Today had a conversation with my son around the topic of mental blocks. We took some focus time and turned it into a new way of thought regarding education. I feel like I had the rare opportunity to see his brain create a new neuropathway as it relates to reading comprehension. He is learning to read between the lines and relate what he is reading to his everyday life! I'm not exaggerating.

Um... but why are you bringing this up in a tech blog?!

It wasn't until my education veered towards science and technology, specially hardware(s) & software(s), that I had a similar experience. My brain woke up and I learned to learn because I began to actually 'care' about what I was learning. The more I cared the more I retained. Each person's brain is wired differently and certain triggers, areas of interest, cause us to focus.

What is your point?

I used to be a club DJ and promoter with an insane media storage system and custom editing rig in high school. I used to produce an online car magazine hosted on my own servers in college. I used to modify automotive ECUs and various body control modules, because hardly anybody else did, and build cars from the ground up after graduation. I realized I had been circling technology [and infosec] after my 1st CTF. Years later. I still keep cars and music in my life. Everyday.



There are limitless areas of interest that, in one way or another, are heavily intertwined with cyber security. A JUMP isn't always necessary to be 'in cyber'. Sometimes all that is needed is a pivot, from what you are currently doing, to align it more with the realm of cybersecurity. Unique stories through unique perspectives creates diversity. Right?

• A. Buford
• Late-April, 2022

[Archive Repost] Block run : I miss that car

6 block test. No lights. No sounds. Tested up to 18psi. Fun times.

• By A Buford
• (orig)October 19th, 2020

parted /dev/[drive] mklabel gpt <- set parition type

parted /dev/[drive] mkpart primary ext4 0% 100% <- create partition

mkfs.ext4 /dev/[newparition1] <- format parition

• A. Buford
• Late-April, 2022

Instead you could be depriving yourself of sleep and making a blog article or reading one. Outter Ridge... good show or no go?

• A. Buford
• Late-April, 2022

• A. Buford
• Late-April, 2022

• A. Buford
• Late-April, 2022

TFW you give a corp a security audit

...and they do nothing with the information.

Once you are aware of a potential vulnerability [one of] the next steps are to measure the risks of exploitation (x) and compare the result to the cost of mitigation/remediation (y). IF X>Y then you better move your @$$! When an org knows about a vulnerability and DOES NOTHING in response they essentially are leaving clients and personel exposed to risks of a pre-calculated magnitude. It's in the report!

TLDR; A vulnerability is not a secret to keep. It is a secret to find. You know who you are and i'll leave it at that.

• A. Buford
• Late-April, 2022

Great last day of class. We were provided the opportunity to talk with Hacker-Researcher-Security Advocate Alyssa Miller and The Notorious Jayson E. Street. Forever grateful to the City Colleges of Chicago and my instructors. Christina & Diego. I will always try to pay it forward.

Now I need to figure out which project, of the many below, to finish. 🤓

• A. Buford
• Late-April, 2022

Team Competition Attitude

I'll stop writting so I can focus on comp. My aim is for superior accuracy. We are at 100% in top 200(ish)!!!

pt#2 | We did EXTREMELY well as a school. Final result information coming soon! I'm proud of my classmates and what we ALL achieved!

• -A. Buford
• Late-April, 2022

304th place out of 3,453 : NCL Spring 2022 | Individual CTF

Better luck next time sucka

My goal each year is to do better than the last. CTFs are no different. I didn't achieve nearly as many captures which dropped my 'percentile' by 3. I felt like I had to learn a good amount just to achieve what I did. Time to hit the books and try harder next time.

I actually had recorded a flag capture on accident!

• -A. Buford
• Mid-April, 2022

The task force cont.

Only one gpu left to install. That will be done on the day of team competition. It is currently in another build. No need to rush itWork well done.

• -A. Buford
• April, 2022

Monitor a webpage for changes in PYthon

Long story short... you can. https://github.com/dgtlmoon/changedetection.io

That is all

• -A. Buford
• April, 2022

The task force??

I built another PC from mostly spare PC parts laying around for the purpose of 'using spare pc parts laying around' and having a dedicated cracking rig for the NCL competition. It has done well so far in the individual competition. I believe I was able to place 314/6023 with cracking being the LEAST difficult. The goal is to have it up and running in time for the team competition. The idea is a 'shared cracking station'. I dream too big sometimes though w/ tech.

