Monday, May 8, 2017

Fighting Bot Attacks presentation at FIRST

Took some time to speak to FIRST attendee regarding some of the lessons learned at Zenedge fighting bot attacks. In the presentation, I covered an attacker whom persistently kept coming back to a customer and bypassing our mitigation techniques and how we evolved to protect ourselves. Finished the talk by describing how you can build your own protection. See the slows below

Tuesday, June 7, 2016

FrakenTank is Alive!


My friend Berto just finished his FrankenTank and its looking awesome. Really interesting for a weekend project,  and a mobile platform for other things to be built on it. See a demo video at:

Monday, July 13, 2015

Heka debian init script

After much hunting around I couldn't find one that logged and worked with the .deb binary in their github. Here is the one I built, hope it helps

Friday, February 13, 2015

Deploying Hardened Splunk with Ansible

Just finished 2 blog post on the Splunk blog which covers how to get started with Ansible and deploy harden Splunk instances. Also dive I into how to deploy and manage multiple custom Splunk environment in AWS using Ansible.

To get started on how to use Splunk with Ansible (Part 1).
Also there is a github repo with the playbooks that are broken down into roles:

  • Common - copies keys over, install basic utils (screen,vim etc.), hardens server (by installing rkhunter,chkrootkit,clamav and cronjobs to run them)
  • Search Head - install a splunk search head, changes default password, hardens splunk web, among other things, runs as splunk user
  • Indexer - install a splunk indexer, copies over indexes, and certs/key of secure comms
  • Universal Forwarder - install a UF, deploy inputs.conf and outputs.conf

How to scale it on AWS with multiple Splunk instances, ultimately manage it as a service (Part 2). In part two the way we inventory Ansible changes from a static host file to a dynamic inventory fed out of AWS instances. Due to this it has its own github repo.

Tuesday, December 30, 2014

Search the web from Splunk using Faroo

I have been away for a while, but been very busy at Github. Just wrapped up a app for Splunk that allows you to search the web using key words from a specific Splunk field. Primary use for this is to rank up items that might have been indexed by a web service like Faroo. Also to add further context on the fly when doing investigations.

See the code at:

I just submitted to for approval.

Tuesday, June 3, 2014

Generating Elliptical Curve (EC) Key/Pair

Just finished a post over at Splunk blog regarding using EC (Elliptical Curve) certs with in Splunk. Although the explanation was geared towards someone deploy the keys in a Splunk deployment the key pair could be used in any situation (proxy, web server etc..)

Here is the TL;DR summary of the post:

Generate a New Elliptical Curve CA key and Cert
openssl ecparam -out ca-key.pem -genkey -name prime256v1
openssl req -x509 -new -key ca-key.pem -out ca-cert.pem

Generate Servers Private key and CSR
openssl ecparam -out server-key.pem -genkey -name prime256v1
openssl req -new -key server-key.pem -out server-csr.pem

Generate Public Certificates:
openssl x509 -req -days 365 -in server-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem


If you want to test your keys. Start a web server with the following openssl command.
openssl s_server -www -key server-key.pem -cert server-cert.pem -CAfile ca-cert.pem -state

Then, try to connect to
openssl s_client -connect

Friday, May 9, 2014

Nexpose Python Client Library

Just wrapped up a client library for Nexpose. I forked one already created, but added custom reporting support to it, which was a feature that a friend was requesting. Hope it helps anyone else running this as their Vulnerability scanner.

If there are any errors, or issues with it please feel free to ping me at @divious_1

Thursday, November 28, 2013,, Public CIF Updates

Its been a while since I provided an update on the ongoing  projects or anything new. First off want to extend a huge public thank you to Rebekah Monson (@rsm) for making and taking it to a new levels with the Awesome Foundation grant. She has a great recollection of the Subs evolution on the site with upcoming events. Hopefully we should be water testing it ASAP and I should be putting up an updated bill of materials and design plan. Alot of items have changed through the Subs evolution and I'm sure alot more will change as we start water testing it. is half cooked so far, I have a working application which collects OSINT data and stores it on a no SQL data store. The next step is making collectors for honeypots like Dionea or Amun and start making a search UI.

As to the public CIF instance I have to apologies for not being on top of new user request. Some have been backed up and I have not updated the service to CIF 1.0v yet. As time progressing I will be phasing out this service to replace it with as I get closer to a release candidate.

Sunday, September 15, 2013

Get Crazyflie Quad Copter working on the Raspberry Pi with a Sony PS3 Bluetooth controller

Recently got my hands on a crazyfly and I must say I love it. Took me few minutes to get it assembled using bitcraze instructions:
I wanted to get it running with my raspberry pi to use it on the go but ran into a few hiccups so I decided to put this doc together as  guide for anyone whom has a PS3 Bluetooth controller at home (crazyfly has only documentation on xbox wired).

