I spent time smacking my head on the desk. SSHD works, and starts by systemd, why not look at it’s config. Seriously the better you are at something, the less you think of the simple answers that made you good to start with.
2 new lines. One made SystemD wait until after networking was up. The second was a strange sshd -D option. man ssh. Oh doesn’t run ssh as a daemon…
remove –daemonize from Kismet… It worked.
Description=Kismet Drone Daemon
Now to get everything ready before I leave for GrrCon in 17 hours, I’ll be presenting Saturday last I heard.
So I’m using the Raspberry Pi 2 and Kali 2 for this project so far. As I said last time, I had to expand the image to use the full disk. I have a script for that now. I was actually trying to script the whole deployment. These scrips can be found on my WIDS github repository. But fair warning they are still a work in process.
So I tried to do this back in July but got sick. My next talk is at A2Y.asm on Sept 12, and rebuilding all the Pi2 again with Kali 2.0.1. I have litteraly spent most of the day trying to expand the root directory.
There is a tool called rpi-wiggle, that sounded really cool, but it hasn’t been updated in 3 years. It also didn’t work for the pi2 running Kali 2.0.1. After lots of searching, I found a forum post saying talking about it.
After running apt-get install triggerhappy lau5.1 (from Kali repos) and getting the Debian raspi-config file from Debian. It says it worked. I’m waiting for the reboot to know for sure.
And it worked. from console it says it has full space.
Now if I was making anything other than a drone, I’d run apt-get install kali-linux-full to get the whole Kali experience instead of the light version. But I’m making a drone. So here is what needs to be worked on before I start making images:
- install: Kismet, NTP.
- boot to cli instead of gui
- change the root password
- configure kismet
- configure static ip, and daemon mode.
normally I’d disable ipv6, still might. but the ipv4 and ipv6 stacks are working well together right now. In the past they haven’t.
For Bsides, as mentioned earlier, I’m making some changes for the talk.
For Bsides Detroit I’m swapping out the original Raspberry Pi B devices from the project for the Raspberry Pi 2 B.
The first time I did this, with the RPi-B, I made one image got it working and then cloned it to the others. It caused minor problems with the wireless card naming. I also still had to touch them all to change names, static ip addresses, and the kismet configs.
This week there was a new version of Kali out for the Raspberry Pi 2 when I checked. So I downloaded it, patched it and installed the software. Then created the clone image.
I am going to have to touch each one anyway so figure I will just get the one image with the software, and then load each one and configure it.
The last schedule I have seen has me speaking at 4pm on Saturday the 18th at Bsides Detroit.
I know it’s a surprise to me to.
Talk is similar to the one I gave at Circle City Con on Raspberry Pi and Wifi detection.
New this talk: Looking at the clients, email alerts (I hope) and all on Raspberry Pi 2 (again I hope).
Back in May and June, I did a project for school with 6 Raspberry Pis to build a WIDs. It went good. I wrote an article, I’m waiting to hear back if it’ll get published.
After the project, I had 6 Raspberry Pis kicking around. I have a project I want to work on, that could lead to another article. I just need to build my skills up to that first.
To get there, I wanted to build an Onion Pi. This will tie in to another project I’m working on. As some of you know I’m a fan of The Onion Router (TOR), especially when I’m doing Intelligence related research. The Onion Pi would be a good thing to have in the bag of tricks.
To get the Onion Pi working, I needed to go through the Adafruit Wifi Access Point. This is the second time I build an AP. This one is just a little different than last time. This time instead of an Edimax wireless card, I went with one of my TP Link TL-WN722Ns. I wanted the external antenna. I was using the 2014-09-09_wheezy_raspbian image.
Hostapd didn’t work right. It kept throwing errors on start about nl80211 not being a known driver. I had to build hostapd from source, which needed to have libssl-dev and libnl-1.1 installed, to get hostpad to build right. Then I needed to copy my built version into the right place.
I also had problems with isc-dhcp-server and tor starting. It looks like wlan0 isn’t starting properly. I’ll have to troubleshoot it more later. Adafruit has a comment about disabling wpa_supplicant. I don’t know if that will fix the problem though. I’ll follow up after.
I know I haven’t written here lately, and I’m not getting in the number of blog posts I want per week. However I’ve been busy with school and projects. I only have time right now, because I can only run 1 Raspberry Pi (of 6) at a time (right now), and the first one is going through Kali’s apt-get upgrade. Man talk about not the fastest. Going to clone that drive and copy to other flash drives.
Currently, I’m working on a project for my independent study at Eastern Michigan University. The project and documents have to be turned in by Monday night, so I’ll talk about that after I get the stuff done.
The Eastern Michigan Campus Crime Project turned out really well. My team and I presented on it at Circle City Con in Indianapolis. What I thought was going to be a simple 4 week project will probably take the rest of the year to complete. That’s with 4 of us working on it. There is some more interest on campus and suggestions on how to move this forward. I’ve got a really good team, and I’m really proud to have worked with them on the project.
I also dug out, and updated (slightly) my Human Trafficking talk. I’m a little wary of posting that one. Goes against my OPSEC views, but the presentation is important enough. I will say this, things have changed in a year+ since I stopped working on it. Got some good books to go with it too, I’ll get reviews of them up eventually.
There will be another book review up over the weekend (probably Sunday) as well.