April 8, 2016

HPKP.. Public Key Pinning?

On a project I’m involved with, a scanner has picked up a low issue where the HTTPS is missing HTTP Public Key Pins (HPKPs). If you’re like me, you’re probably thinking what the heck is HPKP? Well, I did a little bit of research and got it working on my personal website, I’ll share my struggles below so you don’t have to follow my footsteps. The Theory Our browser stores a list of places that are accepted TLS/SSL certificate providers.

March 7, 2016

Social engineering a hackathon

When a lot of people hear about hacking, they imagine a guy in a hoodie at a computer late at night. That’s not always the case, social engineering is a big part of the picture. This last weekend I went to Bsides Indy, and the keynote was about communicating with management about security. He gave a few examples about breaking into some of the most secure places… because of human error.

February 10, 2016

TLS Lightning Talk

Hi everyone, last night I gave a lightning talk at Misec Jackson. It was a quick 15 minute summary of my last blog post on TLS. I summed everything up into 12 slides and threw in some last minute images to make it look better than just bullet points on bullet points. Other lightning talks from the night I wasn’t the only talk that night, there was a talk on IPv6 that was pretty insightful.

February 3, 2016

VTech Kid Connect Data Breach

On November 14, 2015, VTech discovered a hacker had broken into their databases, servers, and websites. The hacker used SQL injection to gain complete access to the databases that held all of the data used by the Kid Connect application that VTech uses. A friend of mine wrote up an awesome case study about the breach and you can read it here StephenManz_KidConnectHack. My two cents on the VTech breach (Not a TL;DR of the case study, just what I took away)

January 23, 2016

COGSS 2.0

In July of 2015, I volunteered to create a web app to score college gymnastics. There’s an old blog post from my original COGSS project. COGSS 2.0 is going to be a place to submit scores and have rankings for a meet. Sounds simple right? Turns out it is not, this project feels like it is turning into a full blown application which ideally would require a dev team… Instead there is me!

January 20, 2016

TLS: What is it and why it matters

In my normal fashion, I’m going to start this blog post with a little intro to cover my butt. Recently at work, I’ve been tasked with learning about Transport Layer Security or TLS. This blog post is my own thoughts and is not 100% accurate, but I hope you get the idea as well as I do. What is TLS? Well, as I said above, TLS is Transport Layer Security. It’s the encryption used by clients and servers to encrypt messages sent between the two.

January 1, 2016

2015 in review

2015 has been quite the year for me! For one, I started blogging about information security and software development. I added a category for hardware, but I haven’t been able to dive very deep into those projects (yet). This blog post will be a review of all of the content I’ve blogged about, hopefully it’ll be a good collection of how much I’ve grown. To prove I really am what my tag line says; that I’m better than I was a year ago.

December 21, 2015

Monitoring Honeypot Output

Last week I posted in Hacking about installing a Honeypot to record SSH traffic. Since it was installed, I’ve been working on easily monitoring of the output. Michel Oosterhof, the creator of Cowrie, has done a lot of development work to create some awesome logging output from the honeypot. There are a lot of different options and you can even store output in a mySql database. I found instructions for that on a wordpress blog.

December 18, 2015

Cowrie Honeypot Installation

Who likes honey? I know I do. Unfortunately Cowrie isn’t the like of honeypot you might imagine. Instead of thinking source of deliciousness, think something you will get your hand stuck in. In security terms a Honeypot is where a system is set up to record everything that’s going on. In those terms, cowrie is a SSH monitor that tracks everything that happens over an ssh connection. This is a project that I started with @Taco_Pirate.

December 11, 2015

My First Presentation: Web Hacking

Tuesday December 8th was the last meeting of the semester for Spartan Hackers and I gave the presentation. A group of students at Michigan State University who go to hackathons and want to learn more about computer science. Each week we have workshops to introduce new things to our members, topics vary from “Intro to HTML” to “Web Scraping”. The original idea was to have a security company come in and talk with us, but that fell through at the last minute.