I first became interested in the Alexa Skills Kit when I got a strip of LED lights for Christmas. Python is my go to language so I used the Flask-Ask framework on a Raspberry Pi to make them change colors, flash, etc. with my voice. The code was very basic, and the networking with ngrok was messy. The endpoint domain had to be changed in the skill’s configuration every time ngrok was stopped or my Raspberry Pi restarted.
A while ago I wrote an introduction to virtual private networks. I have an odd love for this technology and the wide array of uses that come with implementing it. What used to be a tool for enterprise use is now almost a commonly known term. Just this evening, NPR ran a story about normal people using VPNs to deter spying by internet providers and the government. They recommend the safest way to use a VPN is to host it yourself. Today it is easier than ever to configure a quality VPN server.
Opening up a computer to the world exposes it to a plethora of bots scanning for default credentials, unpatched vulnerabilities, among other things. It’s important to take this into consideration when configuring a publicly facing service. Key exchange or a strong password, access control, and keeping on top of updates are a must. When I first got to campus which has a mostly public facing network, I was amazed at the number of bots constantly scanning everything and anything.
The good ol’ sticky keys exploit. As a security centric IT intern, I was elected to break into the old machine an employee had forgotten the password to. The machine ran XP - easy. This exploit works on at least XP and Windows 7. The only thing required is a bootable Linux live USB and a handful of Linux and Windows commands. If all goes smoothly, you can expect to be back in the machine in roughly 5 minutes. #What The sticky keys prompt is titled ‘sethc.exe’. This application is called by name when shift is pressed 5 times. By changing the contents of this executable, we can run whatever code we want at system level. Since this hotkey is listening even before login, it’s very useful for resetting a lost password. By changing the command prompt’s name to sethc.exe, we gain a system level shell which can manage users.
Command-line interfaces (CLI) give users the ability to quickly execute commands and change virtually anything about a machine. However, sometimes remembering or researching the write command or syntax can take more time than clicking through a GUI. These two tools will help save you time by simplifying commands and making your everyday work more efficient.