Ask anyone in this community to name their dream jobs and chances are pretty good that penetration tester will be somewhere on the shortlist. Pentesters are allowed — nay, encouraged — to break into secure systems, to test the limits and find weak points that malicious hackers can use to gain access. The challenge of hacking and the thrill of potentially getting caught combined with no chance of prosecution? And you get paid for it? Sounds good to us!
Professional pentesting is not all cops-and-robbers fun, of course. Pentesters have to stay abreast of the latest vulnerabilities and know what weaknesses are likely to exist at a given facility so they know what to target. There are endless hours of research, often laborious social engineering, and weeks of preparation before actually attempting to penetrate a client site. The attack could be as complex as deploying wireless pentesting assets via FedEx, or as simple as sprinkling thumb drives in the parking lot. But when it comes, a pentest often reveals just how little return companies are getting on their security investment.
As a consultant for a security firm, Eric Escobar gets to challenge companies on a daily basis. He’s also a regular on the con circuit, participating in challenges like Wireless CTF at DEF CON… until he won too many times. Now he helps design and execute the challenges, helping to share his knowledge with other aspiring pentesters. And he’ll stop by the Hack Chat to do the same with us, and tell us all about the business of keeping other businesses in business.
Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about. Continue reading “Pentesting Hack Chat This Wednesday”→
As open as the Raspberry Pi Foundation has been about their beloved products, they would be the first to admit there’s always more work to be done: Getting a Pi up and running still requires many closed proprietary components. But the foundation works to chip away at it bit by bit, and one of the latest steps is the release of a camera stack built on libcamera.
Most Linux applications interact with the camera via V4L2 or a similar API. These established interfaces were designed back when camera control was limited and consisted of a few simple hardware settings. Today we have far more sophisticated computational techniques for digital photography and video. Algorithms have outgrown dedicated hardware, transforming into software modules that take advantage of CPU and/or GPU processing. In practice, this trend meant bigger and bigger opaque monolithic pieces of proprietary code. Every one a mix of “secret sauce” algorithms commingling with common overhead code wastefully duplicated for each new blob.
We expect camera makers will continue to devise proprietary specialties as they seek a competitive advantage. Fortunately, some of them see benefit in an open-source framework to help break up those monoliths into more manageable pieces, letting them focus on just their own specialized parts. Leveraging something like libcamera for the remainder can reduce their software development workload, leading to faster time to market, lower support cost, and associated benefits to the bottom line that motivates adoption by corporations.
But like every new interface design borne of a grandiose vision, there’s a chicken-and-egg problem. Application developers won’t consume it if there’s no hardware, and hardware manufacturers won’t implement it if no applications use it. For the consumer side, libcamera has modules to interop with V4L2 and other popular interfaces. For the hardware side, it would be useful to have a company with wide reach who believes it is useful to open what they can and isolate the pieces they can’t. This is where the Raspberry Pi foundation found a fit.
The initial release doesn’t support their new High-Quality Camera Module though that is promised soon. In the short term, there is still a lot of work to be done, but we are excited about the long term possibilities. If libcamera can indeed lower the barrier to entry, it would encourage innovation and expanding the set of cameras beyond the officially supported list. We certainly have no shortage of offbeat camera sensor ideas around here, from a 1-kilopixel camera sensor to a decapped DRAM chip.
The sculpture shown here is called Puzzle Cell Complex and was created by [Nervous System] as an art piece intended to be collaboratively constructed by conference attendees. The sculpture consists of sixty-nine unique flat panel pieces, each made from wood, which are then connected together without the need for tools by using plastic rivets. Everything fits into a suitcase and assembly documentation is a single page of simple instructions. The result is the wonderfully-curved gyroid pattern you see here.
The sculpture has numerous layers of design, not the least of which was determining how to make such an organically-curved shape using only flat panels. The five-foot assembled sculpture has a compelling shape, which results from the sixty-nine individual panels and how they fit together. These individual panel shapes have each been designed using a technique called variational surface cutting to minimize distortion, resulting in their meandering, puzzle-piece-like outlines. Each panel also has its own unique pattern of cutouts within itself, which makes the panels lighter and easier to bend without sacrificing strength. The short video embedded below shows the finished sculpture in all its glory.
It’s a frequently encountered problem in any workshop; how do you make a bench? And once you’ve made a bench, how do you put it on wheels to move it about? [Eric Strebel] needed a cart for his laser cutter, so he designed his own in an unexpected material: malleable iron pipe.
The attraction of iron pipe is its ready availability and ease of assembly. [Eric] created a sturdy table complete with a worktop made from a solid door in a very short time. T pieces and joiners were used, along with a hefty set of flanges for the tabletop itself. The casters are the expanding stem variety, with a compressed rubber insert expanding to hold them securely in place.
The result as can be seen in the video below is a really neat trolley for the cutter, followed quickly by another workbench. It would be interesting to know more about this material, parameters such as its wall thickness and lateral strength, because in a table without any cross-bracing it becomes important to avoid an untimely collapse.