Side Projects and Me: The Untold Story

It’s surprising how quickly time passes when you’ve got a reasonably intense day job, as well as several projects on the side, some of which have time pressures. Truth be told, I hadn’t given much thought to this blog, until recently when I interviewed someone for a penetration testing position – and was gently reminded that I actually had one.

Anyway, life is interesting when you’ve got a few projects on the side:

  • I’m working through the matasano cryptography challenges at the moment (working), and as it turns out, cryptography is rather easy to get wrong, both at a conceptual (e.g. predictable values) and an implementation level (e.g. overflows).
  • I’m running a “newbie night” on the 30th of June, focussing on introducing newbies to practical information security. If this goes well, there are plans to continue doing similar events, focusing on lower-level penetration testing (think exploit-exercises VMs)
  • On a suggestion from a friend, I’m also progressing (very slowly) through the vulnerable VM’s at Vulnhub.
  • I’m redoing my fuzzer – years of incremental upgrades have shown it to be clunky and not viable from an architectural standpoint moving forward, so I’m rebuilding it in pure python with a much more compartmentalized architecture (which happens to make it easier to fuzz browsers and similar clients).

Of these, the fuzzer is taking most of my time, because each day that I work on it is a day closer to being able to fuzz software again without spending hours upon hours tweaking XML specification files to include the correct mutation scripts (that said, you can already use it to fuzz browsers and whatnot, if you’re using something else to do crash reporting).

Fuzzer interface screencap

Turns out writing user interfaces is a massive PITA.

It’s probably not in a state ready for public consumption yet – the user interface is a steaming pile of terrible, and the help won’t make much sense unless you’re me, or want to spend 30 minutes asking me about it.

On a completely unrelated side note, I also purchased a shiny new Logitech mechanical keyboard on the weekend, after my last one endured it’s final coffee spillage.

Aww yeah... dem clicky keyz.

Aww yeah… dem clicky keyz. Mines not as colourful though… and what’s up with that numpad

It didn’t work properly at first – Windows didn’t immediately recognize it, and kept trying to look for drivers. Once it determined it couldn’t find the right drivers (fair call, I wasn’t about to install Logitech’s configuration thingy… or Razer’s Synapse “Cloud-Based Driver”, for that matter), it would disable the device.

It wasn’t a hardware fault – my BIOS recognized it, and other operating systems easily recognized it.

A few iPad google searches and a remote desktop session later,I found this was caused by usb.inf being missing from %windir%\inf. You can replace it with a copy from %windir%\System32\DriverStore\FileRepository\usb.inf_<blah> – just pick the right architecture and the latest date, presumably – and your devices should work again.

About Norman

Sometimes, I write code. Occasionally, it even works.
This entry was posted in Bards, Computers, Jesting. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s