Open Source DeepViolet SSL/TLS Scanning Tool Updated

deepviolet-logoDeepViolet(DV) open source TLS/SSL DAST tool updated to Beta 4.  The major improvement for Beta 4 is the addition of an API so Java designers can implement DV features in their own projects.

Following are a summary of improvements for Beta 4.

  • Added API support for those who want to use DeepViolet features in their own Java projects. See package com.mps.deepviolet.api
  • Added samples package with sample code to demonstrate new API
  • Refactored existing code for the command line support and UI to use the new API.
  • 2 new command line options for debugging added, -d and -d2. d turns on Java SSL/TLS debugging. -d2 assigns DV debug logging priority.
  • Generated JavaDocs for Public APIs, see com.mps.deepviolet.docs
  • javadoc.xml added to generate JavaDocs
  • Support for dock icon on OSX for the UI

To learn more about the DeepViolet refer to the projects GitHub page or click DOWNLOAD to try DeepViolet now.

Please follow and like us:

New Site for Drone Building and Research

IMG_2718.JPGA year or so ago, I was having some success with the Raspberry Pi micro-controller and I was thinking of a cool robot project I could do with the kids.  Of course, I love aircraft so what better robot to build than one that could fly?  This began a year long project of building and learning to be a pilot.  Along the way, this project turned more into a hobby and has probably pushed beyond the interests of many security readers.  My work in this area is probably not appropriate for a security web site.  Also the community interested in building and fly these aircraft are likely not interested in security.

To better respect the attention and interests of both security and multi-rotor builders/pilots I am moving some of my multi-rotor articles and future updates to my new web site,
multirotordreams.com 

Any articles related to the security of multi-rotor aircraft like radio protocols or flight control software will be covered on the security site.  All future builds, configuration, video, etc will be on multirotordreams.com.

Please follow and like us:

Happy Holidays 2015 – Favorite Drone Videos

IMG_2650.JPGAbout two years ago drones where beginning to receive some attention in the press my son, a college student, started working on me to purchase one.  Drones were cool but I thought I would loose interest in flying so I resisted.  He worked on me for awhile longer.  Eventually, I gave in and purchased a few toy drones to experiment with flying.  I settled on a really great toy drone that flies like the more expensive drones, Hubsan X4.  I still use my X4 today and X4 series is amazing for price.  My X4 provided me experience on the stick learning to fly which helped as I transitioned to more sophisticated aircraft.  Flying was more fun than I imagined.  I decided to build my own multi-rotor aircraft.

I like electronics and projects, programming, and security so I figured I would build my own multi-rotor.  By building my own aircraft I force myself to learn all about aircraft.  It’s been more than a year building.  My experience is more like the Wright Brothers.  Lots of failures and crashes over the course of the year.  Some crashes from as high as 200ft(61m).  I have broken and rebuilt aircraft many, many times.  Twice my speed controllers(ESC’s) bursted into balls of flame on my desk.  I don’t know anyone in my area building their own multi-rotors so it’s been a learning adventure.

The point of the post is to share some of the videos I find most interesting that helped to spark my interest and enthusiasm for building and flying multi-rotor aircraft.  I hope you enjoy them.  Happy Holidays and thanks for following my blog over the years!

FPV – Kiss chasey, I love the chase scenes in this video complete with bad ass crashes.  Juz70 is one of my favorite pilots.

Blackout Hex – One Take Wonder, Adam Potts shows us his backyard.  Amazing!

FPV – super cool, Juz70 finds something amazing on this beautiful leisure morning flight.

Blackout Spider Hex, dem0n1k sold me a Blackout Hex for my first project.  This was a bit of a mistake since I should have started with an easier aircraft to build.



Kiss 30A 6S Blackout Mini H, FinalGlideAus shows off some experimental Kiss ESC’s and overclocks his mini H.  Somewhat related, Tiger Motor announced a new “F” series motor designed for racing multi-rotors that’s likely to power a 250mm quad over 200mph(322km/h).



FPV – Haunted, juz70 is an awesome pilot and also knows how to make an interesting video.  There are a few clues on the walls why this home was abandoned.  Can you find them?



Turkey Hunter // Blackout Mini Spider Hex // MN1806 //, Blackout makes awesome carbon fiber multi-rotor frames.  In this park video he encounters a crazy wild turkey.



BLACKOUT 330 . COBRA 2000KV, Metaldanny tearing up the skies.

BLACKOUT . TEST Higher Rates . (RAW), Metaldanny showing us some real Starwars Pod Racing.  Metaldanny is one of the worlds best FPV multi-rotor pilots.

FPV – elixir, I want to end on a strong video.  Juz70 flies through and around his home.  Amazing flying (and a nice house).

Please follow and like us:

2015 Remembered

happynewyear-by-rones-2400px

I am a little early for the new year but I have been thinking about 2015.  I noticed I made 62 posts in 2015 not counting this post.  I thought I would review some posts throughout the year for those that may have missed them.


OWASP Security Logging Project

owasp-sec-logging.pngWhat is it?  Open source SLF4J compliant security logging API for application.  Use it with log4j or logback in your applications.

Benefits?  Extends popular logging systems and adds specific functionality for security like message classification (e.g., secret, confidential, public, etc).  Catches sensitive information developers log by accident like passwords.  Extend to catch SSN or other types of personal information and more.