Depending on work-work tasks it may-or-maynot happen in time. (I'll most likely end up selling and building better for next season instead.)

Unrelated: Salesforce is a monster that requires undivided attention.

• -A. Buford
• April, 2022

Waking up to answers like I never went to sleep..

It is now April 2022 and the Spring Edition of the NCL Capture the Flag competition is in progress. It has been more challenging than last year by a long shot. Last night I went to sleep right after being stuck on a couple of flag captures. This morning when I woke up I literally felt as if my body was rested but my brain never turned off. I am not tired. I feel 'enlightened'. Yes, it is VERY strange. Yes, it is interesting.

Hey.... guess what is even more odd. I captured 3 flags within 15 minutes of being awake. I somehow had a better understanding of javascript, hashcat, and John the Ripper.

The same thing happened to me last season AND when studying for the Cloud+ Exam. I have always been a big believer that the mind is not understood enough.

• -A. Buford
• April, 2022

Are you a hacker?

Q: Do you know how to 'hack'? | A: Yes.

Q: Are you a hacker? | A: No.

Q: Are you good at it? | A: I think i'm ok.

Q: Why don't you go into that field professionally

A: Sometimes I get to the front door and my answers aren't right. My brother and I were talking the other day and I realized that I had a rather difficult time answering a VERY simple question. What do you like about 'hacking'? After a long cruise and several nothing stories later I think I finally had an answer.

I have a problem with not knowing how things work. I naturally think of ways to 'make it better'. I like to make things more efficient. I have a problem with not knowing how things work.

So, I'm in a situation. I like hacking but I don't really like to hack 'stuff' unless it is part of knowing something completely. Crazy. The more you know.

• -A. Buford
• April, 2022

A crackstation because i'm tired

I'm tired of waiting every time I participate in a CTF hashing type engagement. Cracking to be specific. The Fall 2022 NCL season has reminded me of the pain. I have decided to, over the next yearday/week, use my old FX8350 (eww), and my spare gpu's to hopefully create a cracking rig worth keeping. Tbc..

• -A. Buford
• Mar, 2022

buf0rd.ens

Owned. Just because. I feel it should be mine. No real news

• -A. Buford
• Mar, 2022

Skywalker

As my son is growing older he definitely needs me to stop using 'his' PC to edit YouTube videos and play Battlefield 4. It's time to make something dedicated to video editing and streaming gaming. Something with the ability to 'roll forward' as needed and resale when desired....More information available here going forward.



• -A. Buford
• Mar, 2022

Because Python matters: Lists

I feel like i'm moving a little fast. I am going to go over the basics to make sure I know the small details. For instance, ".insert" feels brand new but I know I learned it before.



• -A. Buford
• March, 2022

Because Python matters

I'm going to dedicate some real time this year to learning python. I feel I can use it professionally in so many ways once I know what i'm doing.







• -A. Buford
• March, 2022

This IP is too dirty"

Moving website to a new host. A new everything.

• -A. Buford
• Feb, 2022

New video uploaded | "Ubiquiti Unifi Block device from Internet with USG Firewall"

• -C. Tiamo
• Feb, 2022

• -A. Buford
• Feb, 2022

New video uploaded | "PLEX Media Server Complete Install to Setup! Ubuntu"

• -C. Tiamo
• Feb, 2022

Server progress to one page

Going forward, to avoid duplication, updates regarding my home media/automation/etc server, ShadowMoon, will be kept solely on the progress page indexed on the right. When a new article is posted the image above will be displayed here.

• -C. Tiamo
• Jan, 2022

I am extremely happy to share that I will be participating in the Fall 2021Spring 2022 National Cyber League Capture the Flag competition. Another opportunity to grow!

• A. Buford
• Jan, 2022

Woke up to IOMMU and SVM disabled.

This morning I woke up and my home automation stuff was completely inop. I came to notice the Hass.io VM wasn't running and wouldn't start when commanded via virt-manager GUI or CLI on host. None of my VMs were running on Shadowmoon. The kvm command returned 12. I went to investigate the BIOS to start at the ground floor. Power cycle.



10:30am. MSI hypervisor showed IOMMU set tp Auto and SVM disabled. This would be a good reason for VMs being inop on the MSI x470 motherboard. I had both enabled and have not recently rebooted. That seems a little odd. Upon reboot all VM are working as they should.

