June 11, 2015

EMU Gymnastics Club Website

One of my first “professional” website creations. Making the club’s website gave me a solid 4.0 in a college web design class where I reviewed the basics of CSS, Javascript, and HTML5. Fun stuff really. What I learned by doing this project is how important initial design and communication is. Working with a client (in this case, the “client” is my girlfriend a.k.a club President) means that you can’t just look at the website and think “Good enough, ship it”.

May 16, 2015

Automatic Sharing on Facebook and Twitter

How many people do you see every day that are staring infinity into their smartphones? How much would you bet that they are on Facebook or Twitter right now? There are also a lot of people on the internet who write interesting blog posts to people about a lot of cool things… and I am one of those people. There is a wordpress plugin that allows me to share new published posts with friends and followers automatically.

May 15, 2015

Hack a Quadcopter CHEAP!

If you have tinkered with computer hardware projects before, I hope you have checked out hackaday.com. They are a famous website that re-posts about many kinds of hardware hacks. If you have found a new toy you want to customize or want to be inspired by other hackers or makers, hackaday is a great start and I visit the site frequently. Now, me being the “young, easily misguided, and overly willing kid” I was when I read an article titled Hacking a Cheap Toy Quadcopter to Work with an Arduino my first reaction was “Awesome!

May 15, 2015

Developing KORA 3.0

This is a big project I’ve worked on from the beginning when working at Matrix: Center for Digital Humanities & Social Sciences. It’s taking an old platform and revamps it into a modern application. KORA 1.0 was built over the last two decades by non-software developers, I never saw the code personally but I heard horror stories of unorganized pages of code that was thousands of lines long. KORA 2.0 reorganized the code into an Object-Oriented-Programming (OOP) format, Matrix’s system admin (now retired) and students introduced classes and actually made the code readable to developers.

April 19, 2015

Enumeration Part 1

Following my post from two weeks ago about Scanning, enumeration is a Network Hackers next step. Enumeration is when you probe services (that was identified from scanning) for vulnerabilities. Now, up to this point we were able to keep a anonymous veil around us. However, enumeration requires active connections or direct queries to your target, which could be logged or capture and then used against you. Typically you are looking for usernames (that you can use for brute force guessing), email addresses (used for phishing attempts), or misconfigured/outdated systems with known vulnerabilities.

April 17, 2015

Hacking like Saurik

A couple weeks ago I was volunteering at Spartahack, a awesome new hackathon hosted at MSU. One of the guest celebrity judges was Jay Freeman a.k.a. Saurik. If you have ever jailbroken your apple device, you should be thanking Jay because he’s the creator of the jailbroke app store called Cydia. He had a talk at the hackathon where he explained approximately 10 bugs used in apple and andriod phones in the last decade that was found by reverse engineering code.

April 6, 2015

Scanning

One you’ve found a target and it’s time to dig in a little more to find a way in, start with scanning. Try to Follow these steps: Determine if the system alive Try using ping sweeps, nmap offers this with the -sP option ICMP Queries offer a wide range of information about a target Determine which services are running/listening Sending packets to TCP / UDP ports to see what is listening There are a variety of tools, nmap, netcat, and strobe are examples Determine the Operating System Get content info from FTP, HTTP, or others.

April 4, 2015

Footprinting

Footprinting is gathering information about a target before attempting to hack them. There are a few ways to do it but the important part is getting the right details, What kind of servers are in use, What kind of operating system is in use, What is the deployment and version control systems in place… Things like these will lead you to what vulnerabilities to use to get into the system

March 31, 2015

Defend your website against SQL injection and XXS

Hey everyone, so at work we’ve had a couple vulnerabilities pop up so I was privileged with writing this up and I wanted to share it with you. I hope you find it interesting! Sorry it’s such a long read. There’s two parts, one for SQL injection and one for Cross Site Scripting. SQL Injection Check out SQL injection on OWASP SQL injection is, simply put, a user adding additional requests to your database calls.

March 15, 2015

Who Are You?

Something pretty basic that I didn’t cover early on is anonymity. Do bank robbers wear masks? Unless you want the police knocking on your door the next day. I suggest you look up the Tor project. It’s a proxy network that divides your data into packets and sends each one randomly through different bots on the network. While some may say Tor isn’t secure. You need to realize that nothing is perfectly secure.