Dual VPNing and why ICMP is a Friend

The security lab I've been developing is located on my university's campus network. If I want to work from home (which I did this week), I need to VPN on to campus. If I then want to work within the security lab I need to VPN on to the lab. I call this dual VPNing! For both VPN connections I opt out of using the VPN as my gateway. So essentially I utilize the campus VPN for a secured connection to my security lab VPN server, then the security lab VPN to access the lab NAT. This leaves my innocent laptop with quite a large routing table, but she's a trooper and doesn't complain.

Read More

Security talk at NYU cSplash

This weekend I gave a turbo-talk at NYU's Courant Splash!. cSplash is a math and science festival for high school students. I arrived at the event a bit early and spent some time talking to past teachers. I was really interested in whether the students were receptive of some of the advanced topics given in math and science. I had never given a presentation to high school students so I wasn't sure if they'd participate. As it turns out, some of the students signed up for the festival themselves, as opposed to my miss-conception that their respective school had registered them. (I wish I was that motivated in high school.)
Read More

Virtual Security Lab using ESXi

I've been working on solving a very specific problem. I'd like to have access to a general security lab on campus such that myself and a few friends can practice for a cybersecurity competition. The university has a great Security lab, the only problem is, everyone loves using it and it has relatively strong physical security. Either way, a few students cannot walk in at 3:00AM and start running attack scenarios. Go figure.

Read More

The North East Collegiate Cyber Defense Competition

This past weekend a few classmates and I competed in the North East CCDC regional at the University of Maine. First of all we live in New Jersey, driving to Maine was quite a trip, but never-the-less we had a great time. You can find a ton of information about the CCDC, but as a quick introduction: you, as a team of 6-8 students take over a small corporate network which is being attacked by a professional team of penetration testers, all the while your CEO is asking you to implement new technologies he saw at conferences or on TV. The CEO is fake, the company is fake, the attacks are real. Fun.
Read More