So, the company I was working for needed to shrink in size significantly, and I was one of those identified to be released from my position. While this may seem to be a devastating event to most, I see it as a gift and opportunity! It has given me the ability to push forward with my side-business activities; specifically teaching Information System Security in the form of boot camps for ISSMP, CISSP, SSCP, Security+ and of course advanced penetration testing courses.
It is a rare opportunity that my old employee is giving me, and one that I intend to take full advantage of over the next year. I am so excited to see what the future brings!
I’ll be attending and speaking at CSI2009 this week. Flying into DC tomorrow morning, talking Tuesday night (Axis of Darkness), and heading home Thursday. If anyone is going to be there and is interested in chatting over a beer, hit me up on twitter: @thomas_wilhelm
A couple weeks ago, I went out of town for an extended stay. Being the technophile that I am, I naturally brought multiple laptops, cables, memory sticks, a power strip, a wireless router, and much, much more. Getting through airport security was a nightmare because of the bulk. As a result, I decided I wanted to reduce my load and, at the same time, have the flexibility to keep hacking.
I know that there has been a lot of virtual pages dedicated to minimalism surrounding computer gear, especially when related to traveling. In order to deviate from that discourse, I have found it necessary to quantify my needs and goals a bit different than others. ..
My goal is to: identify those items that are useful in conducting a professional penetration test on the road, and then find a way to minimize the weight and volume of equipment.
Some additional constraints on the project was that I could not assume access to a power source or the Internet. I also added in the difficult task of anonymity, which immediately eliminated cell phone and Internet EVDO cards (we’re looking into data tethering on pay-as-you-go phones, assuming we can do so without revealing our identity).
Me and some friends did some (very quick) brainstorming, and came up with the following list:
VMware and a Linux Distro (probably BackTrack again)
Digital Documents
TBD
Internet Access
The problem of Internet access can be somewhat mitigated through the use of open access wifi, but that does restrict mobility to metropolitan areas. I have an ulterior desire to be able to use this setup when camping, but until there is a way identified that will permit access to the Internet within the constraints of this project, the use of wifi points becomes a necessity.
Power
Keeping the laptop charged is a different problem. I have included a solar power kit in the list to provide a method of charging the netbook and iTouch charged when power is absolutely unavailable. Within a metropolitan area, power isn’t as much of an issue, since coffee shops and some restaurants have outlet access; one of my favorite sources of power is a mall, which often have benches near power outlets in the center of the halls (for kiosks that need power).
iPod Touch
The inclusion of the Touch has been debated as to its value in the list. The disadvantage to the Touch is the cost, additional power demands, and need to bring an additional cable (at a minimum). There is also an expectation that the Touch will be jailbroken, in order to extend the tools available and to provide access to the underlying operating system. The need to jailbreak the Touch is also considered a disadvantage; it has also been argued that a jailbroken phone could provide almost the same functionality as a netbook.
My desire to include the Touch is to provide a quick method of wifi detection/connection and Internet access for those times when breaking out the netbook is less than ideal (especially in social-engineering situations).
Other Thoughts
Disk encryption - In the future, I will look into full disk encryption of the netbook’s hard drive.
Extension Cord & Surge Protector - the Eee PC does not require a ground. I also use an AC/USB power adapter and a Linksys mobile router on occasion that also does not require a ground. Depending on the power source, a non-grounded extension cord will provide me with multiple outlets for all of my devices, should I decide to include them. An optional Dynex 3-outlet surge protector can be included in the kit.
Clothing - While clothing may be considered outside the scope of a Hacker BOB, the inclusion of gloves may be appropriate, depending on the circumstances.
External Antenna - Up for inclusion is a “pringles can” antenna and USB wireless card which can accept the antenna cable. The arguments against it is the size, but the utility of having the antenna may definitely outweigh the bulk issue. Another possibility is a long-range USB WiFi adapter, such as Wi-Fire.
Follow-ups
To determine the effectiveness of this list, I will attempt to restrict my personal computer use to the aforementioned kit for things other than work. Updates to this project will be included in this post.
Normally, I am a very private person when it comes to my personal life. However, something that happened five years ago will soon become known to millions of people across the United States… I saved a life.
On Tuesday, I was flown to Illinois so I could meet a very special woman, Joey Stott. Wife and mother, five years ago Joey had been diagnosed with Leukemia. In the end, her only option was to find an anonymous marrow donor, who eventually was myself. The process of extracting the marrow was straightforward, and the marrow transfusion worked… so far. She has continued to struggle to stay alive, since a marrow transfusion is never a sure thing. However, other than having a new blood type and all my allergy problems (sorry, Joey), she seems to have resumed her life… until recently. She had a setback with an electrical house fire, and was in very dire circumstances for many months. But all that is changing.
