[/blogfolio]

Can I help you?[PII is PII. SPII is also PII, dol.gov]

    Personal Identifiable Information (PII) is defined as: Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.

    DHS might have a more leanient definition though. You may view their guide "HOW TO SAFEGUARD PERSONALLY IDENTIFIABLE INFORMATION" here.

    What is all that about and why did I post it?

    That is a response I received when attempting to provide "support". As a security researcher there are many times where I find myself in a position where support is almost impossible, unwelcomed, and/or seen as me creatinng additional work in an individuals personal space. It is always important to find a happy middle ground, come correct, and know where to stop. The best we can do sometimes is to document our findings and report them when applicable or required by law. It is not the job of a researcher to 'convince'. A researcher does research and then leverages their expertise with analysis of found 'data'.

  • A. Buford
  • June, 2022

20 out of 201 videos copied!

    I will be mirroring content today from the YouTube Channel so it may be available, here, regardless of platform determinations going forward. "yt-dlp"

    201 of 201 videos now copied. Almost 5GB in total.

  • A. Buford
  • June, 2022

Pi-hole updated to v5.10 and still working

    I can honestly say that this appliance is one of my LANs most important. Having it hosted on an 8GB Raspberry Pi has also made it one of the least expensive, least maintenance intensive, pieces of hardware i've owned my entire life.

    https://pi-hole.net/

    Also, I need to figure out why. from 8:10am until 8:20am, my Amcrest home IP camera was attempting a DNS lookup every 10 seconds. Very odd and thankfully blocked by Pi-Hole.

    Note:This camera has been blocked from the internet since day0 via pfsense and Unifi ACL.

    I was able to get the issue resolved regarding DNS lookups.

    I first configured my Unifi Unified Security Gateway to be able to verify which device was causing the abusive lookups. I essentially corrected a lazy configuration. I updated/set 1.1.1.1 && 9.9.9.9 for the WAN DHCP Name Service servers. I then updated the LAN DNS to point to the RPI @192.168.1.251.

    Online Resource:https://community.ui.com/questions/Using-Pi-hole-with-USG-and-seeing-client-names/14da11d6-0063-4bac-a272-380eee4c6ab2

    Next, I updated all Amcrest DNS records to point to 192.167.0.11, which is an IP that doesn't exist on my LAN, with a little bit of 'trickery'.

    The Amcrest Web UI will not allow updating to certain (non)addresses.. probably to save consumer headaches.

    Some fields are only accessible depending on firmware version installed on the hardware.

    Some hardware cannot use certain firmware even if hardware is newer, same line, model.

    In addition,the Amcrest dome IP camera has hidden DNS attributes that are not accessible AT ALL from ANY web ui.

    You get the idea I hope. In the words of my oldest son... "it was a little sus".I was able to figure out the API request structure by monitoring communication between the webcam [IP address] and web requests sent from my browser, via Wireshark, for parameters that WERE able to be updated manually. From there I was able to display all configuration parameters with getConfig (http://192.168.1.194/cgi-bin/configManager.cgi?action=getConfig&name=All).

    Remember how some of these parameters are not available from user interface? I got around those limitations through some web API tampering via variations of the liner below.

    http://192.168.1.194/cgi-bin/configManager.cgi?action=setConfig&

  • A. Buford
  • June, 2022

YouTube pays the bills, sometimes. I don't do it for the $

    Not often. It isn't my job. "Question Answered"

    It is facinating that I can create blog content, that I like, and post it online for the world to see. It is astonishing that I can earn ad revenue, with that same content, for life. Should you create a YouTube channel as a main source of income? Probably not. Create a YouTube channel to document your adventures and learning progress. There are several times a week that I review old posts and/or videos to re-learn a specific step or task. Making money from Google is 'extra'.

    As a platform.. YouTube is a reliable, customizable, personal data backup resource with teams dedicated to security enchancement. Not all uploads are required to be made public. Private and unlisted are options.

    Various forms of data can be embedded in a video.

    Tip: Always save a copy of your work locally and encrypt what you don't want seen.

  • A. Buford
  • June, 2022

What do I like about cybersecurity?

    I did some meditiation today and came up with a list;

    Compliance verification/auditing, Access Management, and Incident Handling.

