Monday, November 26, 2012

BEAST and CRIME Attacks Research Paper

For my cryptography class as a semester end assignment we had to produce a research paper. I decided to write it on SSL attacks and concentrate on BEAST and CRIME as example. The paper give a good in-depth explanation on how and why is SSL exploited. You can find the paper here. Also modified a cipher discovery tool I found in stack-overflow and uploaded to github.

Thursday, September 27, 2012

Collective Intelligence Framework Globe

Feed Globe

Attempting to get some GeoIp correlation of the feed I'm collecting with CIF lead to generating a 3d globe at (https://feed.josehelps.com). I did this using the geo ip data collected from my public cif instance. I'm generating the geo data base on the logs from the crontool using the this script (Needs alot of improvements). I have posted all the source code at my github page.



You will need a WebGL compatible browser to load the globe (updated Chrome or Firefox should work). Let me know what you think of it. 

Saturday, September 15, 2012

Submarine Project Update

Phase 1 - Building a Sensor Box

Trying to focus on getting all the necessary parts to build the sensor box. So far I have gotten the camera working with the Pi although at the moment I have a bit of a power issue. My current Pi power supply only gives it 0.5Amps while the camera and the wifi card will need a bit more than that. Order new 2AMP usb hub to compensate for that.

So far the following is working:

 


Sadly the camera disconnects right after it is detected due to power issues:

Sep 12 02:56:34 raspberrypi kernel: usb 1-1.2: new high speed USB device number 19 using dwc_otg
Sep 12 02:56:35 raspberrypi kernel: usb 1-1.2: New USB device found, idVendor=046d, idProduct=0805
Sep 12 02:56:35 raspberrypi kernel: usb 1-1.2: New USB device strings: Mfr=0, Product=0, SerialNumber=2
Sep 12 02:56:35 raspberrypi kernel: usb 1-1.2: SerialNumber: 584E2190
Sep 12 02:56:35 raspberrypi kernel: uvcvideo: Found UVC 1.00 device (046d:0805)
Sep 12 02:56:35 raspberrypi kernel: input: UVC Camera (046d:0805) as /devices/platform/bcm2708_usb/usb1/1-1/1-1.2/1-1.2:1.0/input/input4
Sep 12 02:56:36 raspberrypi kernel: usb 1-1.2: USB disconnect, device number 19
Sep 12 02:56:36 raspberrypi kernel: usb 1-1.2: new high speed USB device number 20 using dwc_otg
Sep 12 02:56:36 raspberrypi kernel: usb 1-1.2: New USB device found, idVendor=046d, idProduct=0805
Sep 12 02:56:36 raspberrypi kernel: usb 1-1.2: New USB device strings: Mfr=0, Product=0, SerialNumber=2
Sep 12 02:56:36 raspberrypi kernel: usb 1-1.2: SerialNumber: 584E2190
Sep 12 02:56:36 raspberrypi kernel: uvcvideo: Found UVC 1.00 device (046d:0805)
Sep 12 02:56:36 raspberrypi kernel: input: UVC Camera (046d:0805) as /devices/platform/bcm2708_usb/usb1/1-1/1-1.2/1-1.2:1.0/input/input5
Sep 12 02:56:43 raspberrypi kernel: usb 1-1.2: USB disconnect, device number 20

Just ordered:
Researching:
If someone could provide some help with the frame, it would be greatly appreciate it, so far I have only  though as far as making it out of PVC pipes.



Sunday, September 9, 2012

CIF public instance down for the moment

Seems that running the instance has gotten a bit expensive. I have noticed new sign ups but I'm in the process of migrating it to a more cost effective hosting company. Also upgrading CIF to 1.0 during the mean time. Please bear with me, I'm trying to avoid asking for donations. If you have any place where I can host a 1U server, I would be most appreciative.


Tuesday, September 4, 2012

Hack Miami Submarine


Going where no hacker has gone before

The purpose of this project is to make an underwater submarine using a Raspberry Pi as the primary controller and collector for sensory data. The sensory data ranges any where from live video, temperature, acceleration, to atmospheric pressure. The submarine will also accommodate modules to be added for hacking purposes (wifi cracking underwater, packet collect, bluetooth scanning etc...). In essence a spy sub. 

Rough Design Concepts:

Phase 1 Anchored Concept -


Final Concept Art -

10,000 Feet view of project:

I would like to break the project into 3 phases in order to make it feasible and get results in every phase. 
  1. Build a sensor box  - Drop a sensor box in salt water, make sure we get readings
  2. Give the Submarine Propulsion - Add motors and navigation 
  3. Make the Submarine wireless - Attempt to all sensor data be transfer via RF/802.11 including video.

Todos:


  • Narrow down scope of project 
  • Select sensors that would make sense on the submarine
  • Bill of materials for phase 1 & 2
  • Test sensors
  • Make Hull, fit sensors in
  • Test Hull in salt water (no sensors)
  • Drop Hull and sensors in water
  • ...
  • ...

Idea Pad:

Throw your ideas down here, work with me on piecing this together.
http://sync.in/iRY5dtUo7k

Tuesday, June 26, 2012

Collective Intelligence Framework for the public

After installing my first CIF server my interest for it has grow exponentially. I now find myself attempting to find more and more feeds to aggregate. My only wish was that of a public instance so I took it upon myself to create one. Hence http://www.josehelps.com/p/feeds.html

The public instance is currently aggregating information from the providers list on that page. I will add more as I come across them or they become available. If you have data that could benefit the security community and are capable/interested in sharing it please contact me up and I will gladly assist in adding it to our feeds.


I will be moving the server this service is on pretty soon to EC2, I will make a post before I do so. Also if you install the perl client and want to query a list of IPs/Domains, run the following command:

for i in `cat input.txt`; do cif -Sq $i; cif-output.txt; done

input.txt = file with domains/ips
cif-output.txt = results
eg:

1.1.1.1
2.2.2.2
thisdomain.com

If you want to take the server for a whirl fill out the form in the feeds tab and wait for me to send you an API key. You can find me in irc channel #cif on freenode.net, or you can simply email me [email protected] if you have any questions.


Also if you are interest in installing your own server I highly recommend you use the EC2 instructions that Wes Young has added to the collective intelligence framework project site. created.

Thursday, April 26, 2012

mxgopop mail bomber

Made a quick and dirty mail bomber that works with ESMTP auth (gmail). This was a project for school and the idea was ultimately to be distributed but never finalized that portion. Though I share it.