Category Archives: Init6 Security Group

Drone Wars: Weaponizing your drone

Drones, UAVs, UASs, whatever you want to call them are getting a lot of attention lately, bad press mostly.  There is a lot of talk of how drones are bad for privacy, used by drug lords, terrorist and some other shit.

Things can get really interesting when you combine your Xcopter with WiFi, Bluetooth, SDR, DevBoards or Digital Video. Did you know it can actually become a remote controlled turret? , Interesting or scary, you decide.

Its a matter of time until legislators start to make stupid laws for stupid people.  I say be creative, innovate, experiment but use common sense and don’t get mad if you get in trouble for doing something stupid.

Recently at Security B Sides Puerto Rico 2015, I presented on weaponizing drones.  Here is my preso …

… and video recording of it.

–jq

InfoSec Gamification

By: Jose Quinones (@josequinones)

Bx2sDpLCUAQd5C6

On the last Init6 InfoSec Group meeting I did a short talk about InfoSec Gamification and them we did some “gaming”.

While there I talked about how its done and about my experience with it.  I would like to encourage other professionals, students and enthusiasts to participate in various CTFs and “competitions” out there.

There are many, many open CTFs out there, but I would like you to consider SANS NetWars Tournaments, Course, Continuous and CyberCity.  Although they are paid services (really worth the money) these are designed by Ed Skoudis, The Grand Master Jedi of InfoSec (in my opinion) and just top notch.  NetWars is structured and design not only to test your skills, but to learn and have fun at the same time.  Not many CTFs can state the same.

My First experience with  CTF’s was a couple of years ago and I just fell in love with them. They are a great experience and mostly a lot of fun.

Well,  … here is my presentation from the meet, enjoy and remember to comment:

See you on the wire …

JQ

How to delegate and audit password changes on a Domain

Recently I was asked to give some administrative personnel the ability to reset, unlock and change passwords. To which I said: HELL NO!, but since this was not my decision to make and it was my task to complete I had to come up with a solution.  So I had to give these muggles access but have the ability to audit what they were doing.

… so that is how this post came to be.
Continue reading How to delegate and audit password changes on a Domain

Angry Nerd! …

Angry Nerd!  …

angry_nerdTengo que ventear (rant) como me siento sobre mi experiencia con la comunidad de TI en PR porque si no, exploto.

En agosto del año 2012 un grupo de personas comenzamos una comunidad de seguridad de tecnologias de información (TI) en PR y creamos a Obsidis Consortia, Inc corporación sin fines de lucro para trabajar toda la logística, manejar los fondos, y dar seriedad y legalidad al asunto; así nació el grupo de seguridad Init6 y la conferencia Security BSides Puerto Rico, y todavía nos faltan cosas por hacer como las simulaciones (capture the flag), establecer un Hackerspace en PR y aumentar nuestra aportacion a la comunidad en general.
Continue reading Angry Nerd! …

Proxima reunion init6 en el 2013

Asegurando la web: Borde entre administradores de Sistema y Desarrolladores web
Por Eric Fortis

Presentando los principios de seguridad aplicables a dos grupos, administradores de  sistema y desarrolladores web. La meta es mejorar la comunicación entre ambos grupos para así lograr diseños seguros. La estrategia de la presentación es comparar el malware tradicional versus gusanos en javascript; además comparar el desarrollo tradicional del software versus un desarrollo consciente de la seguridad. Además, algunas demonstraciones de errores de programación encontrados en el reporte “2011 CWE/SANS Top 25 Most Dangerous Software Errors” y un hardening workflow para servidores. El flujo de trabajo cubre una herramienta para documentar (estado inicial/final), mantener el reporte cifrado y mitigar errores humanos.

Fecha: Jueves, 24 de enero de 2013
Hora: 6:30 pm (puntual)
Lugar: TBD

Registro:
on-site: 6:00pm – 6:30pm
on-line: here