  • A. Buford
  • May, 2022

2g DSM Arduino transmission controller

    A while ago I had designed a tranmission controller based off of an arduino module. This allowed me to connect a modified set of paddle shifters from a Mitsubishi EVO to a 'time-attack' track car build. I ended up selling the project a few years ago. Cars are computers with controlled combustion. Right? So I bring you; The post that never was.

    //2button transmission controller
    int button = 2;     // Gear 1
    int button1 = 4;     // Gear 2
    int solenoid1 = 10; 
    int solenoid2 = 11;
    int pressCount = 1;
    int count = 0;
    int buttonstate1=0;
    int buttonstate2=0;
    
    void setup(){
      pinMode(solenoid1,OUTPUT); 
      pinMode(solenoid2,OUTPUT);
      pinMode(button,INPUT);
      pinMode(button1,INPUT);
    }
    
    void loop(){
      buttonstate1 = digitalRead(button);
      buttonstate2 = digitalRead(button1);
     
      if (buttonstate1 == HIGH && pressCount < 4){
       pressCount=(count + 1);
      }
      if(buttonstate2 == HIGH && pressCount > 1){
       pressCount=(count - 1);
      }
    
      switch(pressCount){
        case 1: //FIRST GEAR ON-ON
          digitalWrite(solenoid1,HIGH);
          digitalWrite(solenoid2,HIGH);
          break;
      
        case 2:  //SECOND GEAR ON-OFF
          digitalWrite(solenoid1,HIGH);
          digitalWrite(solenoid2,LOW);
          break;
       
        case 3:  //THIRD GEAR OFF-OFF
          digitalWrite(solenoid1,LOW);
          digitalWrite(solenoid2,LOW);
          break;
         
        case 4:  //OVERDRIVE OFF-ON
          digitalWrite(solenoid1,LOW);
          digitalWrite(solenoid2,HIGH);
          break; 
      }
    }
    

    Code available @ https://github.com/buf0rd/Arduino_stuffs/blob/main/2g_dsm_shift_controller.ino

    R&D Monster @work

  • A. Buford
  • May, 2022

Octoprint home X Y Z Axis on Creality Ender 3 Pro w BL Touch leveling #Homelab #labhours #octoprint

3d Printed organization | SD / USB

    I have accumulated a good amount of SD cards and usb drives. Normally I would just throw them in a drawer and call it a day. This time is a little different. I have specific drives that are 'above the rest'. Some are for video editing. Some are for cameras. The drawer stash I pretty much stuff I will not touch for a while and stuff I dare not plug in.

    TLDR; I 3d printed a storage media holder for both my SD cards and IMPORTANT usb items. It only took 6.5 hours to print with 50% infill. I recorded the whole thing so you can also experience the 6.5 hours of joy!

  • A. Buford
  • May, 2022

That EOS Utility!

    For a while now I have been getting feedback regarding the poor quality of my video on YouTube. Funny story;

    Since I have owned my Canon EOS T7 I have relied on the EOS Utility [program] to capture video as a webcam. Little did I know.. the EOS utility only can output a fraction, 1/4, of the quality that the camera produces. What I essentially should have been doing is recording the audio/video to the camera SD card THEN mixing it with the additional audio inputs that I have. The quality is a good amount nicer! The only 'downside' is transfering the media from camera to PC.

    Live, test, and learn. After some more research I did notice that using the HDMI output is an option IF your camera has the option for 'clean hdmi'. The clean hdmi function removes focus/tracking frames and other OSD menus from the HDMI output. I wonder if there is a work-around for that.

  • A. Buford
  • May, 2022

Imposter Bluez

    ...And then there are some days where you feel like you are not smart enough.

    It's okay. Push through those days by looking back at what you have accomplished so far. Tomorrow, try to make plans for a brighter future.

  • A. Buford
  • May, 2022

Streaming Baofeng police audio over the LAN

    I only have one Baofeng UV-5R but a bunch of computers. I also have ideas I cant seem to put to rest. When I was younger my dad was a Chicago Police Officer. I remember one day thinking to myself "I wish I could listen to what his job was saying from the computer". Today I connected a spare USB audio capture card to the 'test bench' Raspberry Pi to be able to do that.

