WirelessPhreak.com

I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me

 

Dig (Domain Information Groper) is a powerful command-line tool for querying DNS name servers.

The dig command, like nslookup, allows you to query information about various DNS records, including host addresses, mail exchanges, and name servers. It is the most commonly used tool among system administrators for troubleshooting DNS problems because of its flexibility and ease of use.

This tutorial explains how to use the dig utility through practical examples and detailed explanations of the most common dig options.

To check if the dig command is available on your system type:

dig -v

The output should look something like this:

DiG 9.10.6

If dig is not present on your system, the command above will print “dig: command not found”. The dig tool can be installed using the distro’s package manager.

Quick command Cheat Sheet:


 

More in depth, understanding the dig Output:
In its simplest form, when used to query a single host (domain) without any additional options, the dig command is pretty verbose.

In the following example, we’re performing on the wirelessphreak.com domain:

dig wirelessphreak.com

The output should look something like this:

    ; <<>> DiG 9.10.6 <<>> wirelessphreak.com
     ;; global options: +cmd
     ;; Got answer:
     ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19643
     ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
     ;wirelessphreak.com.        IN    A

     ;; ANSWER SECTION:
     wirelessphreak.com.    300    IN    A    104.24.119.62
     wirelessphreak.com.    300    IN    A    172.67.210.173
     wirelessphreak.com.    300    IN    A    104.24.118.62

    ;; Query time: 37 msec
    ;; SERVER: 208.67.220.220#53(208.67.220.220)
    ;; WHEN: Mon Nov 16 12:16:45 PST 2020
    ;; MSG SIZE  rcvd: 95

Let’s go section by section and explain the output of the dig command: 

The first line of the output prints the installed dig version, and the queried domain name. The second line shows the global options (by default, only cmd).

    ; <<>>DiG 9.10.6 <<>> wirelessphreak.com
    ;; global options: +cmd


 If you don’t want those lines to be included in the output, use the +nocmd option. This option must be the very first one after the dig command.

 The next section includes technical details about the answer received from the requested authority (DNS server). The header shows the opcode (the action performed by dig) and the status of the action. In this example, the status is NOERROR, which means that the requested authority served the query without any issue.

    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19643
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

 

This section can be removed using the +nocomments option, which also disables some other section’s headers.


The “OPT” pseudo section is shown only in the newer versions of the dig utility. You can read more about the Extension mechanisms for DNS (EDNS) here .

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096


To exclude this section from the output, use the +noedns option.
 

In the “QUESTION” section dig shows the query (question). By default, dig requests the A record.

    ;; QUESTION SECTION:
    ;wirelessphreak.com.            IN    A


You can disable this section using the +noquestion option.


The “ANSWER” section provides us with an answer to our question. As we already mentioned, by default dig will request the A record. Here, we can see that the domain wirelessphreak.com points to the three IP address.

    ;; ANSWER SECTION:
    wirelessphreak.com.    300    IN    A    104.24.119.62
    wirelessphreak.com.    300    IN    A    172.67.210.173
    wirelessphreak.com.    300    IN    A    104.24.118.62

 

Usually, you do not want to turn off the answer, but you can remove this section from the output using the +noanswer option.

The “AUTHORITY” section tells us what server(s) are the authority for answering DNS queries about the queried domain. In this example it did not provide and authoritative server answer.

    ;; AUTHORITY SECTION:

You can disable this section of the output using the +noauthority option.

The “ADDITIONAL” section gives us information about the IP addresses of the authoritative DNS servers shown in the authority section.

    ;; ADDITIONAL SECTION:

The +noadditional option disables the additional section of a reply.

The last section of the dig output includes statistics about the query.

    ;; Query time: 37 msec
    ;; SERVER: 208.67.220.220#53(208.67.220.220)
    ;; WHEN: Mon Nov 16 12:16:45 PST 2020
    ;; MSG SIZE  rcvd: 95

You can disable this part with the +nostats option.