I received a phone call from Extreme Makeover: Home Edition asking if I would join them in providing Joey Stott and her family with a better future by rebuilding her home. Without any hesitation, I volunteered to be a part of the show. We are only three days into construction, and I have to state I am overwhelmingly amazed as to the progress on the house and the community outpouring of support for the Stott family. Yes… I am on camera… yes, I have met the designers and Ty. However, that isn’t why I joined up in this endeavor. Joey and her family have gone through some very difficult times, and although their situation is special, it is not unique. I am hoping that when this episode airs on television, more people will be aware of the National Marrow Donor Program, and how easy it is to save a life and keep a family together.
I understand that my donation has had a huge impact on Joey and her family. However, I feel that I am a small cog in a much larger machine; without the doctors and nurses involved, and without the selflessness of the donors, thousands more would die every year. Unfortunately, there are still thousands who die every year because they cannot find a genetic match.
I will be participating in the National Marrow Donor Program “Be the Match” drive here in Lena, Illinois today, in hope that word spreads locally. I am participating in Extreme Makeover: Home Edition in hope that word spreads nationally. Let’s hope that another life will be saved as a result.
Apparently my article on the De-ICE Pentest LiveCDs was selected for inclusion in Hakin9 magazine’s “Best of” edition, now in bookstores. The funny part of all this was that I had no idea. In fact, I had quickly browsed through the magazine multiple times before actually looking at the table of contents.
I’m quite excited that I was selected for such an issue, and hope to write more for the magazine.
I received notice today that I have been selected to speak at DefCon 17 this year. This will be the third time in as many years that I have spoken at DefCon. Strangely, I’m more excited about this year than I have in the past, partially because my youngest daughter (age 9) will be attending for the first time.
Ok, here’s a bit more… (notice the move from Slax to Debian)
Quote:
The Remote Exploit Development Team is happy to announce the release
of BackTrack 4 Beta.
We have taken huge conceptual leaps with BackTrack 4, and have some
new and exciting features.
The most significant of these changes is our expansion from the realm
of a Pentesting LiveCD towards a full blown “Distribution”.
Now based on Debian core packages and utilizing the Ubuntu software
repositories, BackTrack 4 can be upgraded in case of update. When
syncing with our BackTrack repositories, you will regularly get
security tool updates soon after they are released.
Some of the new features include:
* Kernel 2.6.28.1 with better hardware support.
* Native support for Pico e12 and e16 cards is now fully
functional, making BackTrack the first pentesting distro to fully
utilize these awesome tiny machines.
* Support for PXE Boot - Boot BackTrack over the network with PXE
supported cards!
* SAINT EXPLOIT - kindly provided by SAINT corporation for our
users with a limited number of free IPs.
* MALTEGO - The guys over at Paterva did outstanding work with
Maltego 2.0.2 - which is featured in BackTrack as a community edition.
* The latest mac80211 wireless injection patches are applied, with
several custom patches for rtl8187 injection speed enhancements.
Wireless injection support has never been so broad and functional.
* Unicornscan - Fully functional with postgres logging support and
a web front end.
* RFID support
* Pyrit CUDA support…
* New and updated tools - the list is endless!
With all these changes, PLUS the usual goodies and surprises we have
in BackTrack, we are truly excited about this new release.
We consider the Beta to be stable and usable. Some tools were kept
back from this version, and will be soon added to the repositories.
I have to admit I’m a big fan of William Gibson. For those who have never read any of his novels (yeah, I know… look at who I’m talking to… we’ve ALL read his stuff), he often describes the Matrix (our Internet) as a very hostile place. In his dystopia, global companies competed with each other, and that competition extended into the digital world - where life was risked and the result of a misstep was death.
It is because of this I am fascinated by news stories where countries attack other countries. The latest news takes us back to the philisophical and territorial conflict between Russia and Kyrgystan. There have been three successful attacks by Russia against neighboring countries, with the latest occuring this month. Rumor has it that the Russian government has paid for these attacks, or conducted them themselves. Regardless who is behind it, these attacks could easily be capable of destroying economies if conducted for any length of time.
I’ve always felt that the Internet was probably the best example of how Anarchism could function in modern society; and these types of attacks demonstrate the inability to regulate the Internet and “making it safe.” Can we expect larger and more comprehensive attacks? Absolutely - that is a big fear in the United States; an organized group could attack the U.S.infrastructure and military, and cripple the country.
These types of attacks will continue, and as long as I’m on the sidelines and unaffected, I will watch with anticipation to see where all this leads; whether it is what has been described by Gibson, or worse. Regardless, the more advanced countries and groups become, the quicker they will turn to cyberspace to launch their attacks.
I had the need to look up NSA’s Rainbow Series today. For those who don’t know, this is a series of books used to help evaluate “Trusted Computer Systems.” The name was derived from the fact each book had a different color cover. The book most often referenced is the Orange Book, which focuses on Configuration Management. If you would like to virtually touch history, swing over to http://www.fas.org/irp/nsa/rainbow.htm and read some of the books. And if by some chance you have a stack of these laying around you want to get rid of, I’d love to take them off your hands.