    Once I realized the device did show up I knew it was just a matter of getting vlc to 'stream' the card input over the network. Some google searching led me to find a liner I was able to update for use

    cvlc -vvv alsa://plughw:1 --sout '#transcode{acodec=mp3,ab=64,channels=1}:standard{access=http,dst=0.0.0.0:9111/police.mp3}'

    ....And then consume on any device [vlc pictured] using the stream URL

    NEW!: Public .mp3 URL

  • A. Buford
  • May, 2022

Err.. Correction : National Cyber League Spring 2022 Capture the Flag competition

    305 TH PLACE OUT OF 6010

    I believe the points for the survey are included on player dashboard and changed the 'rankings'. I placed 305 vs 304. The details matter.

    The plan is to "do better" as always!

    *This is a correction to a previous blog post

  • A. Buford
  • May, 2022

Notes: open browser via CLI on remote linbox.

    DISPLAY=:0 firefox-esr "http://localhost:5000"

    DISPLAY=:0: Set display to remote connected device

    firefox-esr: Launch Firefox web browser (raspberrypi ver)

    "http://localhost:5000": URL to be opened. 5000 set for Changeddetection.io web server

    I cleaned up the URL I want posting on the lab display and scheduled it using a */5 crontab

  • A. Buford
  • May, 2022

4in inlet adapter : Designed & 3d Printed

    I woke up this morning to another finished product! I created a 4 inch air inlet to air box adapter. I hacked together pieces of previous designs to achieve the final item pictured. One side will connect to a 4 in fan duct. The square side [of the adapter] will connect to an air filtration box. This is technically a prototype as this was only printed with 40% infill.

    STL File: https://www.bufordresearchgroup.com/downloads/bins/4in-vent-cover-brg.stl

  • A. Buford
  • May, 2022

Diamond Badge : Spring 2022 Team CTF : Top 89th percentile

    Two diamond badges for the Spring 2022 semester National Cyber Leage CTF competition is an accomplishment in my book. I was extremely fortunate to have a hard working team.

    This will be a blog break for family needs. See you in a few weeks! Oh yeah, video added on 'howto' setup Home Assistant RTSP stream.

  • A. Buford
  • May, 2022

Homelab update : Home Assistant Motion sensor hardwire!

    I hard wired two Samsung Smartthings motion sensors to avoid having to constantly purchase and swap out old CR2 batteries. So far it works like a charm. 3v @ 1.0A(-+5%). Battery to adapter conversion. That's a hack. Right?

    Video coming soon. Covid-delayed.... my son has Covid. 😞

    Version 2.0, without the barrel connector, looks much cleaner and is a far better option for most. 3d printing a case is an option for the novice user.

    Approximately 2-3 times a year I am contracted to do a product 'housing' design.

    Video is complete. Editing to remove passwords & most pii. V2.0 hardwired motion sensor is acting strangely. Then again.. i'm 88.97% sure it was reporting oddly prior to being modified.

  • A. Buford
  • May, 2022 #homeassistant #homelab #infosec

A Homelab update in May 2022

    I'm currently working on getting home assistant working at 100% now that the PLEX server is up and running. Once the motion sensor is installed I can use it for 'stepping up' current automation configurations.

    Amazon has still not arrived with the 3v adapter after 2x delays. I opted to purchase from alt seller. Hopefuly it will get there today.

  • A. Buford
  • May, 2022

To my family

    I'll be surprised if any of you read this.... but... here it goes...... I LOVE Y'ALL! All of y'all.

  • A. Buford
  • May, 2022

NCL CTF Team Results are in!

    The team and I were able to take 117th place out of 3,658!

    I'm extremely proud of what we were all able to accomplish. My goal is still top 100. I have a little work to do in order to be able to contribute more the next time around.

    Each and every one of us put in work! Go team Dynamic Link²

  • A. Buford
  • May, 2022

Notes: "How to boot a UEFI image from a KVM virtual machine without `virt-manager`?"

    Problem: Need to boot Home Assistant using virtual machine in UEFI

    Solution: [https://superuser.com/questions/1571326/how-to-boot-a-uefi-image-from-a-kvm-virtual-machine-without-virt-manager-e-g] : Specfiy Loader via XML after

    apt-get install ovmf
    with

    (loader readonly='yes' type='rom'>/usr/share/ovmf/OVMF.fd(/loader)
  • A. Buford
  • May, 2022

New page time.

    New page time. Older posts may be seen by using hyperlinks on right side of page (desktop, bottom-mobile).

  • A. Buford
  • May, 2022