The Blog Pages

"Android users can now disable 2G to block Stingray attacks"

bye bye 2g

    Source: https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/

    TLDR:

    Also, it’s important to clarify that 2G remains active as a backup for emergency calls no matter what position the toggle is set to, so there’s no way to disable it completely. Finally, Apple hasn’t given iPhone users a choice to lock their devices to 4G/5G connectivity only, but now that Google has taken that step, it’s likely the competition follows.

    From a law enforcement perspective there is a workaround. Only make 2G available in areas where monitoring is "required" by essentially forcing a service'downgrade'. From a private citizen's perspective there is a workaround. The stringray devices follows 'devices' right? It gets a little tricky though when devices are tethered or using a meshed wifi network.

    Respect yourself and respect your privacy

  • A. Buford
  • Jan, 14th 2021

UPDATED! | National Cyber League Final results | Fall 2021

NCL Team competition

    It seems that I may have spoke too soon. As team 'acIDBurn' we placed on the top 80th percentile by taking rank 193 of 920.

    Individually I placed in 217 of 3,644 (top 95th percentile). I have a ways to go.

  • A. Buford
  • Jan, 12th 2021

Personal plan for 2022. Dive deeper into cyber security

Streaming 4K movie via SMB/Samba on PLEX

4k plex

    I honestly didn't see this moment coming in 2021 simply because it really didn't matter [to me] much. It was very interesting to find that my home PLEX server, Shadow Moon, has a less difficult time streaming 4K movies when the media/storage is mounted via Samba vs an attached SSD. That might be worth researching for more bottlenecks. [Full Write-up]

  • A. Buford
  • Dec, 30th 2021

National Cyber League Final results | Fall 2021

NCL Team competition

    Wow! Another great CTF done. More amazing, like-minded folks, were met. Overal the experience was FANTASTIC! This is a CTF that I would highly recommend to hackers and infosec professionals of ALL skill levels.

    As a team, acIDBurn, we captured rank 193 of 3910 putting us into the 96th percentile with a Platinum badge to show for it! Many members of the team and I will be competiing again come Spring 2022. Come join us at Wilbur-Wright College only if you want to do better.

  • A. Buford
  • Dec, 28th 2021

No new sites, no new sites, no new sites, no, no nay


    After a long talk with myself and BRG we have decided to move website designing to the public back burner. Website hosting and data backup will remain an option, for now. Individual contributors may be contacted for personal services which may include web design.


    Unfortunately as an organization/group, with no current full-time employees, we are not able maintain and secure additional platforms. Current clients are 'grandfathered' and will not be affected. No hard feelings.

    TDLR; No new site designing...

  • -Luke D.
  • Dec 24th, 2021

Notes: ASUSwrt-Merlin network-wide VPN

    Why? Cannot trust ALL guest clients to secure traffic

    What? Add to custom configuration; "pull-filter ignore "ifconfig-ipv6" (per https://www.snbforums.com/threads/release-asuswrt-merlin-380-65-is-now-available.37295)

    Why again? Issue with tunneling vpn traffic due to ipv6.

    When? Verified on Dec 2021 on guest LAN

  • -A. Buford
  • Dec 20th, 2021

New Video: Update Plex Media Server on Linux with SSH FAST!

    Plex Media Server is hosted on the 'Shadowmoon' server so I have also added to the 'Projects In Progress' page. Keep the questions coming.

  • -A. Buford
  • Dec 9th, 2021

Citibank Phishing over at m4-citi.com

    CitiBank

    We received an email here at BRG to review an SMS message that was received for possible malicious activity... phishing

    As initially thought when reported the website is an attempt to steal login credentials. The website https://m4-citi.com serves no other purpose. Cpanel setup per recon.

    When reviewing the full url it is noted that token tracking is implemented (token=438ff06f...............)

    When "Invalid User ID or Password" is returned the token is updated (token=9c8508b88e..............)

    Whois of m4-citi.com continually points to address " P.O. Box 1769 Denver, CO 80201" which is stapled to malicious activities while Registered to Domain Protection Services Inc., including but not limited to: Fraud, DNS hijacking, and spam

    Reported to spoof@citi on Dec 6th 2021

  • A. Buford
  • Dec, 6th 2021

Operation Bottleneck

    rarrrrrr

    After finally getting the home internet upgraded to gigabit I decided to run a speed test from desktop PCs on both local area networks. 600Mbps down/30Mbps up. Time to troubleshoot.

    Speed test via ISP app via home gateway @ 600Mbps. Upgraded gateway and ISP apology received. Speed at gateway now 1000~Mbps. Speed @ LAN1 <= 60%. Speed @ LAN2 = Near 1GB. How are the networks different? Where do they split after the gateway?At the router. LAN1 is sitting behind a firewall and a Unifi USG. LAN2, the guest LAN, is behind an ASUS AC1600. That would do it.

    Cause of bandwidth limitation issue on LAN1: ISP gateway initially only rated at 600Mbps w/(+) Unifi USG causing bandwidth limitation (ALL services turned on) post firewall.

    TLDR; It doesn't take an expert to make sure you are getting the most out of the services you pay for monthly. Internet included. Consumers cannot always count on an ISP to have their best interest in mind. Sometimes you get only what you ask for and not what is needed.

  • A. Buford
  • Dec, 1st 2021

TY for the Host(lists)

    pi hole lists

    Good Saturday after Thanksgiving! Came across this great write-up including a good amount of hostlists to add to your Pi-Hole configuration to prevent most unwanted inquries.

    https://jussiroine.com/2021/07/goodbye-telemetry-and-ads-running-pi-hole-in-a-home-network/

  • A. Buford
  • Nov, 27th 2021

"GoDaddy Announces Security Incident Affecting Managed WordPress Service"

    GoDaddy Breach Twitter

    •Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.

    •The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords.

    •For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.

    •For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers.

    More info @ https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm

    When you host anywhere there are inherent risks involved. Wordpress is one of those platforms where updating, patching, and monitoring is a MUST. This was avoidable and extremely unfortunate as with any security breach. From this will stem various attacks with data obtained.

  • C. Tiamo
  • Nov, 22nd 2021

it.buf0rd.com

    New frontend coming soon that is strictly for tech service requests. Buf0rd.com will remain the home for blog posts, images, general research,and all things parent BRG related.

  • C. Tiamo
  • Nov, 16th 2021

Cheers! To a new page! & NCL Update

    Now on to page #5. Old blog posts are accessible via links on right. I will be updating the site layout soon and archiving the old.

    For the NCL individual competition portion I placed in 221st place out of 6,482. 97th percentile. I took some of the flags very personally.

    NCL individual competition

    NCL individual competition

  • A. Buford
  • Oct, 28th 2021