{"id":4620,"date":"2024-01-16T09:00:15","date_gmt":"2024-01-16T16:00:15","guid":{"rendered":"https:\/\/zed.inguardians.com\/?p=4620"},"modified":"2024-01-10T20:07:32","modified_gmt":"2024-01-11T03:07:32","slug":"be-curious-tinker-learn-and-grow-part-2","status":"publish","type":"post","link":"https:\/\/zed.inguardians.com\/blog\/be-curious-tinker-learn-and-grow-part-2\/","title":{"rendered":"Be Curious, Tinker, Learn and Grow &#8211; Part 2"},"content":{"rendered":"<h1><span style=\"font-weight: 400;\">Be Curious \u2013 Tinker, Learn and Grow<\/span><\/h1>\n<p><a id=\"ember2314\" class=\"ember-view\" href=\"https:\/\/www.linkedin.com\/in\/jonathan-studebaker-b27438167\/\">Jonathan Studebaker<\/a>, Senior Security Consultant at <a class=\"app-aware-link \" href=\"https:\/\/www.linkedin.com\/company\/inguardians-inc.\/\" data-test-app-aware-link=\"\">InGuardians, Inc.<\/a><\/p>\n<p><i><span style=\"font-weight: 400;\">Editor&#8217;s Note: Part 1 of this three-part series discussed the pros and cons of some common learning approaches, information resources for infosec topics that may interest you, ways to get involved in the infosec community, and setting realistic goals, budgets, and expectations for yourself to maintain work\/life balance.\u00a0<\/span><\/i><\/p>\n<p><i><span style=\"font-weight: 400;\">Part 2 discusses some specific training resources and projects like building a home lab, tinkering with Raspberry Pi, and ways to explore mobile, cloud, wireless, and physical security.\u00a0<\/span><\/i><\/p>\n<p><i><span style=\"font-weight: 400;\">Part 3 will provide a simplified direct reference list with links and resources broken down by topic, with the intention to provide periodic updates as resource relevance and availability change over time.<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">The purpose of this blog post is to give you some options for exploring and tinkering with different topics within the information security space. While neither comprehensive nor definitive, these tools and projects are meant as a jumping-off place to get you started. I also want to stress that the projects and resources referenced are entirely optional. The goal should be to explore your curiosity and tinker so that <\/span><b>you<\/b><span style=\"font-weight: 400;\"> get the most out of it in a safe and secure way.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Play Online Interactive Challenges and Capture the Flags (CTFs)<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Capture the Flags are challenges that teach security topics and techniques in a gamified manner with the goal of obtaining proof of successful exploitation in the form of a flag. If you think you may prefer a hands-on experience with live online CTF labs and challenges, several free and paid options are available. The difficulty and type of available challenges usually vary over time, but these types of activities can keep your skills sharp, introduce you to new concepts, and provide a way to interact with other individuals and teams in the security community.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.hackthebox.com\/\"><span style=\"font-weight: 400;\">Hackthebox<\/span><\/a><span style=\"font-weight: 400;\"> (Challenges for network, web, mobile, RE, binary exploitation, etc.)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/portswigger.net\/web-security\"><span style=\"font-weight: 400;\">Portswigger Web Security Academy<\/span><\/a><span style=\"font-weight: 400;\"> (Web apps and APIs)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.holidayhackchallenge.com\/\"><span style=\"font-weight: 400;\">SANS Holiday Hack challenges<\/span><\/a><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">This is not a comprehensive list and there are many other online resources available that have covered this topic in far greater depth.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Writeups and guides for past challenges are also available for many CTF challenges and platforms. These can provide an interesting read if you\u2019re not quite ready to dive into live challenges yet.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Build a Home Lab<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">A primary consideration of this lab should include network monitoring, isolation, and control of what gets in and out. This will give you the freedom to tinker and explore in a safe environment that will not impact other systems and devices on your network. I highly recommend checking out <\/span><a href=\"https:\/\/www.youtube.com\/watch?v=t7bhnK47Ygo\"><span style=\"font-weight: 400;\">How to Build a Home Lab<\/span><\/a><span style=\"font-weight: 400;\"> for details to create one possible solution.