Future Thoughts?  Improvement code proposed to log information like thread information, heap space, etc. using a background thread at regular intervals for diagnostic/forensic purposes.  Currently under review.  We have many more so check out the project web site.

Links: project announcement, project roadmap

Multi-Rotor Aircraft Project (aka Drone)

IMG_2718.JPGWhat is it?  Ongoing project to build a flying robot

Benefits?  Build a 100+mph(158+kmh) multi-rotor flying aircraft from scratch.  Fly this high speed carbon fiber aircraft beyond line of sight using a video system that transmits to VR goggles worn by the remote pilot.  Two builds are provided, a hexcopter and quadcopter.  Follow me on my adventures and learn about the systems and principles of fly by wire technology and robots.  Advanced project.

Future Thoughts? With basic aircraft complete, I plan to focus on building a microwave ground station in a backpack.  The man packable ground station uses larger batteries, duel receivers, and high gain antennas to improve video reception.

Links: DIY Drone Bootcamp Learning to Fly, DIY Drone Bootcamp Build Log, Drone Flight Training Continues, Drone Flight Training Continues 3, Drone Flight Training Continues 4ZMR250 Quad Racing Drone Build Log

DeepViolet Project

dv-window.pngWhat is it? SSL/TLS DAST tool

Benefits?  Open source Java source code and binaries to introspect a SSL/TLS connection to identify weaknesses.  Works like a web browser, type in a HTTPS URL, point and click.  Enumerate the servers cipher suites to spot weaknesses, display site certificate information, CA trust chains, HTTP/S headers, DNS information, and more.  When your done save scan reports to ASCII files for offline viewing.  Alternatively, run headless from command line and script your stairway to heaven.

Future Thoughts? I am considering including some support for Certificate Transparency.  I also like the idea of including support for flagging certificates that are about to expire.

Links: Public source code and binaries in GitHub, background and screenshots of GUI and command line.

Noteworthy Articles/Events
The Case of Symantec’s Mysterious Digital Certificates, Symantec certificate flap.  The story of a certificate authority too big to fail.

Java Security Track Highlights by Yolande Poirier and David Lopez

HTTPS Party at Blogspot, Google includes HTTPS support for the default domain.  No support for offered for custom domains.

Webdriver Torso, super strange videos.

Media/Memes

AppSecIWantToBelieve.jpgApplication Security, I Want To Believe,  a spoof I developed based upon the UFO poster in Fox Mulder’s office from the X-Files TV show.

PathologicalSecurity.pngPathological Security, if a model for constructing towns and buildings are helpful for software design patterns then why not apply them to security?

Intelliformix-Ad-Spoof.pngThe Future of Software Security?  Ever seen a TV advertisement for prescription drugs in the United States?  Essentially, 45-second rants on every negative effect known with no discussion about intended purpose or patient benefits.  Are you confused?  American’s are too.  I tried to imagine how this technique could be applied to security.

IMG_2367.JPGApplication Security Complaint Department, a special behind the scenes look.  A friend passed this along since it say’s “Milton” on the desk.  I have no idea where this photo comes from.  It’s not mine but funny.

your-computer-is-listening-t-shirt.jpgMy DEFCON 23 T-Shirt, the front and back of my t-shirt I made for DEFCON 23.  CustomInk is so cool.

Hacked Meme, is my frustration at the card industry and retailers around their response to mass customer exploitation.  Often retailers offer identity theft protection as a remedy for a time period after the incident.  The problem with the approach it does not address customer concerns – prevention.  Retailers provide no idea what went wrong or even why customers should trust them again.

operating-room-appsec.jpgApplication Security Meme, the point here is that many people make judgement calls on security that should be consulting a professional.  A business leader who “thinks” they understand security can destroy a security program before it even begins.  If you can’t afford a professional perhaps you can find some free advice or work a deal to get some ideas for future positive directions.  Be a detective, find a pro on OWASP, and message them on LinkedIn.  Sure, we all need to eat but almost all my friends don’t mind answering a free question or two to see someones project move in a positive direction.  Security professionals are like doctors in the sense that we are cyber health professionals and promote application health for the betterment of society.

Article image: Happy New Year! by Rones on ClipArt.com

Please follow and like us:

Livermore Flying Electrons RC Swap Meet

IMG_2593.JPGI have been experimenting with building racing drones and (First Person View)FPV gear.  Today I was at the swap meet of the Livermore Flying Electrons RC club with my brother-in-law.  I found a huge deal.  I bought a 90mm Taft Hobby Viper EDF jet and desktop LiPo charger for really low price.  I’m more into multi-rotors but it was too good of a deal to turn away.

Viper Jet in action (VIDEO).   Note, not me flying.

I was thinking a fixed wing aircraft for FPV would be a cool addition.  Although before I fly this jet I’m going to spend some time on a low-cost trainer.  Flying fixed wings are totally different than flying multi-rotors.  One of the great points about fixed wing is that they stay up in the air a long time compared to multi-rotor.  You can really do some long distance FPV on a fixed wing.  Switch to a ground station for your video feed and upgrade your transmitter to UHF and you ready fly missions out to about 50mi (80km).  My new jet is probably not the best FPV platform but it will get me wherever I want to go fast.

By the way, if anyone has resources on security research related to RC please send my way.  I have been looking at different flight controllers, transmitters, ESC’s, and the all the open source software available.  I could also use any information related to radio transmission protocols for popular transmitters.

Please follow and like us: