The Pihole is a device built on a single board computer (sbc). The device acts as an ad-blocker for your network. There are also blacklists that can be applied or you can build your own.
I good deal for people build these with a raspberry pi, but I found 2 orange pi zeroes for cheap and decided to build on out of this.
Found a video that shows you how to put wireguard vpn and unbound dns on the orange pi along with pihole. Thos is the one I plan on following.
So, while at Black Hat and DefCon people were messing around with the Flipper Zero and I was like that’s kinda awesome. It got me thinking about other gamiefied ways to tinker and learn. Enter Pwnagotchi:
I got one (the pi scarcity is real) and have been fooling around with it. Toss it in a cargo pocket when I go out to let the lil guy learn.
The device essentially learns from wifi handshakes. The more environments it’s in, the more it’s learning. I like the novelty and with the pi zero the small size.
I’m still messing around with it, honestly, but the above video and the below link should help anyone interested:
In 2001, a former contractor who still had access to the system, compromised the industrial control system (ICS). This compromised causes the sewage to flood the town and watershed.
This would become the first widely recognized attack on and industrial system.
I would advise anyone who wants to learn to use Splunk to actually use Splunk. They offer a really thorough fundamentals class for free and you fan set up a Splunk environment fairly easy.
There’s also hands-on by completing the ‘Boss of the SOC’ challenges.
Furthermore I recommend:
Splunk Certified Study Guide by Deep Mehta published by Apress
I highly recommend the above book to supplement study and test prep.
So, I’m a little bit of a tech hoarder. I’ve got several raspberry pis, nucs, Mac minis, and a chrome box. I also have a switch to put pfsense on. I’ve kinda got the hardware part down (tho I am looking for 1 more machine with 16gb or ram to complete my vision).
This being said I have a few things I want out of my lab environment:
Malware Analysis machine
Security Onion Analyst machine
Cyber Threat Intelligence Machine
Possible Forensic Analysis Station
Also want to have a pihole
I also know I want to mess around with Docker and Python although these don’t need their own environments the other three kinda do. This is especially true for malware Analysis machine which needs to be isolated as much as possible to prevent infection of other systems.
Draft Lab Documentation
The above is the draft documentation I cooked up to kinda of mimic inventory management. I also think if I’m going to have stationary ip addresses that this should be documented as well. I started having this info written out, but have also entered it into note-taking software. This is my attempt to be meticulous and intentional in this endeavor.
This week I learned about Bazar Call /Bazarloader Malware. I had never heard of this malware campaign. Even when it was explained to me I didn’t think that it would have a high success rate, but doing more research it is really successful.
The whole cycle starts with an email one that often talks about the end of a free subscription or being charged for a renewal or the like. This email might not have any links or attachments, but will have a number for the recipient to call.
<sidebar: I’d always thought these types of emails had 1 purpose and that was to scam recipients by getting them to call and then getting them to divulge credit card information or other personal information…my viewpoint was limited .>
When the recipient calls to cancel or dispute the precieved charges they are directed by the ‘call center’ to a website and this website downloads bazarloader malware which can be a carrier for other malicious code like Trojans or Ransomware.
So, I learned something new this week. I’m always amped when I learn something and I usually want to learn more about it. So, I’m doing more deep diving on Bazarloader and to see if there are other similar campaigns.
This whole thing also reinforced thinking outside the box when it comes to attacks. Often times, the simplest objective isn’t the true objective. Why hook a little phish when a marlin is out there like encrypting and ransoming an entire enterprise?
Also long story short, whether it’s a credit card scam or something more malicious, like this: don’t call random numbers in emails.
This morning I sat in on a virtual Meet-up where the topic was Building a Lab. During the pandemic I had been slowly but surely ‘collecting’ computer equipment with the thought to build out several components to like a multitasking lab environment. I know a lot of people are all for virtual environment labs, and I had one of those as well, but I also think that different devices should have different functions and like the idea of re-purposing old systems.
I’m working on this because in the past my virtual lab was tied to schoolwork or ctfs and mostly focused on lightweight pentesting and I want to get more hands-on defensive measures in place. I also want to be able to pull in threat intelligence feeds and a machine specifically for python scripting and researching.
An older version of the Meet-up I attended this morning
One of the things that stuck with me this morning and is kind of a ‘duh’ moment was to do an inventory, but also I think I’m going to try to design and designate all the components I want/have before I start building out. That’s why this blog is #0 it’s my pre-planning. I’m going to take the next week to look at the systems I have, the objectives I want to learn, and then plan out. Another piece to this will also be the documentation, I want clear and concise documentation because in a real world scenario this would be important.
Next week or the week after I’ll share examples of my inventory assessment and initial documentation. I also plan to have designated the use of each piece.
Comptia just announced a cloud+ beta. Think I might take it just to feel out the material, it’s $50 and I’m interested in cloud security aspects in the future, so why not. Next few posts will be about the road to studying this, linux and cysa…because why not I’ve got time.
Build A Security Ninja 