• -A. Buford
• Jan, 2022

My server 'farm'

I'm almost finished with the Server 'farm' project. The purpose of the project was to use the heat generated by the exhaust on my servers to provide a warm climate for whatever I plant inside. I needed more nature inside ever since Covid for peace of mind and sanity. I love it so far. Plants in a work enviroment make a huge difference in mood.



A 2.5in inlet fan combined with a home made regulated exhaust register allows me to keep the temperature at 80 degrees while the servers stay nice and cool. I'm not 100% sure what is going on but I believe i'm growing a giant amaryllis and wheat grass. Fun times.


• -A. Buford
• Jan, 2021

My FIRST challenge coin

I recently participated in the 2021 Fall National Cyber League capture the flag hacker compeitition. Yesterday evening I receving my first ever challenge coin. I have been in CTFs before but never one that has adopted this new 'hacker statement' item that-is a "Challenge Coin"

Challenge coins come from an old military tradition that bled into the professional infosec realm then into the broader hacker community through the continual overlap between the communities. In some ways like an informal medal, coins generally represent somewhere you have been or something you have accomplished. Consequently, you can buy some, and be gifted or earn others; the latter are generally more traditional and respected.

[https://tisiphone.net/2016/10/06/whats-a-challenge-coin-anyway-for-hackers/]

Fall 2021 Top 500 Player[271/3,6440]

I am very grateful. The City Colleges of Chicago provided yet another opportunity for me to grow in cyber security. Special thank yous to the SMEs that shared their wealth of knowledge and to my instructors, Chris[tie] and Diego. They created a very well put together course.

• -A. Buford
• Jan, 2021

H.A.C.S and a home made CC2531

I'm not really sure what the deal is with this cc2531 and Home Assistant. I see many others have the same issue with loss of communication. I have a need to continually switch between two, identical, modules I created by manually updating the configuration file for Zigbee2MQTT (port: /dev/ttyACM0 vs port: /dev/ttyACM1). Both modules are attached via USB-passthrough via the hypervisor (QEMU/KVM). The issue itself may be using home assistant virtualized on a host machine with several virtualized USB devices. Several usb devices using the same bus.




After moving some of the USB adapters around I was able to get rid of the usb connectivity issue for the most part. I did still leave both adapters connected to the Hass.io virtual machine for redundancy. Unfortunately, because this server ALSO is host to my PLEX server I had to reconfigure the LIVE TV DVR usb tuner.


Although the zigbee adapter is working I still have my suspicions that the issue is related to the number of devices on the 'zigbee network'

• -A. Buford
• Jan, 2021

useradd martin

password martin

smbpasswd -a martin

• -A. Buford
• Jan, 2021

"Android users can now disable 2G to block Stingray attacks"

Source: https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/

TLDR:

Also, it’s important to clarify that 2G remains active as a backup for emergency calls no matter what position the toggle is set to, so there’s no way to disable it completely. Finally, Apple hasn’t given iPhone users a choice to lock their devices to 4G/5G connectivity only, but now that Google has taken that step, it’s likely the competition follows.

From a law enforcement perspective there is a workaround. Only make 2G available in areas where monitoring is "required" by essentially forcing a service'downgrade'. From a private citizen's perspective there is a workaround. The stringray devices follows 'devices' right? It gets a little tricky though when devices are tethered or using a meshed wifi network.

Respect yourself and respect your privacy

• A. Buford
• Jan, 2021

UPDATED! | National Cyber League Final results | Fall 2021

It seems that I may have spoke too soon. As team 'acIDBurn' we placed on the top 80th percentile by taking rank 193 of 920.

Individually I placed in 217 of 3,644 (top 95th percentile). I have a ways to go.

• A. Buford
• Jan, 2021

Personal plan for 2022. Dive deeper into cyber security

Yeah... I have nothing to put here yet.

• A. Buford
• Jan, 2022

Streaming 4K movie via SMB/Samba on PLEX

I honestly didn't see this moment coming in 2021 simply because it really didn't matter [to me] much. It was very interesting to find that my home PLEX server, Shadow Moon, has a less difficult time streaming 4K movies when the media/storage is mounted via Samba vs an attached SSD. That might be worth researching for more bottlenecks. [Full Write-up]

• A. Buford
• Dec, 2021

National Cyber League Final results | Fall 2021

Wow! Another great CTF done. More amazing, like-minded folks, were met. Overal the experience was FANTASTIC! This is a CTF that I would highly recommend to hackers and infosec professionals of ALL skill levels.

