It all started with a QNAP NAS to backup my raw photography’s and have some way to store other media files. Then some smart home devices randomly appeared. And then some enhancements needed to be done to a proper way to stream audio and video to my LG dumb smart TV. Then an UPS to safekeep the system operation. And from simple things with simple goals, piece by piece, we end up with a complex soup of things that somehow work. This details what I call my current homelab, and gives the main ideas on how you can build one yourself… if you really want to.
Inspired by the blogpost My Red Team assessment hardware by David Sopas this post describes hardware tools that I have in my inventory, their purpose as well as the features/firmwares/tricks that motivated me to buy them. This is not intended to be an exhaustively detailed list, but I will try to give some rational and use-cases for each of the tools, as well as categorize them.
Well, I guess it is better late than never, so almost four months after the closing of the OPOSEC XMAS CTF Challenge Christmas 2022 this is my write-up on how I did manage to solve all the challenges and finish in the 4th place.
Some weeeks ago I’ve participated in the “Portuguese Cybersecurity Competition” organized by InvestAmarante and powered by hackrocks. Given that this was a begginer friendly (maybe too friendly…) Capture The Flag competition there were no major learning takeways, but it is always useful to pratice some old tricks and tools (and do some over-engineering… as always).
Internet-of-Things, cyber-physical systems, smart spaces, smart anything… All these buzzwords and keywords are either vendor-generated for pushing ever-complex devices and things from WiFi-controlled kettles to health monitoring devices or created by academia (e.g., Internet-of-Everything, Web-of-Things, Connected Devices, Smart Devices) to sustain minor works by reinventing well-known technologies and approaches. In this post we will go back to the basics of IoT, without all the keyword-driven buzz, and build a simple temperature/humidity monitoring system with a mostly straightforward architecture and with minimal programming/configuration needs.
Phishing campaigns are standard, but they are typically poorly done and low-effort. But, sometimes, we catch a good one. This reports an analysis carried over one of those shady emails.
Today, 1 April of 2022, I have successfully defended my PhD thesis work on Software Engineering and Internet-of-Things entitled “Increasing the Dependability of Internet-of-Things Systems in the context of End-User Development Environments”. Here follows the abstract.
Now that I’ve finally delivered my PhD thesis (awaiting public defense), and after sharing for more than 3 years my tools, strategies, and tips for surviving in the academic world by word of mouth, I have finally got the time — and energy — to put this in a written form.