Printing Only the Answer
Generally, you would want to get only a short answer to your dig query.
1. Get a Short Answer

To get a short answer to your query, use the +short option:

dig wirelessphreak.com +short

     104.24.119.62
     172.67.210.173
     104.24.118.62

The output will include only the IP addresses of the A record.
2. Get a Detailed Answer

For more a detailed answer, turn off all the results using the +noall options and then turn on only the answer section with the +answer option.

dig wirelessphreak.com +noall +answer

     ; <<>> DiG 9.10.6 <<>> wirelessphreak.com +noall +answer
     ;; global options: +cmd
     wirelessphreak.com.    300    IN    A    104.24.119.62
     wirelessphreak.com.    300    IN    A    172.67.210.173
     wirelessphreak.com.    300    IN    A    104.24.118.62

Query Specific Name Server
By default, if no name server is specified, dig uses the servers listed in /etc/resolv.conf file.

To specify a name server against which the query will be executed, use the @ (at) symbol followed by the name server IP address or hostname.

For example, to query the Google name server (8.8.8.8) for information about the wirelessphreak.com domain you would use:

dig wirelessphreak.com @8.8.8.8

     ; <<>> DiG 9.10.6 <<>> wirelessphreak.com @8.8.8.8
     ;; global options: +cmd
     ;; Got answer:
     ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23065
     ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

     ;; OPT PSEUDOSECTION:
     ; EDNS: version: 0, flags:; udp: 512
     ;; QUESTION SECTION:
    ;wirelessphreak.com.        IN    A

    ;; ANSWER SECTION:
    wirelessphreak.com.    299    IN    A    104.24.118.62
    wirelessphreak.com.    299    IN    A    104.24.119.62
    wirelessphreak.com.    299    IN    A    172.67.210.173

    ;; Query time: 31 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Mon Nov 16 12:27:32 PST 2020
    ;; MSG SIZE  rcvd: 95

Query a Record Type
Dig allows you to perform any valid DNS query by appending the record type to the end of the query. In the following section, we will show you examples of how to search for the most common records, such as A (the IP address), CNAME (canonical name), TXT (text record), MX (mail exchanger), and NS (name servers).
1. Querying A records

To get a list of all the address(es) for a domain name, use the a option:

dig +nocmd google.com a +noall +answer

    google.com.        128    IN    A    216.58.206.206

As you already know, if no DNS record type is specified, dig will request the A record. You can also query the A record without specifying the a option.
2. Querying CNAME records

To find the alias domain name use the cname option:

dig +nocmd mail.google.com cname +noall +answer

    mail.google.com.    553482    IN    CNAME    googlemail.l.google.com.

3. Querying TXT records

Use the txt option to retrieve all the TXT records for a specific domain:

dig +nocmd google.com txt +noall +answer

    google.com.        300    IN    TXT    "facebook-domain-       verification=22rm551cu4k0ab0bxsw536tlds4h95"
    google.com.        300    IN    TXT    "v=spf1 include:_spf.google.com ~all"
    google.com.        300    IN    TXT    "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"

4. Querying MX records

To get a list of all the mail servers for a specific domain use the mx option:

dig +nocmd google.com mx +noall +answer

    google.com.        494    IN    MX    30 alt2.aspmx.l.google.com.
    google.com.        494    IN    MX    10 aspmx.l.google.com.
    google.com.        494    IN    MX    40 alt3.aspmx.l.google.com.
    google.com.        494    IN    MX    50 alt4.aspmx.l.google.com.
    google.com.        494    IN    MX    20 alt1.aspmx.l.google.com.

5. Querying NS records

To find the authoritative name servers for our specific domain use the ns option:

dig +nocmd google.com ns +noall +answer

    google.com.        84527    IN    NS    ns1.google.com.
    google.com.        84527    IN    NS    ns2.google.com.
    google.com.        84527    IN    NS    ns4.google.com.
    google.com.        84527    IN    NS    ns3.google.com.

6. Querying All Records

Use the any option to get a list of all DNS records for a specific domain:

dig +nocmd google.com any +noall +answer

    google.com.        299    IN    A    216.58.212.14
    google.com.        299    IN    AAAA    2a00:1450:4017:804::200e
    google.com.        21599    IN    NS    ns2.google.com.
    google.com.        21599    IN    NS    ns1.google.com.
    google.com.        599    IN    MX    30 alt2.aspmx.l.google.com.
    google.com.        21599    IN    NS    ns4.google.com.
    google.com.        599    IN    MX    50 alt4.aspmx.l.google.com.
    google.com.        599    IN    MX    20 alt1.aspmx.l.google.com.
    google.com.        299    IN    TXT    "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
    google.com.        21599    IN    CAA    0 issue "pki.goog"
   google.com.        599    IN    MX    40 alt3.aspmx.l.google.com.
   google.com.        3599    IN    TXT    "facebook-domain-    verification=22rm551cu4k0ab0bxsw536tlds4h95"
    google.com.        21599    IN    NS    ns3.google.com.
    google.com.        599    IN    MX    10 aspmx.l.google.com.
    google.com.        3599    IN    TXT    "v=spf1 include:_spf.google.com ~all"
    google.com.        59    IN    SOA    ns1.google.com. dns-admin.google.com. 216967258 900 900 1800 60

Reverse DNS Lookup
To query the hostname associated with a specific IP address use the -x option.

For example, to perform a reverse lookup on 208.118.235.148 you would type:

dig -x 208.118.235.148 +noall +answer

As you can see from the output below the IP address 208.118.235.148 is associated with the hostname wildebeest.gnu.org.

    ; <<>>DiG 9.10.6 <<>> -x 208.118.235.148 +noall +answer
    ;; global options: +cmd
    148.235.118.208.in-addr.arpa. 245 IN    PTR    wildebeest.gnu.org.

Bulk Queries
If you want to query a large number of domains, you can add them in a file (one domain per line) and use the -f option followed by the file name.

In the following example, we are querying the domains listed in the domains.txt file.
domains.txt

lxer.com
linuxtoday.com
tuxmachines.org

dig -f domains.txt +short

    108.166.170.171
    70.42.23.121
    204.68.122.43

The .digrc File

The dig command’s behavior can be controlled by setting up per-user options in the ${HOME}/.digrc file.

If the .digrc file is present in the user’s home directory, the options specified in it are applied before the command line arguments.

For example, if you want to display only the answer section, open your text editor and create the following ~/.digrc file:
~/.digrc

+nocmd +noall +answer

Conclusion
dig like nslookup is a command-line tool for querying DNS information and troubleshooting DNS related issues. My personal opinion dig is a much more powerful tool since it gives more of the raw DNS output. In the hands of an individual who understands DNS both dig and nslookup are powerful tools.



 

Who would have thought that 7 month later and for most of us there are no plans to go back to the office. For remote workers audio/video conference and collaboration software has become a tool we use sometimes all day. For me personally quality of audio and video has become an important part of work. for me personally its very distracting when someone is garbled, or there video is horrible. I wanted to put up some of my favorite tools I have found to help provide quality remote working experience.

Audio:

Microphones are an important tool for quality audio. If your a teacher providing distance learning or office worker meeting with clients or colleagues good audio is important. I wanted to list USB based audio that would work with most if not all computers and remote access software.Most of them I have tried.

  • Audio-Technica ATR2100x-USB Cardioid Dynamic Microphone: 
    • This thing has been a work horse I have used it for podcasting as well as meetings. Its only downfall you have to be pretty close to the mic for it to pic you up.
  • Rode VideoMic NTG:
    • I just picked this one up. It's really designed as a shotgun mic to go on top of your DSLR for better video audio, but Rode has also added a USB port that lets it work as a shotgun mic connected directly to your PC. So far I like that I can position the Mic further away but still have rally good sound quality.  
  • Apple Airpods:
    • Many people use these as have I, and for me I have not been impressed. I have not used the Airpod Pros, but I found the original Airpods to be very fickle. Many times the mic would cut out or garble what I was saying.  I do like how easy they are to pair with different devices and for listing to music they are great, I am just not a fan of using them as a mic. 
  • Built in Apple Mic and Speakers
    • I have found the built in mic and speakers on my macbook pro to be very capable. Right now I have my macbook docked so the mic is not usable but when I am traveling and working I have never got any complaints about the audio. It nice that it is built in for sure.
  • Head Phones or no Head Phones:
    • Luckily the video conference software has gotten much better with sound rejection. For example if you are using the speakers and mic on your laptop  the software is smart enough to cancel what is coming out of your speakers and only broadcast your voice. That being said it isn't perfect but its pretty close. For me it really depends on the environment. If your working in an airport or Starbucks of course headphones are crucial, at home i kind of bounce between headphones and laptop speakers. I really don't want to wear headphones for 8 hours strait .

 Video:

Video for me is not as important as audio quality since most of my meetings are audio,  but for distance teachers or just audio video geeks like myself having a nice camera is pretty important.

  • Logitech C930E:
    • The Logitech C930 series cameras have been the de facto for good quality reliable HD video. I have had mine for 4 years and still haven't been on a call with someone who has better video. There is nothing you can say bad about these cameras accept they are hard to find right now.
  • DSLR with HDMI to USB adapter:
    • If you are an aspiring YouTuber then this might be the solution for you. There are a lot of older DSLR cameras out there that have really good video features and are pretty cheap. The only issue is the HDMI to USB adapters range in quality and price.  Its really hard to tell what is quality and what is junk.  If you go down this route it is important you do your research.
  • Apple built in FaceTime or iSight Cameras:
    • Ahhh... They work but they aren't great.  If your on the road running light they work in a pinch. If you have a newer iPhone you may be better using that, they usually have better cameras then the laptops.
  • EPOC cam Webcam for MAc and PC:
    • Lastly I wanted to leave you with a software alternative. EPOC software is an app that can be installed on your iPhone. Once the iPhone app is installed you install the companion software on your computer. It allows you to use the epic camera on your iPhone as a HD webcam.  It also adds the ability to connect to the iPhone camera over wireless or wired. Definitely worth checking out https://apps.apple.com/us/app/epoccam-webcam-for-mac-and-pc/id449133483

Lights:

If your not a professional YouTuber or Video Podcaster it might not be super important but if you have a darker office like me and you attend early or off hour meeting a cheap studio light or good room lighting can dial back the creep factor.

  • SUPON L122T Ultra-Thin LED Video Light Pane:
    • This light is really chap and worked really well.  It pretty bright and you can change the tone from warmer to cooler as well as brighter and softer.  It doesn't come with  power supply so you will need to order it separately. You can even power it with battery packs so it can be completely mobile, I have been really happy with it.

 

Hope these ideas can help with your video conference gear ideas.

 


 

So the F5 is a tricky beast often refereed to as the swiss army knife of network appliances. The appliances primary role in many networks is to load balance and is a beast negotiating SSL. That being said its not always easy to determine how to configure the clients SSL profiles to be secure and still service the public. F5s documentation is helpful but designed to be vague because cipher suites and browser support is always changing. https://support.f5.com/csp/article/K8802

 

SSL Labs has become the de-facto to use tool that helps the public understand the nuances of SSL by giving an easy to understand letter grade, https://www.ssllabs.com . The website runs a multitude of tests from insuring your certificate is chained correctly to end device OS and browser simulations, to commonly found vulnerability testing. The down fall of having such a sophisticated tool issuing a simple letter score, is not every environment can be configured for an A or B plus.

 

So I wanted to through an F5 Client SSL Profile out there that at the time of testing got a solid A- and still supported a ton of OS and browser combinations. You will mostly want to keep the defaults but I will highlight what changes you will want to make to get an A. You will need to select Advanced to see some of these settings.


  • The first step is to add your public certificate and the intermediate certificates if applicable as well as the key.
    •  this is what create the certificates chain
  • Next you will want to customize the Ciphers that will be used by the F5 to negotiate SSL with the client. This is where 99% of the magic will happen.
    • DEFAULT:HIGH: (are pre canned cipher settings created by F5, the additional settings are additional customization.
    • !RSA: Do not use RSA ciphers
    • !SSLV3: Do not use SSL version 3
    • !RC4: Do not use RC4 ciphers
    • !EXP: Do not use Cipher length of 40 or 56 bits export strength
    • !DES: Do not use Des or triple Des ciphers
    • !TLSv1_1: Do not use TLS version 1.1
    • !TLSv1: Do not use TlS version 1.0
    • !ADH: Do not use ADH ciphers
    • !EXPORT: Do not use EXPORT grade (weak) ciphers
    • !SHA: Do not use Message Authentication Code SHA 128
  • The complete string looks like this:
    • DEFAULT:HIGH:!RSA:!SSLV3:!RC4:!EXP:!DES:!TLSv1_1:!TLSv1:!ADH:!EXPORT:!SHA
  • Lastly you will want to set up strict SSL renegotiation:
    • Check the  Renegotiation box
    • Next set Secure Renegotiation to "Require Strict"

 

From here save your SSL client profile, apply it to a public accessible virtual server, and run SSL labs against your server. Its kind of fun testing and playing around to see what modifying the cipher settings.

 

Enjoy. 

     



WireGuard is a simple, fast, and secure VPN that utilizes state-of-the-art cryptography. With a small source code footprint, it aims to be faster and leaner than other VPN protocols such as OpenVPN and IPSec. WireGuard is still under development, but even in its non optimized state it is faster than the popular OpenVPN protocol. In fact it connects so quickly you'll likely find your self going to whats my IP to insure your traffic is actually being tunneled.

The WireGuard configuration is as simple as setting up SSH. A connection is established by an exchange of public keys between server and client. Only a client that has its public key in its corresponding server configuration file is allowed to connect. WireGuard sets up standard network interfaces (such as wg0 and wg1), which behave much like the commonly found eth0 interface. This makes it possible to configure and manage WireGuard interfaces using standard tools such as ifconfig and ip. I was going to post a guide but there are so many good guides already on the internet just google it. Also the official documentation is really good and has some install guides as well.

Enjoy, be safe, support and contribute to WireGuard.



**Update 8/8/2020**
I have been spending some time in the #lobby-bar channel on the Defcon Discord. We have been reminiscing of Defcons' past and one of the attendees posted up a couple Docs from the AP they had worked on. I wanted to post them because they pretty much sum up a lot of peoples Defcon experience at the AP.
**Update 8/8/2020**
Dark Tangent just posted in the info-booth Discord channel a link to the Defcon info page.  Really nice easy to use interface and search functionality:
 
**Update 8/7/2020**
Wall of Sheep aka Packet Hacking Village talk schedule is online.
Shedule:
Where to watch:

 
**Update 8/6/2020** 
DCTV just posted their twitch channel.  
 
 
**Update 8/6/2020 13:21**
 "The following Twitch Streams are available depending on the schedule for each specific track or village. The schedule can be found at https://info.defcon.org/.

I have found if you follow the channels within twitch you can see what channels are live or not.

**Update 8/6/2020 10:00**
I have found a method to engage in Defcon that works well with me. 
  1. Identify the talks I want to watch
  2. Create a youtube playlist listing the talks in order of the live Q&A's (then watch them)
  3. Created calendar events of the live Q&A with the speaker on the Defcon Twitch channel (https://www.twitch.tv/defconorg)
  4. between live Q&A I want to watch I stream the Defcon Entertainment channel on twitch (https://www.twitch.tv/defcon_music)
  5. Hang out on the Defcon Discord server in #linecon, #dcg, #pool-1, and the #pool-3 channels we will see which ones i spend the most time in. Currently linecon is holding most of my attention.
We will see when the Villages open up tomorrow how much time I will hang in there.

Defcon 28 Safe Mode is a culture shock, and for me the move to online does not feel as natural as I though it would. I am fighting 18 years of routine and habit that I need to kick. That being said I wanted to create a page where I could keep track of whats going on and where it happening,  I imagine there will be a lot of spin off twitch channels and discord channels I will try to keep it up.

Defcon Talks:
The schedule was released https://defcon.org/html/defcon-safemode/dc-safemode-schedule.html One interesting point about the lineup it looks like all the talks will be sequential so you can see every talk if you want.

Defcon Forums:
This is the major jumping off point for everything going down at Defcon 28. Explore the forums that interest you and get involved. Some of the villages have already set up active discord channels and the will list them in their forum channel.

Defcon Entertainment:
Here is a link to some of the live entertainment that will be going down. Defcon has posted the schedule of the live sets and published the twitch channel that will be streaming the performances.

Defcon Swag Shop:

Discord Servers:
Defcon 28 Main Server: https://discord.gg/defcon
Blue Team Village: https://discord.gg/nqMrrJ
Wireless Village: https://discord.gg/pfu9mu
Ham Radio Village: https://discord.gg/Dv38mc
Biohacking Village: https://discord.gg/G3TyUp


Defcon Reddit Post
Below is an extensive list that was posted by Defcon on Reddit (https://www.reddit.com/r/Defcon/comments/hzafso/lots_of_links_defcon_and_village_info_pages/)I wanted to capture it here to share with everyone.

