Xbox One / Xbox 360 and Open NAT using m0n0wall and pfsense


Hey! So this is where my background in network security and building computer games and back-end networks for MMOs come together.  Recently I got an Xbox One and started to play Destiny.  Don’t judge me.  Destiny, like any multiplayer game, works best when the game consoles can talk directly to one another.


m0n0wall Development - Beta Stuff



Let it be known, as if anyone cares, I have started to do development on m0n0wall using the Beta branch based on FreeBSD 8.3.  It's fun to retun to the project, and I hope to give a few new fun features back if the project accepts them.  Anyone wanting to play along with my future postings on this topic, or who simply want to be able to edit m0n0wall builds, should read my Workshop write-up on m0n0wall Custom Images.  (aka: m0n0wall Development.)

ReadyNAS Syslog-er-nator


Earlier today I needed to get a syslog server going for a project I am working on currently.  I didn't want to build a new server, nor did I want to spin-up my unix server due to the crazy amount of power the thing uses.  (I mothballed it a while ago.)  So I though... "man, my ReadyNAS Pro should be able to do this."  But searching for an add-on for the ReadyNAS for syslog only turned up post-after-post on the ReadyNAS site with people begging for this feature.

There is a great syslog viewer for the ReadyNAS called phpLogCon that made this more of a treat, I cover this in the how-to linked in this blog, and that really made me want to use the ReadyNAS even more as my syslog server.

BlackHat Abu Dhabi

BH Abu Dhabi 2012

It was a pleasure to speak at BlackHat Abu Dhabi with Dr. Stefan Frei ( @stefan_frei ) this year.  We felt very welcomed and honored to have been in the UAE as guests of this event.  You can find the white papers from our presentation at the NSS Labs ( @nsslabs ) website, they are the Modeling Evasions in Layered Security and Cybercrime Kill Chain vs. Defense Effectiveness.  (The papers are free to download, but you need to create an account.)

Attached to this blog is the PDF of the PowerPoint presentation given during the talk.  (It is 18MB in size.)

BSides Slides...


Gal and I have had a lot of fun talking at BSides this year; Los Angeles, Dallas, and Delaware.  As promised, we are posting the slides from our talk.  (As a PDF)  Please be kind and sight our work if you are quoting it.  Feel free to reach out to us, especially on Twitter.  @shpantzer @franklyfranc


You can download the slide preso (12MB) at this link.

How to "TouchDroid" while keeping your TouchPad

HP TouchPad

Finally completed that how-to on installing Android on an HP TouchPad, and published it on my work blog over at NSS Labs.  You can read about it here:“touchdroid”-while-keeping-your-tou...

Next steps will be to compile and buld a pen testing suite that can use this setup.


Downturn economy means greater security risks…

People Networking

Business is the practice of economics, and to that point we are now seeing near record setting layoffs as businesses control one of the variables in the mighty Profit and Loss (P&L) Statement.  That is to say, they are trimming costs as they can’t, unlike the government, simply increase profits.  The part of the math that isn’t often reviewed, greatly due to ignorance, is the exposure cost/risk when laying off Information Technology (IT) resources.

Let’s face it, IT is often seen as a Loss and is a service organization within most companies.  We see this in the ideas of outsourcing, downsizing, and the misalignment of ITSLA and COBIT in an effort to justify headcount reductions and sometimes for maintaining headcount.  If given my choice, I would cut project management before cutting operations, but I am not a CIO, and so my option on the matter isn’t really relevant.

Intellectual Property protection, or “When you know you are doing real Information Security.”


You are about to read a blog on Anti-piracy.  But it isn’t “anti-piracy” in the way that SOPA, DMCA, etc. would make you believe.  Because let’s be honest for a second and admit to the simple fact “those aren’t anti-anything.”  Some of you are nodding, others are scratching their heads.  Let me explain this one point and then move into the focus of my blog.

Go checkout Gal's Blog!

Gal Shpantzer

Go checkout Gal's recent posting on his blog site where he talks about Personnel Security and uses Warren Zevon's lyrics to "Lawyers, Guns, and Money" to make his point.  It's kind of briliant, and you can find it by clicking this amazing self-redirecting link


At what point does negligence constitute having to be responsible?



Syndicate content