Things you need:

  1. Crazyflie
  2. Sony PS3 Controller
  3. USB Bluetooth adapter
  4. Crazyradio
  5. Raspberry Pi (with all necessary accessories)

  1. Start to assemble the crazyflie using the instructions at bitcrazy.
  2. Download and image an SD card with bitcraze pre-built raspberry pi crazy fly image:
  3. Boot up the Pi with the fresh baked image, update you pi and install any necessary tools you use (I usually install vim, lshw, screen, etc..)
  4. Install PS3 controller and other necessary libraries:
    sudo apt-get upgrade
    sudo apt-get install bluez-utils bluez-compat bluez-hcidump libusb-dev libbluetooth-dev joystick usbutil pyqt4-dev-tools
  5. Check that the Bluetooth module is being detected: 
    [email protected] ~ $ hciconfig hci0: Type: BR/EDR Bus: USB
    BD Address: 00:1F:81:00:06:20 ACL MTU: 1021:4 SCO MTU: 180:1
    RX bytes:1260 acl:0 sco:0 events:46 errors:0
    TX bytes:452 acl:0 sco:0 commands:45 errors:0
    If you see your USB Bluetooth adapter then you are good if not there is an issue with the Pi Recognizing your adapter
  6. Install the paring software to pair the controller with the Pi:
    gcc -o sixpair sixpair.c -lusb

  7. After you compile this file there will be a binary executable called “sixpair” which now you can execute, connect your PS3 controller using a USB cable to the Pi (You only have to do this once for the pairing)
    Run the executable and you should see something like this:
    crazyfly-pi ~ $ sudo ./sixpair
    Current Bluetooth master: f0:f0:02:c7:f5:8e
    Setting master bd_addr to 00:10:60:d2:c2:fe

  8. If you get that output that means your controller is now officially paired with the Pi. Now we have to install the controlling application that read the controller as an input device. 
    tar xfvz QtSixA-1.5.1-src.tar.gz
    cd QtSixA-1.5.1/sixad
    sudo mkdir -p /var/lib/sixad/profiles
    sudo make install 
  9. Now we can test to see if the controller is working first start the sixad daemon and initiate the controller:
    sudo sixad --start
    When Prompted Press the PS button and the 4 upper LED on controller will light up.
  10. To test that you are indeed receiving input from the controller run jstester against the input:
    sudo /usr/bin/jstest /dev/input/js0
    You should be seeing the following values change and you press keys in the controller.

  11. We must tell now cfheadless that we are going to be using a PS3 Bluetooth controller edit the following file and Change PS3_Mode1 to PS3_Mod2 like so: crazyfly-pi:~# cat /home/bitcraze/controller.conf
  12. Now we need to make that assures that cfheadless is always running, this assures that even if the crazyflie is not detected right away it will get configured the right way. Place the following script in /root/

  13. Now we make this run every minute
    sudo -i
    crontab -e

    and add the following lines to it:
    */1 * * * * /root/
    @reboot sixad -s

  14. You should be set now, restart your pi, make sure you turn on your crazyflie. Once the pi has booted give it 5 minutes and press the PS button on your ps3 controller. You should be able to controller your crazyflie with the controller. 

Tuesday, September 3, 2013

Underwater ROV 2.0


After some serious thinking on the direction and cost of the submarine, I though it would make sense to consolidate the motor control functions into a raspberry pi. I have used the adafruit 16 channel server driver board to control the ESC ( This takes that responsibility away from the Arduino which was the original sub concept. Furthermore, with the release of the raspberry pi camera now on the pi I can also consolidate the streaming video capabilities. This gets rid of the necessity to buy an IP camera and have 2 network connections on the submarine. As the frame goes no serious water testing as occur as of yet but as soon the motor is completed there will be some redesign as well. Below you can see a video of the raspberry pi controlling the ESC of the current sub.

Getting ESC with raspberry Pi and adafruit servo controller working. Excuse the desk mess. from Jose Hernandez on Vimeo.

First you must get I2C installed on the PI by running:

sudo apt-get update && sudo apt-get upgrade
sudo apt-get install python-smbus i2c-tools

Make sure that I2C is working by running:

  1. sudo i2cdetect -y 1

Then get the adafruit PWM libraries:

git clone

cd into the Adafruit-Raspberry-Pi-Python-Code/Adafruit_PWM_Servo_Driver/ directory and 
the example code I use to get this running on the PI:
The wiring Schematics:
Pulled from Adafruit
If you run into any issues I recommend going through the Adafruit guide:
I will be uploading to github the driver code in python for the submarine.