Random shutdown of high bandwidth DVI displays due to poor grounding

Yeah, that’s a long title but it says it all.

I’m not an electrical engineer and what i discuss here was an interesting learning experience, at the cost of customer satisfaction – on what happened to be something due to customer’s electrical installation fault.

Comments are appreciated. It’s always awesome to learn something from the community.

A large videowall was commissioned a few months ago. It’s a very typical installation without much to it – 5×3 configuration, each display is FullHD. Issue was simple by itself: from time to time (sometimes per hour, a few times a day… depends on.. stuff?), each of the splitters would randomly lose input signal. Catch: only a few of them would not display any symptoms and nothing was at all obvious.

TL;DR: it was the UPS’ fault!

Continue reading “Random shutdown of high bandwidth DVI displays due to poor grounding”

Reverse SSH Tunnel – when you cannot SSH to your host

Sometimes you need a workaround for SSH to an host. On my case, i cannot SSH to a ppp connected Raspberry Pi, but he can SSH to every other host. Solution is simple: ppp-Pi will SSH to a remote SSH server leaving a door open. Then i can SSH to my host, and login to my Pi. Confused? I know.

There’s a pretty good explanation on StackExchange.

Continue reading “Reverse SSH Tunnel – when you cannot SSH to your host”

Cuckoo Sandbox – A malware analysis system

Throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.
Cuckoo is free Open Source software.

 

Cuckoo

 

 

Why does this matter?

Malware is the swiss-army knife of cybercriminals and any other adversary to your corporation or organization.

In these evolving times, detecting and removing malware artifacts is not enough: it’s vitally important to understand how they work and what they would do/did on your systems when deployed and understand the context, the motivations and the goals of a breach.

In this way you are able to more effectively understand the incident, respond to it and protect yourself for the future.

http://www.youtube.com/watch?v=720Vh3FaGN8

There are infinite other contexts where you might need to deploy a sandbox internally, from analyzing an internal breach to proactively scouting wildly distributed threats, collect actionable data and analyzing the ones actively targeting your infrastructure or products.

In any of these cases you’ll find Cuckoo to be perfectly suitable, incredibly customizable and well… free!

Head over to Cuckoo’s website to learn more: http://cuckoosandbox.org

Hacking Aux-IN to a car’s CD player

I’ve seen this a few times, and it’s a hack worth to share.

Many times, we found ourselves owning a car with a CD player, but no AUX-IN. Who uses CD’s these days, anyway? Noah decided to un-crapify his car audio on a 2001 Ford Focus.

The hack itself is pretty simple. Open up the unit, and you’ll find two separate modules: CD player, and radio/amplifier unit. Both are connected through a flex cable.

Taping the CD Player
Taping the CD Player

Noah was fortunate, since he had taps for each pin, so he didn’t had to solder directly on the plug’s pins. So, he identified ROUT, LOUT and a ground connection, soldered the pins, and he’s ready to go.
Since he tapped on the CD player’s pins, a CD must be inserted in order to trigger the input.
Easy as recording an audio CD without any tunes in int: plain old silence.

Similar hacks:

 

[Tutorial] Your own private anonymizing proxy – Raspberry Pi / TOR based

This howto uses the Raspberry Pi as the base system (tutorial is based on Debian), and Tor as the SOCKS5 Proxy.

The Objective: be anonymous on the internet, using the Raspberry Pi as a transparent SOCKS 5 proxy.

I didn’t intended this to be a completely exhaustive tutorial, but i feel it’s complete enough for the novice user to follow.

As a bonus, i’ve added info on how to use Tor as a Socks Proxy for your iPhone/iPad – no need to jailbreak.

If in any doubt following this guide, please leave a comment!

Introduction

Sometimes, you need to anonymize yourself in the internet. Or you’re just paranoid and don’t want to be followed around.

Either way, a proxy is a great way to stay anonymous in the internet.

If you just want to browse around, you can download a full featured package with Tor, and its own stripped down version of Firefox called TorBrowser. There are versions for Linux, OS X, and Windows, and you’re ready to go.

But if you don’t want to install anything in every device you own, or you want to be anonymous on your iPhone or Android device, then, this tutorial is for you.

 

Continue reading “[Tutorial] Your own private anonymizing proxy – Raspberry Pi / TOR based”

[Tutorial] Web based SSH terminal for the Raspberry Pi

So, the other day, i wrote about Onion Terminal. Despite this is a great Terminal, it relies on Onion lib, and this has a lot of dependencies to it: libcairo-dev, libxml2, libpng++-dev, …

Then, i discovered GateOne – a full featured HTML5 based web terminal for SSH access.

Despite this tutorial is for the Raspberry Pi, this will work without much changes in any Debian based system, such as Ubuntu and others.

GateOne
GateOne in action

 

Continue reading “[Tutorial] Web based SSH terminal for the Raspberry Pi”

Onion Terminal – A web browser based UNIX terminal

Ever had the need to access the shell of your server, but found yourself locked out by a corporate firewall that is blocking SSH traffic?

Give a try to Onion Terminal.

Sometimes, DNS tunneling is not a (stable) option, and VPN may also be blocked. Usually HTTP traffic goes out like a breeze.

Needs to be compiled from source, then give the proper executable permissions:

chmod +x oterm-i386

Run it:

./oterm-i386
Profit!