Please also consider "The One!", a unofficial consolidated schedule of all the Villages, Talks, Contests, and various Events occurring during DEFCON 28. One page, one look, all things happening!

Lots of things are still missing, As various schedules get released and processed they will appear. Keep coming back to get the latest.

Links
DEFCON home page
DEFCON 28 FAQ
DEFCON FAQ
DEFCON 28 Schedule and Speakers pages
DEFCON 28 Demolabs Schedule
DEFCON 28 Entertainment
DEFCON 28 Villages

Village info derived from the following pages
DEF CON 28 Villages page
DEF CON 28 Villages Forum page

Villages
Village Name & Web PageForum LinkDC Village DescDiscord ChanSoc Media Links
AI VillageForumAIV Desc#aiv-general-textTW @AIvillage_DC
AeroSpace VillageHack-A-SatForumAEV Desc#av-lounge-bar-textTW @SecureAerospace TW @Hack-A-Sat
AppSec VillageForumASV Desc#asv-general-textTW @AppSec_Village YT AppSec Village
BioHacking VillageForumBHV Desc#bhv-general-textTW @DC_BHV YT Biohacking Village TI biohackingvillage
BlockChain VillageForumBCV Desc#bcv-general-textTW @BCOSvillage
Blue Team VillageForumBTV Desc#btv-general-textTW @BlueTeamVillage TI BlueTeamVillage
Car Hacking VillageForumCHV Desc#chv-welcome-textTW @CarHackVillage
Career Hacking VillageForumCRV Desc#cahv-general-textTW @HackingCareer
Cloud VillageForumCSV Desc#cloudv-general-textTW @cloudvillage_dc
Crypto and Privacy VillageForumCPV Desc#cpv-general-textTW @CryptoVillage TI cryptovillage SL cryptovillage YT Crypto and Privacy Village
Data Duplication VillageForumDDV Desc#ddv-general-textTW @DDV_DC
Ethics VillageForumETV Desc#ev-general-textTW @EthicsVillage
Hack The SeaForumHSV Desc#htsv-general-textTW @hack_the_sea
Ham ExamsForumHRV Desc#ham-general-text@DC_Ham_Exams
Ham Radio VillageForumHRV Desc#ham-general-textTW @HamRadioVillage TI hamradiovillage
Hardware Hacking VillageSolder Skills VillageForumHHV Desc#hhv-infobooth-textTW @DC_HHV
ICS VillageForumICS Desc#ics-general-textTW @ICS_Village YT ICS Village TI ics_village
IoT VillageForumIOT Desc#iotv-general-textTW @IOTvillage TW @ISEsecurity TW @Villageidiotlab TI iotvillage
Lock Bypass VillageForumLBV Desc#lbpv-social-textTW @bypassvillage
Lockpick VillageForumLPV Desc#lpv-general-textTW @toool TI toool_us
Monero VillageForumMOV Desc#mv-general-textTW @MoneroVillage TI MoneroVillage YT Monero CommunityWorkgroup
Password VillageForumPWDV Desc#pwdv-general-textundefined
Payment VillageForumPAYV Desc#pay-labs-textTW @paymentvillage YT Payment Village TI paymentvillage
Packet Hacking VillageForumPHV Desc#phv-infobooth-textTW @WallOfSheep FB @WallOfSheep
Recon VillageForumRCV Desc#rv-general-textTW @ReConVillage FB @ReConVillage
Red Team VillageForumRTV Desc#rtv-briefings-textTW @VillageRedTeam YT Red Team Village TI redteamvillage DC Red Team Village
Rogues VillageForumRGV Desc#rov-announcements-textTW @RoguesVillage TI RoguesVillage
Social Engineering VillageForumSEV Desc#sev-general-textTW @HumanHacker FB SocialEngineerInc
Voting Machine VillageForumVMV Desc#vmhv-general-textTW @VotingVillageDC
Wireless VillageForumWLV Desc#wv-general-textTW @WiFi_Village DC Wireless Village
Other Interesting Links
Defcon MUD a Multi User Dungeon. An old school game style that uses telnet to connect to a remote server. Check it out https://mud.mog.ninja/

