Tag Archives: technology

Week 1 – Working and schooling from home

It’s Wednesday, we’re all maxed out on almost everything, and so I’m going to keep this simple. Two separate top three lists.

The top three things you can do to make your home internet access more secure.

  1. Change the default password on your home router.
  2. Update the router firmware/software on your home router
  3. Install ad filtering/blocking

The top three things you can do to improve your home internet access performance.

  1. Plug in – utilize a physical (non WiFi) connection as often as possible
  2. Tune up – call your internet service provider and tell them you need more bandwidth. If cost is an issue, ask them to help.
  3. Drop out – turn off and unplug devices you don’t need. Smart televisions, dishwashers, audio equipment, game consoles, smart home devices

Technology Times, They Are A Changin’

Phew!

Everybody doing ok? I know the answer. Not all of us are OK. Not all of us are going to be OK. The world and all of our lives is changing at an incomprehensible pace right now. I’m not sure what to do, or where to be, or how to act, or what to say.

Some of us have kids, all of us have people we love and who love us. I’m a 46 year old, bald, overweight husband and father of 4 boys. I’m lucky. I know others who are not as fortunate as I am. So, I’m going to do what I can to help.

I’ve been paid to deal with technology since 1997. Half my life officially. I know a VERY small slice of this world and some of it not very well. But I know people I can ask, and I’ve ALWAYS liked asking questions.

So, I’m going to start taking about basics in technology. Passwords, wifi, online shopping, security, etc. These are important topics to understand at a basic level in order to protect you, your money/assets, and your family. The current resources I am aware of are boring, outdated, and generally dis interesting to me.

I’m not sure how often I’ll post about things, but I’ll do as many topics as I can. And I promise to do the best job I can in explaining things.

I’m going to leave comments off for now on these posts, but may consider turning them on if I have time and energy to deal with them.

If you have suggestions for topics, questions about posts, or other information I may be able to provide, please contact me via email at the following address:

mpankratz@gmail.com

Thanks, stay safe, and be good to each other!

Playing around with recon-ng

recon-ng is an Open Source set of tools created by the estimable LaNMaSteR53 (aka Tim Tomes). Proper credit goes out to Black Hills Information Society for their sponsorship and support of the toolkit.

recon-ng is incredibly easy to use and I found it very intuitive. The modules and core are written in Python and easy to modify to meet your needs. The interface functions well and provides good help information. There are also numerous handy options for scripting, reading commands from a file, etc. All of the data collection goes into a SQLITE database on the backend. Simple queries are handled within the interface and more complex ones can be passed from command line arguments or read in from files. There is also record and playback functionality within the standard interface for actions.

Two types of modules comprise the toolkit. The collection modules are used to collect data from multiple sources and source types (Twitter, domain information, netblocks, Instagram, etc). Once the data is collected, reporting modules are used to represent the collections. Reporting options include JSON output, CSV, Pushpin (my favorite so far) and HTML.

The modules are very well connected and allow data elements to be utilized and reported on across modules. A domain name or netblock can easily be used as a starting point to collect a wealth of intel including vulnerabilities, contacts, leaks, and owned resources.

I’m currently using recon-ng for multiple purposes. As an exercise for me to understanding the capabilities, I utilized the s/twitter module for data collection and the reporting/pushpin module for reporting to build a view of 24 hours worth of Twitter posts in the Wichita, KS area. I was easily able to create some quick and dirty crontabs to update the data collection reporting elements every 5 minutes and prune the database entries in the pushpins table to keep a rolling 24 hours worth of data.

I’m also utilizing recon-ng as an integral piece for threat modeling. I’m able to collect threat intel data acting as an outside threat actor and report that data to a wide variety of audiences. These audiences include C-level executives, technical and security teams, and business process owners.

Overall, an excellent set of tools to utilize in a wide variety of information security endeavors.