As a team, acIDBurn, we captured rank 193 of 3910 putting us into the 96th percentile with a Platinum badge to show for it! Many members of the team and I will be competiing again come Spring 2022. Come join us at Wilbur-Wright College only if you want to do better.

• A. Buford
• Dec, 2021

After a long talk with myself and BRG we have decided to move website designing to the public back burner. Website hosting and data backup will remain an option, for now. Individual contributors may be contacted for personal services which may include web design.




Unfortunately as an organization/group, with no current full-time employees, we are not able maintain and secure additional platforms. Current clients are 'grandfathered' and will not be affected. No hard feelings.

TDLR; No new site designing...

• -Luke D.
• Dec, 2021

Notes: ASUSwrt-Merlin network-wide VPN

Why? Cannot trust ALL guest clients to secure traffic

What? Add to custom configuration; "pull-filter ignore "ifconfig-ipv6" (per https://www.snbforums.com/threads/release-asuswrt-merlin-380-65-is-now-available.37295)

Why again? Issue with tunneling vpn traffic due to ipv6.



When? Verified on Dec 2021 on guest LAN

• -A. Buford
• Dec, 2021

Plex Media Server is hosted on the 'Shadowmoon' server so I have also added to the 'Projects In Progress' page. Keep the questions coming.

• -A. Buford
• Dec, 2021

Citibank Phishing over at m4-citi.com

We received an email here at BRG to review an SMS message that was received for possible malicious activity... phishing

As initially thought when reported the website is an attempt to steal login credentials. The website https://m4-citi.com serves no other purpose. Cpanel setup per recon.

When reviewing the full url it is noted that token tracking is implemented (token=438ff06f...............)

When "Invalid User ID or Password" is returned the token is updated (token=9c8508b88e..............)

Whois of m4-citi.com continually points to address " P.O. Box 1769 Denver, CO 80201" which is stapled to malicious activities while Registered to Domain Protection Services Inc., including but not limited to: Fraud, DNS hijacking, and spam

Reported to spoof@citi on Dec 6th 2021

• A. Buford
• Dec, 2021

Operation Bottleneck

After finally getting the home internet upgraded to gigabit I decided to run a speed test from desktop PCs on both local area networks. 600Mbps down/30Mbps up. Time to troubleshoot.

Speed test via ISP app via home gateway @ 600Mbps. Upgraded gateway and ISP apology received. Speed at gateway now 1000~Mbps. Speed @ LAN1 <= 60%. Speed @ LAN2 = Near 1GB. How are the networks different? Where do they split after the gateway?At the router. LAN1 is sitting behind a firewall and a Unifi USG. LAN2, the guest LAN, is behind an ASUS AC1600. That would do it.

Cause of bandwidth limitation issue on LAN1: ISP gateway initially only rated at 600Mbps w/(+) Unifi USG causing bandwidth limitation (ALL services turned on) post firewall.

TLDR; It doesn't take an expert to make sure you are getting the most out of the services you pay for monthly. Internet included. Consumers cannot always count on an ISP to have their best interest in mind. Sometimes you get only what you ask for and not what is needed.

• A. Buford
• Dec, 2021

TY for the Host(lists)

Good Saturday after Thanksgiving! Came across this great write-up including a good amount of hostlists to add to your Pi-Hole configuration to prevent most unwanted inquries.

https://jussiroine.com/2021/07/goodbye-telemetry-and-ads-running-pi-hole-in-a-home-network/

• A. Buford
• Nov, 2021

"GoDaddy Announces Security Incident Affecting Managed WordPress Service"

•Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.

•The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords.

•For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.

•For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers.

More info @ https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm

When you host anywhere there are inherent risks involved. Wordpress is one of those platforms where updating, patching, and monitoring is a MUST. This was avoidable and extremely unfortunate as with any security breach. From this will stem various attacks with data obtained.

• C. Tiamo
• Nov, 2021

it.buf0rd.com

New frontend coming soon that is strictly for tech service requests. Buf0rd.com will remain the home for blog posts, images, general research,and all things parent BRG related.

• C. Tiamo
• Nov, 2021

Cheers! To a new page! & NCL Update

Now on to page #5. Old blog posts are accessible via links on right. I will be updating the site layout soon and archiving the old.

For the NCL individual competition portion I placed in 221st place out of 6,482. 97th percentile. I took some of the flags very personally.





• A. Buford
• Oct, 2021