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you have old hardware collecting dust in your closet or basement, dig it out and see what can be repurposed for your lab. Old laptops, desktops, servers, Raspberry Pis, and a variety of networking equipment can be used for this purpose. If you don\u2019t have dedicated networking devices that will suit this need, check the above video link for some great cost-effective solutions and how to attach and configure them for use in the environment.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you don\u2019t have an old computer for your Virtual Machine (VM) server, another excellent option for a home lab setup is a <\/span><a href=\"https:\/\/www.amazon.com\/s?k=nuc+mini+pc\"><span style=\"font-weight: 400;\">mini-PC like an Intel NUC<\/span><\/a><span style=\"font-weight: 400;\">. The small form factor of these devices makes them an appealing option since they can fit just about anywhere in a typical home or office. Despite the small form factor, these devices can pack quite a punch, with modern processors and RAM options commonly available up to 64 GB. When paired with <\/span><a href=\"https:\/\/www.vmware.com\/products\/esxi-and-esx.html\"><span style=\"font-weight: 400;\">VMWare ESXi<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/www.proxmox.com\/en\/proxmox-virtual-environment\/overview\"><span style=\"font-weight: 400;\">Proxmox VE<\/span><\/a><span style=\"font-weight: 400;\">, or your hypervisor of choice, they are more than capable VM hosts. However, depending on the model and the hardware configuration, the devices can come in anywhere from around $500 to more than $1000.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If a new mini-PC is out of your price range, consider checking out sources like eBay and Craigslist for used network and computer equipment. For example, at the time of this writing a used ESXi server with dual Xeon E36440 processors, 96GB of RAM, and a 2.1TB RAID 5 array was available within driving distance for $150. These kinds of deals don\u2019t last very long, but with a little patience and persistence, it\u2019s possible to find an incredible home lab server without breaking the bank. However, if you go the route of finding a place in your house or office to put a rack-mount server and\/or rack-mount network equipment, it may be difficult depending on your situation.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Once you have your hypervisor of choice up and running on your server and your network is isolated and monitored to your satisfaction, the sky&#8217;s the limit for exploration. You can spin up something like <\/span><a href=\"https:\/\/www.kali.org\/\"><span style=\"font-weight: 400;\">Kali<\/span><\/a><span style=\"font-weight: 400;\"> Linux or <\/span><a href=\"https:\/\/github.com\/mandiant\/commando-vm\"><span style=\"font-weight: 400;\">Commando VM<\/span><\/a><span style=\"font-weight: 400;\">, a virtualized firewall like <\/span><a href=\"https:\/\/www.pfsense.org\/\"><span style=\"font-weight: 400;\">pfSense<\/span><\/a><span style=\"font-weight: 400;\"> or <\/span><a href=\"https:\/\/opnsense.org\/\"><span style=\"font-weight: 400;\">OPNsense<\/span><\/a><span style=\"font-weight: 400;\">, various SIEMs, IDS and IPS options, honeypots, vulnerable VMs, containers and apps like <\/span><a href=\"https:\/\/docs.rapid7.com\/metasploit\/metasploitable-2\/\"><span style=\"font-weight: 400;\">Metasploitable 2<\/span><\/a><span style=\"font-weight: 400;\"> or <\/span><a href=\"https:\/\/github.com\/rapid7\/metasploitable3\"><span style=\"font-weight: 400;\">3<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/github.com\/OWASP\/IoTGoat\"><span style=\"font-weight: 400;\">OWASP IoTGoat<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/owasp.org\/www-project-vulnerable-web-applications-directory\/\"><span style=\"font-weight: 400;\">OWASP<\/span><\/a><span style=\"font-weight: 400;\"> Vulnerable Web Application Directory Applications<\/span><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/www.vulnhub.com\/\"><span style=\"font-weight: 400;\">Vulnhub VMs<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/crackmes.one\/\"><span style=\"font-weight: 400;\">Crackmes.one<\/span><\/a><span style=\"font-weight: 400;\"> challenges and <\/span><a href=\"https:\/\/twseptian.github.io\/penetration%20testing\/pentest\/Vulnerable-Resource\/\"><span style=\"font-weight: 400;\">other Damn Vulnerable resources<\/span><\/a><span style=\"font-weight: 400;\">. <\/span><a href=\"https:\/\/www.microsoft.com\/en-us\/evalcenter\"><span style=\"font-weight: 400;\">Evaluation versions<\/span><\/a><span style=\"font-weight: 400;\"> of Microsoft Operating Systems are also available and can be used to build an Active Directory test environment.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Use these virtual machines and environments to test software and configurations, exploits and mitigations, and various other offensive and defensive techniques. If you have a physical switch and wireless AP in this lab, you can even connect and test physical devices (IoT, Mobile Devices, etc.). The nice part about a home lab is it is private to you and resides within your own controlled internal environment. You get to choose when and what to explore and how you want to explore it. Keep an open mind and think of the possibilities.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Setting up a lab in an isolated cloud environment is also an option but is beyond the scope of this post. Some high-level things to consider when considering cloud labs are the cloud provider costs and the inability to connect physical devices like IoT and mobile devices directly via WiFi, ethernet, etc. However, I encourage you to explore a cloud lab if the topic interests you.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Gadgets, IoT and Hardware<\/span><\/h3>\n<h4><i><span style=\"font-weight: 400;\">Raspberry Pi<\/span><\/i><\/h4>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-4629\" src=\"http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/pi4-1024x701.jpeg\" alt=\"raspberry pi 4\" width=\"1024\" height=\"701\" srcset=\"http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/pi4-980x671.jpeg 980w, http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/pi4-480x329.jpeg 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1024px, 100vw\" \/><i><span style=\"font-weight: 400;\">Raspberry Pi 4<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">With supply chain bottlenecks starting to ease, the pricing and availability of Raspberry Pi devices are beginning to return to pre-pandemic levels. Consider grabbing a <\/span><a href=\"https:\/\/www.raspberrypi.com\/\"><span style=\"font-weight: 400;\">Raspberry Pi<\/span><\/a><span style=\"font-weight: 400;\">, or an <\/span><a href=\"https:\/\/itsfoss.com\/raspberry-pi-alternatives\/\"><span style=\"font-weight: 400;\">alternative<\/span><\/a><span style=\"font-weight: 400;\">. These versatile credit card-sized single-board computers can be used for a variety of security-related projects. The relatively low cost of these systems makes them an excellent choice to try out something new with minimal commitment or as part of a home lab. Some examples include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Portable <\/span><a href=\"https:\/\/www.kali.org\/get-kali\/#kali-arm\"><span style=\"font-weight: 400;\">Kali Linux<\/span><\/a><span style=\"font-weight: 400;\"> System<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Wi-Fi deauth and key capture &#8211; <\/span><a href=\"https:\/\/pwnagotchi.ai\/\"><span style=\"font-weight: 400;\">Pwnagotchi<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">BadUSB &#8211; <\/span><a href=\"https:\/\/www.kali.org\/docs\/arm\/raspberry-pi-zero-w-p4wnp1-aloa\/\"><span style=\"font-weight: 400;\">P4wnP1<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">DNS Blackholes &#8211; <\/span><a href=\"https:\/\/pi-hole.net\/\"><span style=\"font-weight: 400;\">Pi Hole<\/span><\/a><span style=\"font-weight: 400;\"> or <\/span><a href=\"https:\/\/github.com\/AdguardTeam\/AdGuardHome\/wiki\/Raspberry-Pi\"><span style=\"font-weight: 400;\">Adguard Home<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Honeypots \u2013 <\/span><a href=\"https:\/\/github.com\/mattymcfatty\/HoneyPi\"><span style=\"font-weight: 400;\">HoneyPi<\/span><\/a><span style=\"font-weight: 400;\"> or <\/span><a href=\"https:\/\/github.com\/thinkst\/opencanary\"><span style=\"font-weight: 400;\">OpenCanary<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Target systems \u2013 <\/span><a href=\"https:\/\/github.com\/OWASP\/IoTGoat\"><span style=\"font-weight: 400;\">IoTGoat<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"http:\/\/raspwn.org\/\"><span style=\"font-weight: 400;\">RasPwn<\/span><\/a><\/li>\n<\/ul>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-4632\" src=\"http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/pwnagotchi-1024x667.jpeg\" alt=\"\" width=\"1024\" height=\"667\" srcset=\"http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/pwnagotchi-980x638.jpeg 980w, http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/pwnagotchi-480x313.jpeg 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1024px, 100vw\" \/><i><span style=\"font-weight: 400;\">Pwnagotchi\/Raspberry Pi 0 W<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">In addition to standalone projects like the ones mentioned above, a <\/span><a href=\"https:\/\/payatu.com\/blog\/using-rasberrypi-as-poor-mans-hardware-hacking-tool\/\"><span style=\"font-weight: 400;\">Raspberry Pi can be used as a multi-tool for hardware hacking<\/span><\/a><span style=\"font-weight: 400;\"> through its General Purpose Input Output (GPIO) pin headers. If you have an interest in IoT and hardware hacking, a Pi can provide a low-cost and effective option to reduce the barrier of entry and allow you to tinker.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Finally, there are tons of non-security-focused <\/span><a href=\"https:\/\/projects.raspberrypi.org\/en\"><span style=\"font-weight: 400;\">projects<\/span><\/a><span style=\"font-weight: 400;\"> that you can do with a Raspberry Pi which may pique your interest. If you have a spouse or child with an interest in Linux, programming, and\/or basic electronics, a Raspberry Pi is a fantastic low-cost option to help encourage their growth and to do something together as a family.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Mobile iOS and Android<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Mobile device testing is another topic you may want to build your skills in. Start by reading a few blog posts to get your feet under you. Some apps can be emulated\/simulated and tested using free or paid tools including <\/span><a href=\"https:\/\/developer.apple.com\/xcode\/\"><span style=\"font-weight: 400;\">Xcode<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/developer.android.com\/studio\"><span style=\"font-weight: 400;\">Android Studio<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/www.corellium.com\/\"><span style=\"font-weight: 400;\">Corellium<\/span><\/a><span style=\"font-weight: 400;\">, and <\/span><a href=\"https:\/\/www.genymotion.com\/\"><span style=\"font-weight: 400;\">Genymotion<\/span><\/a><span style=\"font-weight: 400;\">. Depending on the tool and license chosen, these tools can provide a free or low-cost starting point to test the waters without having to buy physical phones or tablets.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Check out the <\/span><a href=\"https:\/\/github.com\/prateek147\/DVIA-v2\"><span style=\"font-weight: 400;\">Damn Vulnerable iOS App<\/span><\/a><span style=\"font-weight: 400;\"> and <\/span><a href=\"https:\/\/github.com\/rewanthtammana\/Damn-Vulnerable-Bank\"><span style=\"font-weight: 400;\">Damn Vulnerable Bank<\/span><\/a><span style=\"font-weight: 400;\"> for a couple of training platforms to learn and develop your Android and iOS pentesting skillset. If you find that you want to pursue this topic long-term and on a deeper level, it may be worth picking up a few books or taking a class.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Emulators can only go so far, and if you are planning to pursue this topic, it is ideal if you can pick up a few physical devices. This is especially true if the app that you are testing has special requirements or needs to interact with other physical devices like IoT devices or peripherals. Use your Google skills to find out what other devices people are using and recommend for this purpose. If you happen to have an old device in a drawer somewhere, dig it out and see what you can do with it. If not, eBay and Craigslist are an excellent resource for obtaining used Android and iOS devices. Make sure to do your research to determine the version of Android or iOS running on the device, and if the device can be rooted or jailbroken. Your employer may also have devices for this specific purpose, so it never hurts to ask about training opportunities for their use. If you get a device to use for this purpose, be cautious when you are setting it up. If you connect it to the internet and it auto-updates, you may ruin your chances of rooting or jailbreaking it.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you have interest or experience in testing the security of iOS itself, check out <\/span><a href=\"https:\/\/security.apple.com\/research-device\/\"><span style=\"font-weight: 400;\">Apple\u2019s Security Research Device<\/span><\/a><span style=\"font-weight: 400;\"> (SRD) and bug bounty program.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Note: Buying pre-rooted and pre-jailbroken devices is not recommended as they could contain malicious software and configurations.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Cloud<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Cloud security can be daunting due to the variations from cloud provider to cloud provider, the technologies used, and in the stakeholder\u2019s specific requirements and implementation. In some cloud environments, knowledge of network pentesting is applicable and can help to find the exposure of misconfigured, outdated, and exploitable systems and services. While other environments have a larger focus on web, APIs and cloud-native applications, container orchestration, and identity management.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A good starting place can be in the documentation of the cloud providers themselves with standard reference architectures and diagrams, security reference architecture for <\/span><a href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/security-reference-architecture\/architecture.html\"><span style=\"font-weight: 400;\">AWS<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/architecture\/guide\/security\/security-start-here\"><span style=\"font-weight: 400;\">Azure<\/span><\/a><span style=\"font-weight: 400;\">, and <\/span><a href=\"https:\/\/cloud.google.com\/architecture\/framework\/security\"><span style=\"font-weight: 400;\">Google<\/span><\/a><span style=\"font-weight: 400;\">, and secrets and API documentation.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are several vulnerable deployment projects to learn and practice with as well, including <\/span><a href=\"https:\/\/github.com\/RhinoSecurityLabs\/cloudgoat\"><span style=\"font-weight: 400;\">CloudGoat<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/github.com\/m6a-UdS\/dvca\"><span style=\"font-weight: 400;\">Damn Vulnerable Cloud Application<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/github.com\/OWASP\/wrongsecrets\"><span style=\"font-weight: 400;\">OWASP WrongSecrets<\/span><\/a><span style=\"font-weight: 400;\">, and more. Some of these projects require you to have a cloud provider account and incur the associated costs of spinning up and running cloud resources. Remember that these are intentionally vulnerable cloud deployments so make sure to use them in a non-production and isolated cloud environment and tear them down when you have finished tinkering.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you have an interest in containers and Kubernetes, make sure to check out <\/span><a href=\"https:\/\/www.inguardians.com\/training\/\"><span style=\"font-weight: 400;\">InGuardians<\/span><\/a><span style=\"font-weight: 400;\"> for training opportunities and <\/span><a href=\"https:\/\/www.bustakube.com\/\"><span style=\"font-weight: 400;\">Bust-a-Kube<\/span><\/a><span style=\"font-weight: 400;\"> to try out an intentionally vulnerable Kubernetes cluster in your local lab VM environment.<\/span><\/p>\n<h4><i><span style=\"font-weight: 400;\">Wireless Radio Gadgets<\/span><\/i><\/h4>\n<p><span style=\"font-weight: 400;\">Note: You are responsible for ensuring the wireless activities are legal and in compliance with regulations governing the transmission of radio signals.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Wireless security is more than just Wi-Fi. There are many different wireless tools, standards, protocols, frequencies, radios, and antennas to tinker within this space. Some may be of more interest to you than others and not all of them are useful nor applicable to every situation.<\/span><\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-4633\" src=\"http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/rtl-sdr-1024x475.jpeg\" alt=\"\" width=\"1024\" height=\"475\" srcset=\"http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/rtl-sdr-980x454.jpeg 980w, http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/rtl-sdr-480x222.jpeg 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1024px, 100vw\" \/><i><span style=\"font-weight: 400;\"> RTL-SDR<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">If you have an interest in the wireless space in general, a Software Defined Radio (SDR) can be a good place to start, and you can pick up an <\/span><a href=\"https:\/\/www.amazon.com\/s?k=rtl-sdr\"><span style=\"font-weight: 400;\">RTL-SDR<\/span><\/a><span style=\"font-weight: 400;\"> for around $50. You can\u2019t transmit with it, but you can receive and begin to learn about tools like <\/span><a href=\"https:\/\/www.gnuradio.org\/\"><span style=\"font-weight: 400;\">GNURadio<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/gqrx.dk\/\"><span style=\"font-weight: 400;\">gqrx<\/span><\/a><span style=\"font-weight: 400;\">, and <\/span><a href=\"https:\/\/github.com\/jopohl\/urh\"><span style=\"font-weight: 400;\">Universal Radio Hacker<\/span><\/a><span style=\"font-weight: 400;\"> (URH). Amateur Radio books and resources are abundant if you have a passion for the wireless spectrum and want to pursue your Ham license.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To learn about testing traditional 802.11 Wi-Fi networks, I recommend picking up a couple of cheap <\/span><a href=\"https:\/\/www.pandawireless.com\/\"><span style=\"font-weight: 400;\">Panda Wireless<\/span><\/a><span style=\"font-weight: 400;\"> adapters compatible with Kali Linux or Rasbian. If you have an old router or access point, you can use it and a laptop, cellphone, or tablet as isolated targets in a test environment. There are lots of free blogs and video resources out there regarding the use of tools like <\/span><a href=\"https:\/\/www.aircrack-ng.org\/\"><span style=\"font-weight: 400;\">aircrack-ng<\/span><\/a><span style=\"font-weight: 400;\"> and <\/span><a href=\"https:\/\/www.kismetwireless.net\/\"><span style=\"font-weight: 400;\">kismet<\/span><\/a><span style=\"font-weight: 400;\">. There are also some online training resources that offer virtualized wireless lab networks if obtaining wireless hardware is a limitation for you. <\/span><a href=\"https:\/\/www.pentesteracademy.com\/course?id=9\"><span style=\"font-weight: 400;\">PentesterAcademy\u2019s Wi-Fi Security and Pentesting Course<\/span><\/a><span style=\"font-weight: 400;\"> is one potential option and is available with a reasonably priced subscription to its training services.<\/span><\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-4630\" src=\"http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/ble-sniffer-1024x500.jpeg\" alt=\"\" width=\"1024\" height=\"500\" srcset=\"http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/ble-sniffer-980x479.jpeg 980w, http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/ble-sniffer-480x234.jpeg 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1024px, 100vw\" \/><i><span style=\"font-weight: 400;\">Adafruit BLE Sniffer<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">Bluetooth Low Energy (BLE) is a short-range protocol that is often found in IoT. If you\u2019d like to explore this technology I recommend picking up an <\/span><a href=\"https:\/\/www.adafruit.com\/product\/2269\"><span style=\"font-weight: 400;\">Adafruit BLE sniffer<\/span><\/a><span style=\"font-weight: 400;\"> and a cheap <\/span><a href=\"https:\/\/www.amazon.com\/bluetooth-dongle-linux\/s?k=bluetooth+dongle+linux\"><span style=\"font-weight: 400;\">Bluetooth USB dongle that works with Linux<\/span><\/a><span style=\"font-weight: 400;\">. You can use the sniffer to capture BLE packets in <\/span><a href=\"https:\/\/www.wireshark.org\/\"><span style=\"font-weight: 400;\">Wireshark<\/span><\/a><span style=\"font-weight: 400;\"> and interact with BLE services and characteristics with something like a CSR8510 using tools like <\/span><a href=\"https:\/\/linux.die.net\/man\/1\/hcitool\"><span style=\"font-weight: 400;\">hcitool<\/span><\/a><span style=\"font-weight: 400;\"> and <\/span><a href=\"https:\/\/manpages.debian.org\/unstable\/bluez\/gatttool.1.en.html\"><span style=\"font-weight: 400;\">gatttool.<\/span><\/a><span style=\"font-weight: 400;\"> Nordic Semiconductor also has a free mobile app called <\/span><a href=\"https:\/\/www.nordicsemi.com\/Products\/Development-tools\/nrf-connect-for-mobile\"><span style=\"font-weight: 400;\">nRF Connect<\/span><\/a><span style=\"font-weight: 400;\"> which is another great option to tinker with BLE by using a cellphone or tablet.<\/span><\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-4628\" src=\"http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/cc2531-1024x782.jpeg\" alt=\"\" width=\"1024\" height=\"782\" srcset=\"http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/cc2531-980x748.jpeg 980w, http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/cc2531-480x366.jpeg 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1024px, 100vw\" \/><i><span style=\"font-weight: 400;\">CC2531 (bottom) CC debugger and adapter cable (above)<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">Zigbee is another wireless protocol commonly used in the IoT world and can be used to build medium or large mesh networks. If this technology piques your interest, check out the <\/span><a href=\"https:\/\/github.com\/riverloopsec\/killerbee\"><span style=\"font-weight: 400;\">Killerbee framework<\/span><\/a><span style=\"font-weight: 400;\"> and the <\/span><a href=\"https:\/\/github.com\/virtualabs\/cc2531-killerbee-fw\"><span style=\"font-weight: 400;\">Bumblebee firmware for the TI-CC2531<\/span><\/a><span style=\"font-weight: 400;\">. Note that you will need a programming cable\/adapter and a CC debugger to upload the new firmware to the TI-CC2531.<\/span><\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-4627\" src=\"http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/flipper-1024x484.jpeg\" alt=\"\" width=\"1024\" height=\"484\" srcset=\"http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/flipper-980x463.jpeg 980w, http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/flipper-480x227.jpeg 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1024px, 100vw\" \/><i><span style=\"font-weight: 400;\">\u00a0Flipper Zero<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">A relatively new gadget in the space that has been getting a lot of attention lately is the <\/span><a href=\"https:\/\/flipperzero.one\/\"><span style=\"font-weight: 400;\">Flipper Zero<\/span><\/a><span style=\"font-weight: 400;\">. These hacking multi-tools can be used to interact with Sub-GHz radio frequencies, Radio Frequency Identification (RFID), Near Field Communication (NFC), and infrared. Additionally, these devices can be configured to run as Human Interface Device (HID) controllers, BadUSB devices and more. The Flipper Zero also has a GPIO interface which can be used to interact with third-party or home-grown expansion modules further increasing its versatility. It has an extremely active community and considering everything that it can do, a very reasonable price tag under $200.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are many other RF bands, protocols, and standards that we didn\u2019t cover in this post including Bluetooth, LoRaWAN, Narrowband IoT (NB0IoT), Ultra-wideband (UWB), Z-Wave and more. <\/span><a href=\"https:\/\/www.digikey.com\/en\/articles\/welcome-wireless-menagerie-rf-bands-protocol-choices-embedded-developers-part-1\"><span style=\"font-weight: 400;\">DigiKey has a couple of articles<\/span><\/a><span style=\"font-weight: 400;\"> that can give you a brief primer on some of these and resources to start using in your projects.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Let\u2019s get physical<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">First, watch the movie <\/span><i><span style=\"font-weight: 400;\">Sneakers<\/span><\/i><span style=\"font-weight: 400;\">, next, I would really like to hear you say the word\u2026\u201cpassport\u201d. Do you dream of being part of a team whose goal is to perform surveillance, plan, and enter a building by bypassing an RFID door access control and alarm system, all under the cover of darkness? It sounds like something out of a spy movie, but physical security is another skill that you may be interested in developing.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Getting Private Investigator (PI) training and licensure is another option to consider if you have an interest in the physical security space. Surveillance tools and tactics, information-gathering research, and investigation are some of the most important early steps in a successful physical penetration test. Doing some research and developing your skills in social engineering can be extremely important both for information-gathering purposes as well as talking your way into or out of a situation.<\/span><\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-4631\" src=\"http:\/\/zed.inguardians.com\/wp-content\/uploads\/2024\/01\/lockpick-965x1024.jpeg\" alt=\"\" width=\"965\" height=\"1024\" \/><i><span style=\"font-weight: 400;\">\u00a0Lockpick (right), tension wrench (center), padlock (left)<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">Although not a skill that is often used during live physical engagements, lock picking is a fun activity that you can practice on your own or with others and can act as a gateway into the physical security space. <\/span><a href=\"https:\/\/www.sparrowslockpicks.com\/collections\/beginner-lock-pick-sets\"><span style=\"font-weight: 400;\">Buying<\/span><\/a><span style=\"font-weight: 400;\"> or <\/span><a href=\"https:\/\/www.art-of-lockpicking.com\/homemade-lock-pick-materials\/\"><span style=\"font-weight: 400;\">making<\/span><\/a><span style=\"font-weight: 400;\"> a small set of lock picks, watching a few YouTube videos, or <\/span><a href=\"https:\/\/www.art-of-lockpicking.com\/how-to-pick-a-lock-guide\/\"><span style=\"font-weight: 400;\">guides<\/span><\/a>,<span style=\"font-weight: 400;\"> and practicing at home with a few <\/span><a href=\"https:\/\/www.sparrowslockpicks.com\/pages\/practice-locks\"><span style=\"font-weight: 400;\">practice locks<\/span><\/a><span style=\"font-weight: 400;\"> is all you need to get started.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are often lock sport and physical bypass security groups that have regular meetups across the country. Lockpicking can be a great way to break the ice and can lead to discussions about books, bypass tools and techniques, common keys, door access control systems, camera and alarm systems, training opportunities, or even access to practice doors and spaces.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Depending on your level of interest in this specialty, it is very easy to collect a lot of (sometimes expensive) tools and gadgets. Unfortunately, practicing your skills with these tools safely, legally, and inexpensively can be even more of a challenge without a safe and appropriate training environment. When you are ready to take your learning to the next level, check out training opportunities from places like <\/span><a href=\"https:\/\/redteamalliance.com\/RTCG.html\"><span style=\"font-weight: 400;\">Red Team Alliance<\/span><\/a><span style=\"font-weight: 400;\"> and <\/span><a href=\"https:\/\/enterthecore.net\/training-physical-penetration\/\"><span style=\"font-weight: 400;\">The Core Group<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Be aware of your local laws regarding social engineering, <\/span><a href=\"https:\/\/www.lvcriminaldefense.com\/usc\/false-personation\"><span style=\"font-weight: 400;\">impersonation<\/span><\/a><span style=\"font-weight: 400;\"> and possession, and intent of <\/span><a href=\"https:\/\/www.toool.us\/lockpicking-laws.php\"><span style=\"font-weight: 400;\">lockpicks<\/span><\/a><span style=\"font-weight: 400;\"> and \u201c<\/span><a href=\"https:\/\/www.legalmatch.com\/law-library\/article\/possession-of-burglary-tools.html\"><span style=\"font-weight: 400;\">burglary tools<\/span><\/a><span style=\"font-weight: 400;\">\u201d.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Wrapping Up<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">I hope this post has given you at least one new tool, resource, or project idea to pursue your next educational goal in the infosec space. Small steps like reading a blog or building a pwnagotchi can be a cheap and easy way to test the waters and learn about something new. In some cases, small steps like these can lead to deeper interests, advanced research, and ultimately expertise in an area that you are passionate about. So, embrace your curiosity, go tinker with something, and most importantly, have fun!<\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Be Curious \u2013 Tinker, Learn and Grow Jonathan Studebaker, Senior Security Consultant at InGuardians, Inc. Editor&#8217;s Note: Part 1 of this three-part series discussed the pros and cons of some common learning approaches, information resources for infosec topics that may interest you, ways to get involved in the infosec community, and setting realistic goals, budgets, [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[67],"tags":[],"_links":{"self":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/4620"}],"collection":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/comments?post=4620"}],"version-history":[{"count":2,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/4620\/revisions"}],"predecessor-version":[{"id":4634,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/4620\/revisions\/4634"}],"wp:attachment":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/media?parent=4620"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/categories?post=4620"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/tags?post=4620"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}