atluxity

We at Hackeriet had the great pleasure of hosting a workshop by Harrison Sand. Harrison has been looking at telco security from the side of phishing groups, SIM farms, Wi-Fi Calling and packet captures.

Think of this post as a map. The point is to connect the pieces well enough that a responsible researcher that can read a pcap can recognize the trust boundaries, and know what needs authorization before touching anything live.

Bottom line up front, modern mobile calling is several ordinary…

This year, many Hackeriet members attended the 39th Chaos Communication Congress. It was a blast! As part of our efforts to improve how we organize these trips, we held a lessons-learned meetup afterward. Around 15 people joined the meeting, and there was good engagement and a strong willingness to contribute.

There was broad agreement that this year’s congress worked well. Notes were prepared in advance and added during the meeting; these are available at https://pad.hackeriet.no/40C3. The…

Securing systems exposed to the internet is a moving target, especially when dealing with brute-force attacks on authentication services. I run a Zimbra mail server on an Ubuntu 18.04 server (yes, I know it’s time to upgrade), and I decided to tackle these never-ending login attempts. Along the way, I integrated AbuseIPDB for IP reporting, configured the recidive jail for persistent offenders, and encountered a few interesting bugs and quirks worth sharing.

Fail2Ban is an open-source intrusion…

Hackeriet at one point aquired a few Fun Generation LED pots, and one of the strong selling arguments for us was the knowledge that they supported DMX.

“DMX (Digital Multiplex) is a protocol used to control devices such as lights or fog machines. The signal is unidirectional, meaning it only travels in one direction; from the controller or first light, all the way to the last. In its most basic form, DMX is just a protocol for lights, like how MIDI is for keyboards or DAW controllers.” 1

This…