Other cons during #SummerHackerCamp

EventTwitterFacebook
BlackhatT @BlackHatEventsFB Black Hat Events
BSides Las VegasT @BSidesLV
r00tz AsylumT @r00tzasylum
QueerconT @QueerconFB @queercon
The Diana InitiativeT @DianainitiativeFB @dianainitiative

Guides/Tips/FAQs

General / previous years
JK-47 - BSidesLV & DEFCON Conference Tips
Just another DEF CON guide
HACKER SUMMER CAMP 2018 GUIDE
On Attending DefCon


Mutual authentication or two-way authentication refers to two parties authenticating each other at the same time. Below is an excerpt from the Wikipedia page, they did a nice job explaining what mutual authentication is.

By default the TLS protocol only proves the identity of the server to the client using X.509 certificate and the authentication of the client to the server is left to the application layer (for example, username and passwords.) TLS also offers client-to-server authentication using client-side X.509 authentication. As it requires provisioning of the certificates to the clients and involves less user-friendly experience, it's rarely used in end-user applications. But at a small scale or proof of concept this is completely reasonable.

Mutual TLS authentication (mTLS) is much more widespread in business-to-business (B2B) applications, where a limited number of programmatic and homogeneous clients are connecting to specific web services, the operational burden is limited, and security requirements are usually much higher as compared to consumer environments. The factor that impacts scaling of this design is not the technology, devices are built to handle millions of SSL transactions, but the policy and procedures around the certificate management and client on-boarding. 

In this example a client will be connecting to an Apache web server and authenticate using mutual TLS authentication.

First you must build the web server running SSL. You can find a lot of step by step articles online about how to build an Apache web server preferably on Linux. Also take a look at Lets Encrypt, it's a free SSL certificate issuer that is freaking awesome.

Once you have your web server up and running you will want your client to generate a certificate. This can be done using OpenSSL the de facto for everything SSL on the internet. There are some awesome guides on how to build out the mutual SSL authentication and the accompanying Apache config. The best one I found was on stefanocapitanio.com they do a great job of outlining each step that makes up the mutual TLS authentication. In this example I will Jump ahead to the certificate creation,

This will generate your private key and certificate. You will need to answer the following questions when prompted this makes up the attributes of your client certificate.
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
Here is an example what it will look like.
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:US
State or Province Name (full name) []:State 
Locality Name (eg, city) []:City
Organization Name (eg, company) []:Anything
Organizational Unit Name (eg, section) []:Anything
Common Name (eg, fully qualified host name) []:Username
Email Address []:youremail

Next we will combine the Key and Certificate in PKCS#12 file:
openssl pkcs12 -inkey client-key.pem -in client-certificate.pem -export -out bundle-certificate.p12
This file will be the private key and certificate combined with a secure password. This is what you will install on your OS or browser (such as firefox) to encrypt your data and issue to the server as your identity.

Once you have generated and installed your client certificate you will want to send ONLY THE PUBLIC CERTIFICATE, in this case client-certificate.pem to the server admin. Your public certificate will be what is used to identify your machine when it attempts to connect tot he web server. Read up on the Apache man pages about he SSLVerifyClient options there is quit a but out there. This is a very basic config.

The server admin will place your certificate in their certificate store and configure Apache.
<VirtualHost *:443>
  ServerName secure.example.com
  DocumentRoot "/var/www/html"
  ServerAdmin [email protected]
  SSLEngine on
  SSLCertificateFile /home/sempla1/ssl/server-cert.pem
  SSLCertificateKeyFile /home/sempla1/ssl/private/server-key.pem

  SSLVerifyClient require
  SSLVerifyDepth 10
  SSLCACertificateFile /home/sempla1/ssl/client-certificate.pem
</VirtualHost>

Once the server has been configured you can attempt to connect. Normally you will be prompted to provide your client certificate if it is working. This is apache asking for your public certificate to validate it is the same one that Apache was configured with. In firefox you can go into Preferences then Security and Privacy and tell the browser to automatically issue that certificate if you like.

That's it I had a good time playing with this I hope you do as well.



Join the EFF

Join the EFF
#privacy #digitalrights

Contact Me

Name

Email *

Message *