Hacksonville Put that in your pipe and grep it!


Physical Security: From Locks to Dox

This past weekend at B-Sides Orlando, I gave my Physical Security Penetration Testing talk, Physical Security: From Locks to Dox. This talk is an introduction to Physical Security Penetration Testing, touching on the pen-testing methodology, and mostly focused on attacks that can be executed against locking mechanisms.

Download the slides here: Physical Security: From Locks to Dox.
View the recording here: Jess Hires - Physical Security: From Locks to Dox.

Huge thanks to everyone who gave me feedback, and additional feedback is welcomed.

Questions or comments? Write them in the comments below, or send me a message!


Using Exif to Sort Photos

I was recently trying to come up with the best way to sort my photos, which typically get dumped on a hard-drive in a nondescript folder like "Photos" or "Pictures". What I came up with is actually pretty simple, and uses the Exif data of the image to determine when it was taken.

Exif is a standard for tagging media, which can store useful information such as the date created, the camera model, ISO mode, shutter speed and aperture, geo-location, etc.. While primarily used for image files, Exif data can also exist in audio files.

I'm using "extra/perl-image-exiftool" from the Arch repositories to accomplish this, and this package should be available on most distributions.


B-Sides JAX

Later this year, Jacksonville will have its first Security B-Sides conference, B-Sides JAX. Our tentative date is November 15, 2014, we're planning on just a 1-day conference, and we have a ton of work to do before then. If you'd like to help with the conference, please contact me.


Filed under: Hacksonville No Comments

Presentation: Hardening a VPS

For those who saw my JaxLUG presentation yesterday, here are the slides. This presentation was based on the guide I published today, also called Hardening a VPS.

Download the slides here: Hardening a VPS


Hardening a VPS

Not every VPS is created equally. Make sure yours is secure before trusting it on the internet.

This guide is for CentOS 6 x86_64, but can be used for many other Linux systems with minor alteration. All commands in this guide will need to be done as root, or using sudo.

Topics Covered

Here’s a quick list of everything we’re covering in this guide.

Creating new users
Sudo access
SSH access
YubiKey 2-factor authentication
Splunk Forwarder