Skip to main content

Posts

3 The Three Questions: Do you think you speak pretentiously?

The Three Questions Question 1 of 3 This is a series of blog posts based on questions I asked my peers and strangers starting summer 2020. I created these questions with Brock and Arvin one day through a string of conversations, and I've been obsessed with them ever since. First Question. Do you think you speak pretentiously? Do you think I speak pretentiously? Once when asking this question to an admired graduate student, he responded, "the word 'pretentiously' is pretentious." I was absolutely floored. First, I have asked this question to at least 60 different people at this point, and that's the first time someone's made that remark. Next, that I wouldn't at all considered the word "pretentiously" pretentious at all. Fuck. The question isn't designed to reach the entire audience of people I want it to reach. The problem with pretentious language is that it's not accessible. I can understand the usefulness of, at times, sounding pre
Recent posts

PSA: Free 24/7 Crisis Help

Practicing the DFIR basics with the Digital Forensics Workbook

Digital Forensics is not a passively learned discipline. Unfortunately, many practitioners are a part of "push button" forensics, which is a necessary evil in some instances to process a high amount of cases.  My favorite introduction into immediately working with digital forensics in the Digital Forensics Workbook by Michael K Robinson .  This book was published in 2015. Many of the activities are still valid, but some of them no longer work or are no longer valid due to technological change. I would still use this workbook to teach and find 80+% still usable. I applaud Michael Robinson for writing the book that we needed in digital forensics and I hope that he produces a new one in the coming years.  A complaint I've received from students is that this workbook is very Windows focused. Some do not want to bother with making these exercises work on an operating system that allows them to claim superiority over each other. I do not believe Michael intended his readers to

How I manage my writing anxiety

There are many reasons someone might be unable to write (blogs, reports, papers, etc) even when they feel the direct motivation to do so. For some, anxiety produces doubts about the writing process which causes a response of inaction to avoid the stress of writing. Other can struggle with the executive dysfunction  that comes with ADD/ADHD, stress, depression, and mental health concerns. I'm not really able to speak further on the why your brain just won't let you do stuff, but I can share the coping mechanisms I found that help me write.  1. Do not strictly hold yourself to content-based goals It's very intimidating to say "I need to write this paper today" or "I need to upload content today". Now, if you don't mange to finish the paper or post, you've automatically failed. There may be many reasons why the quality of your work produces more or less content each day, so this may be an unrealistic goal to try to control for in saying "I will

Don't use that APK site!

  A whileback, Brock and I were impatiently waiting for WiGLE's beta app update. It was was WiGLE just added bluetooth to their platform and it was a big move for us (was that like, 2 years ago?). I went to get the app from WiGLE, but Brock simply google'd the app and downloaded it. I was unsure how this page was already a google result, and he showed me he downloaded it from another apk site. When I objected, he didn't understand. I explained the dangers Rogue Apps present, but also, I then downloaded it anyway to see if my concerns were justified on an old-lab-phone.  Rogue applications are those which are not created and published by the developer. In general, rogue apps are an Android centered issues (and FireOS - ketchup; fancy ketchup). Back in 2018, RSA published a white paper in which 28% of online fraud were rogue apps , and has seen a 300% surge in 2019.  Before discussing what's wrong with rogue apps, let's use an example: Instagram's legitimate And

Can you hack a security checkpoint metal detector? Yeah, we already did.

To get straight to the point - walkthrough metal detectors are a security technology to attempt to detect and thus remove weapons and dangerous items from individuals to make a safe space. What if they were much more fallible than expected?  I'm not here to fear-monger either - these problems are preventable with proper use and changed in guidelines. Like many security controls, their exploitation is commonly due to those who implement and monitor them. However, in order to create these changes, more proof-of-concepts and solutions need to be tested. We already have a few to start.  The walkthrough metal detector (WTMD) research was not my original idea. It started out of research projects from  PHSI  and another Garrett 6500i was donated to our lab. This machine was not ours and we did not have permission to modify or conduct digital attacks on the detector. We were supposed to use physical modifications to hide or modify the results of the screening.  One colleague in particular

Shipment 1 of 2 - The new WTMD journey.

Hey - here's part of my new metal detector.  The two top panels and the base for the side arms   The back of the control unit and the front of the control panel This post is going to be fairly short, as I only have half of the machine. When I receive the uprights and re-assemble the machine, you'll get a much better idea of the WTMD's function. While were are here, notice the gap in the main unit? There's something else I'm going to put there, so stay tuned. Additionally, I'm going to open up the main unit next to check to make sure there isn't anything extra inside.  Notice the lock on the control panel? The purpose is to have a physical lock to prevent tampering with the controls, and originally when [hacker-dad] received the WTMD it was locked in the disabled position. I remarked how I was hoping he'd find the key, and he picked it open with ease instead.  He played around with the device for a few days before sending it my way, so it was in working o

Sentero - a cyborg orientation smart device

Sentero , my next biohacking device.  Previously I backed the North Sense , a creation by Cyborg Nest. The only difficulty with the North Sense was the mounting system, and thus I could never fully adopt the device. The North Sense was intented to give the owner directional north sense, and did so by using a vibrating device which was held by two surfaces piercings under the collarbone. This mounting system was pretty difficult. While I understand the hesitation to move to something more like a wearable, I'm very glad to not have the painful mounting process.  Here's what the Sentero's use as a single user (there are dual user features too) Definitely check out the Indiegogo project . Here you can find all the information about the Sentero and its development process. I've backed the project and hope that more biohackers will do the same and try it out. Once I get the device, I'll make sure to update about my experience and hopefully will gain some kind of new sense

Why I really want a walkthrough metal detector

So if you saw my GrrCon 2019 talk , you know that I've been looking for a walkthrough metal detector. I will be working a summer position that will pay me enough to purchase a walkthrough metal detector. Currently, I have a Twitter poll  asking if this was a good idea.  What are you going to do with the metal detector? I used to have access to a walkthrough metal detector (WTMD) through my research lab. My friend Katie and I nicknamed the metal detector Mr. Den City. I had access to the WTMD but of course, within limits. We made certain agreements with those we borrowed the detector from, and it technically wasn't ours, but our leader's. Still, I have some POCs which demonstrated interference and modification of WTMD results, and I want to recreate, improve, and document these findings.  Is there a specific walkthrough metal detector that you need? I'm looking for a Garrett 6500i or another model in that family. I'm also looking for the networking modules for the