The War Chest

So, during the pandemic I decided I needed a little project to keep me busy. I’ve recently been promoted into a more Cybersecurity focused role, and had a large collection of Raspberry Pi‘s laying round, so made sense to combine the two… Which is when the ‘war chest’ was born!

I wanted to focus on creating something self-contained, and portable – so as a result, my initial hunt was for a ‘flight case’ to house all of the cool stuff! I searched for quite some time before settling on the Rock Box 2 Utility Case, which is the perfect combination of rigidity and compactness.


Read More

VBScript: List AD group members

Managing large ActiveDirectory estates can often be a challenge, especially when you have a large group of AD administrators controlling group access.. This nifty little VBScript can be used to enumerate all the members of an AD Group. Handy for regular maintenance tasks.

This VBScript could easily be adapted to out put the list to a file, or even embedded inside a larger application which performs automated maintenance tasks.

Read More

Latest Android security flaw allows access to camera


AndroidThis morning Android users around the world are waking to an announcement potentially putting their privacy at risk. In an announcement that seems all too common around the Android OS yet another security flaw has been discovered. This particular issue is based around potential to acquire unrestricted access to any Android devices camera.

Szymon Sidor recently posted a blog post exposing the latest threat to Android users. The vulnerability could potentially allow malicious applications access to get access to and use the camera for both video and photos.

Although the SDK doesn’t allow use of the camera without a preview window on the device’s screen, its seemingly possible to make this window 1 pixel wide by 1 pixel high.. Thus making it almost impossible for the end-user to see. Whats more, with the pixel on the screen – even when the device is powered off the app is still capable of capturing photo and video footage! Once the footage has been captured, the Android SDK allows quick and easy upload to websites or services, so the malicious app developer could immediately start capturing and uploading photos and video without your knowledge.

However this would should up in the data usage charts on your Android device.

Check out Szymon’s video below:


There are many guides available on the net on how to secure your Android device, there are however some simple things to remember:

  • Make sure your Android device is always up to date
  • Consider applications carefully that request access to your camera – do they really need access..?
  • Keep an eye on apps that run in the background
  • Ensure you use 2 factor authentication on your Google account

Privacy has always been somewhat of a concern around the Android OS, however, used with forethought in can be just as safe and secure as any other OS.

Now the news is out I am sure Google will be working as fast as possible to remedy this security flaw.

For a list of all current known Android Security Flaws check the CVE Details site

Read More

How to choose strong passwords – and remember them!

Choose a strong passwordIt seems like everything wants a password these days. You’ve got a password for work, a password for online shopping, a password for your bank account…the list goes on and on. The number of services requiring a password makes it tempting to use the same one everywhere – but that’s a really bad idea. Using the same password across every site means that if just one of them is hacked, then the hacker has the details for everything you use.

So what’s the answer? One approach is to use a password management tool to randomly generate and store all your passwords. There are many software solutions available that will do this for you, two of the best being LastPass and Keepass. Programs like these are great, but have their drawbacks. For a start many charge for at least some of their features, and they all require you to trust your passwords to one single source. While they take all kinds of measures to secure your data, it still introduces an element of risk. The other downside is that the tools encourage you to forget your passwords. There is a school of thinking that says this is a good thing, because good passwords are too difficult to remember. But what happens when you need a password and don’t have access to your password store? Even worse, what happens if you forget the password required to access your passwords? For these reasons I still find it useful to create passwords that I can carry around in my head – but that doesn’t mean you have to resort to weak keys.

One method is to come up with a memorable base password that you can then build on and make unique for each service. Avoiding words found in the dictionary and names will help make your password harder to crack, so consider using a short phrase or perhaps the first initials of favourite song lyric or quotation. For example, if you were an Oasis fan (and who isn’t?) you could take a line from Wonderwall:

I don’t believe that anybody feels the way I do

We can turn that into memorable but random looking password by using each first letter, giving you idbtaftwid. That’s a pretty good start – a ten character none dictionary password that you won’t forget!

It’s good practice to use complex passwords that use a mixed case, numbers and symbols, and in fact many sites will require it. To bring our password up to scratch lets change it slightly, but in a way that still makes sense to us. If we capitalise the I’s like we would if we were writing the original lyric, and then add the year of release to the beginning we get:


Now, I know what you’re thinking, it looks like a nightmare. It’s long and looks like gibberish. The beauty of it is though that although it looks like gibberish, it means something to you. You don’t have to remember the password as it appears – as long as you can remember that lyric you’ll be able to remember your password.

Finally, we can take our password and make it unique for every site we use it on. Let’s say we want to use it as a base for our Amazon password. Take the last three characters from the name of the service and add it into your password. Insert it at any point you want, but make it consistent across all the versions you create. For this password, I think after our year of release might be the easiest place to remember and least obvious to anyone looking at it. This gives us:


A password to be proud of! Using our new method we can quickly create a whole raft of passwords:

95ttoIdbtaftwId – Lotto

95ookIdbtaftwId – Facebook

95terIdbtaftwId – Twitter

If you use this method yourself, mix it up to make it truly individual to yourself. Try placing that meaningful number mid-way through the rest of the characters, and adding special characters like ? ! * @. As long as you’re consistent and make it meaningful, you won’t forget it.

So there we have it – with a little bit of thought you can create a password scheme that is easy for you to remember but produces terrifying looking passwords! Do you have a different system that works well for you? If so why not tell us about it in the comments below.


Read More

Enable 2-step verification for Google accounts

Seemingly everywhere you turn just recently everyone is implementing 2 factor/2 step verification, this is essentially a second step required to enable you to access normally password secured sites and services. Everything from your bank account to your web based email will shortly be secured using these new methods.
Each service has it’s own way of providing this second layer of security, your work VPN may have a code generating tokenkeychain, your bank may have provided you with a calculator and Google are now providing codes to your mobile device which you can use.
Each of the major services will hopefully contact you to set up your 2nd layer. For your Google accounts, you should be able to enable it now by visiting this link
It’s a good idea to enable this as soon as possible to prevent unauthorised access to your account.

Read More