Category Archives: technology

We’ve all been telling lies

This afternoon, I spent almost two full hours at a meeting for a local information security group.

The group is composed of an entirely suspected group of people. Almost everyone over 35 years of age was White and Male. Almost everyone under 35 years of age was Male and Not White. There were four women out of approximately 30 people.

Information security staff members from the two largest privately owned companies in the United States were there. Students, a teacher (although I don’t think any of his students will ever learn anything), non profits, under and unemployed, the military.

I realized that for all of the years I’ve worked in information technology or with computers we have all been telling lies.

The conversations are the same, the problems are the same, the answers are the same.

We have been telling lies.

Extant lies for empty purposes. To support our technology myths and fairy tales.

Technology is not magic. Devices are not bewitched and we are not gurus or wizards or profits. Most of us are barely adept at supporting an ever expanding shell that is not of significant self to shore from the impending crash.

But we have continued to tell lies. We tell them to convince money we can win a war. We plan them to believe we will adjust quickly enough to counter even the basest of failure or ignorance. We create them to fill the absolute void between zero and one. We theorize singularities of perfect purpose. We check boxes and build straw kingdoms for a statistic impossibility of survival.

This is not a war we can win. No defense or plan will succeed. In this fight there is not a winning outcome. We are due to realize that there will be compromise. We can stop the wheel or let it fall off or be gone before we see it fail.

We should focus on learning to fix things again. Of building with materials that will last or serve their purpose and be reworked into a resource for the next compromise.

Playing around with recon-ng

recon-ng is an Open Source set of tools created by the estimable LaNMaSteR53 (aka Tim Tomes). Proper credit goes out to Black Hills Information Society for their sponsorship and support of the toolkit.

recon-ng is incredibly easy to use and I found it very intuitive. The modules and core are written in Python and easy to modify to meet your needs. The interface functions well and provides good help information. There are also numerous handy options for scripting, reading commands from a file, etc. All of the data collection goes into a SQLITE database on the backend. Simple queries are handled within the interface and more complex ones can be passed from command line arguments or read in from files. There is also record and playback functionality within the standard interface for actions.

Two types of modules comprise the toolkit. The collection modules are used to collect data from multiple sources and source types (Twitter, domain information, netblocks, Instagram, etc). Once the data is collected, reporting modules are used to represent the collections. Reporting options include JSON output, CSV, Pushpin (my favorite so far) and HTML.

The modules are very well connected and allow data elements to be utilized and reported on across modules. A domain name or netblock can easily be used as a starting point to collect a wealth of intel including vulnerabilities, contacts, leaks, and owned resources.

I’m currently using recon-ng for multiple purposes. As an exercise for me to understanding the capabilities, I utilized the s/twitter module for data collection and the reporting/pushpin module for reporting to build a view of 24 hours worth of Twitter posts in the Wichita, KS area. I was easily able to create some quick and dirty crontabs to update the data collection reporting elements every 5 minutes and prune the database entries in the pushpins table to keep a rolling 24 hours worth of data.

I’m also utilizing recon-ng as an integral piece for threat modeling. I’m able to collect threat intel data acting as an outside threat actor and report that data to a wide variety of audiences. These audiences include C-level executives, technical and security teams, and business process owners.

Overall, an excellent set of tools to utilize in a wide variety of information security endeavors.