Friday, November 25, 2016

Nexus 6

Back to a bit of blogging from time to time since the OSCP and work is taking quite a bit of my time. Not to mention family time with the Hyrulian princess.

A few months back, I've gotten a Nexus 6 pre-owned. Now why would I want a pre-owned 2 years old handset when I could have spend a bit more money and maybe get a not too 'old' handset? Well I wanted to replace my Nexus 7 as my mobile penetration testing device. I wanted something reliable, cheap and easily modified. The Nexus 6P was still pretty expensive back then and even though the price had come down a little (for pre-owned sets) thanks to the Pixel phones, they are still quite a bit of a wallet-drainer. The Nexus 6 on the other hand, is a gem. Big screen, faster processor than my Nexus 7, more mobile than a tablet and it's a phone for goodness sake so ... sorry Nexus 7 ... you are relegated to a backup device for now. Besides, Nougat 7.0 runs officially on the Nexus 6 which makes it a tad more 'updated'.
Ain't she a beauty? If you look carefully, you'll see a TP-Link WN722N behind the phone which I used some velcro to attach it to the phone. Works pretty well. At least I don't have to look awkward holding a phone in one hand and the other a wireless adapter. Besides this setup sorts of conceals me when I am doing assignments walking around randomly in companies without raising concerns among its employees.

By the way, in case you plan to make a Nexus 6 your only device for penetration testing or acting cool like in Mr. Robot (although that was a PwnPhone which is essentially a Nexus 5 with a customized Pwn ROM), do take note of its limitations. For one, if you heard of the recent BlackNurse attack (read up on's an interesting effective 20 years old attack technique) the Nexus 6 caps out at TX less than 10mbps which is below the 15mbps required to launch a successful attack. Not that I've never heard of people actually using their phones to DoS networks ...

Monday, August 29, 2016

Something big is about to happen in a month's time

Ignore the tile. It's another post of another day ;-). The one year since I last posted were filled with many changes in my life both work and personal. Personal wise, Zelda turned 3 years old recently. Still trying to be a good father though ... not sure if I am doing things right but we'll hear soon enough from the little Hyrulian princess.

Pimped my Mr. Robot wannabe MacBook Air (it's an 11-inch model by the way and is something that I am typing on currently). Filled with stickers, nothing too personal save perhaps the dated picture of the Hyrulian princess. The priciest sticker would have to be the Hak5 one. How did I get it?
Well I side ordered a few of them when I spent some dough on the Hak5 wireless kit which is shown below. Almost everything you see in the picture (rubber ducky USB, LAN turtle, tons of cables, a DVB tuner, antennas and of course the famous PineApple device) are all from Hak5 except the HackRF One, which is a device I had a year back. That's really some kick-ass security gear there! Now I need to scout for RFID cards and some other security hardware to add into this wireless kit. By the way, if you ever buy these kind of stuff, make sure you know what you are doing and not try something stupid and illegal. You do not want to land in jail for nothing ...
On the other hand, if you want to feel like doing something 'illegal' but legally of course, there's the Mr. Robot game that's available on iOS and Android now. It's a text-based SMS-like game which puts you in the role of a hacker wannabe (either by choice or forcefully depending on how you look at it) who is going to help Darlene and 'E' to achieve their goals. And yes, that's what I been spending some of my train rides time for.
Exam-wise and also to improve myself, I am attempting to try for the OSCP the next few months. Hopefully I am good enough to attempt it but we'll see. It's a tough exam. Much much tougher than the CISSP or even CEH I would say (not that I have taken the CEH before ;-)). Wish me luck!

Till the next post ... over and out.