latest posts

As a frequent or infrequent visitor might have noticed, the site has undergone a slight refresh. I kept the bootstrap menu, but stripped out the right hand panel (though it might come back in a different form). The biggest undertaking was the complete rewrite of the codebase from the ASP NET MVC 5 and Entity Framework 6.1 to ASP NET Core and Entity Framework Core. The code base is now considerably smaller and as you can tell is faster without caching even turned on as it was before.

As my shift in time spent has shifted from blogging to my GitHub projects, I wanted to shift focus of my blog to my github projects. Over the next couple weeks I will be adding in some feeds and milestones of the projects I am working in the header area. This way a visitor might notice I had not blogged in a while, but can see active progress on GitHub.

That being said I have been dividing my time between a couple different projects. One being bbXP, the codebase that powers this blog. The other being jcFUS, a collaboration tool for businesses and consumers. In the coming weeks expect a lot of coverage on these projects.

One might be asking, where is the updated code for bbXP? I will be pollishing it up today and checking it into the GitHub repository.

Some other features coming back at some point:
  • Archives
  • Content Search
  • White Papers
  • My Computers
So stay tuned for more updates and some other posts on the hardware side of my passion.
It is hard to believe that a little over one year ago (actually one year and two days), that signing up for GitHub would change my life. The reason I say this is mainly for two reasons: opening up my code to everyone in the internet connected world and creating a standard of practicing code every day outside of work.

Both of those reasons had been done by myself over the years especially the later in practicing code every day, but there was nothing structured. Some days it would be C++ on my Silicon Graphics machines or a random experiment in C# to verify a theory I had during my work day. By and large this code would remain on my OneDrive, committed to my private SVN repository or at best posted on this blog. It is one thing to post "finished" code, but it is a completely different matter to expose your code in a work in progress state before refactoring or polish - really a look into my dev process. I have to admit, this transparency was extremely difficult during the first month or two. The thing that drove me to help get over this hurdle so to speak was that someone out there might get some value out of the code even if it were in a un-production level state or at the very least see what a particular avenue would lead to without having to invest their own time in finding out. Since that time, everything no matter if it is a "billion dollar" idea or just a random idea, everything I do is done through GitHub (outside of code I do for work). While I have yet to hear anyone's feedback (good or bad) on whether or not it has helped them, I do hope one of the various projects has helped at least one person.

The other reason, the practicing reason I also find that I am more inclined no matter how tired or drained from work, always getting at least 30 minutes of extra-corricular programming in per day. The biggest reason for this is the "streak" and block of shame that appears on all of our GitHub profiles. As Scott Hannselman stated recently, it does mark you with a Scarlet Letter not seeing that streak continue for some folks. I really regret last summer during a Death March at work not setting aside time to focus on my side projects, but as of right now I am currently at a 158 day streak - a streak I intend to continue for the forseable future.

Whether you do code outside of work just to mess around with something or want a side project to get your mind out of Death March at work, I truly believe putting your code up on a public GitHub repo is of value for everyone.
TAGS
none on this post

Intro

Over the last couple weeks in my masters program in Information Assurance and Cybersecurity I have begun to really deep dive into penetration testing utilzing Tenable Security's Nessus, Zenmap and Rapid 7's Metasploit among others. Years back I was working on a port scanner/keep alive/alive check Windows Phone 8 app, but never completed it. Looking around on the current Windows Mobile store there is not a complete pentesting app available either paid or free. As with everything I do in my free time, the app will be open source via the MIT License on GitHub.

Design

My primary objective was to have a pentesting platform on the go, which means Windows Mobile 10. Designing with a Univesal Windows Application meant I could also create a tablet/desktop version. Knowing I also wanted to get some more in depth practice with the latest version of Xamarin Forms, I also plan to make an Android version.

Initially I was going to have hard coded port definitions and scans, but I figured longer term, it would be better to create an infrastructure. In addition I wanted another opportunity to get experience with Entity Framework 7 and ASP.NET 5 since my initial work back in April.

Features

Initially, as mentioned above, I was going to have the standard ports hard coded with the abilities akin to NMAP, but as I was developing the app it made sense to make them more like an anti-virus program with server side definitions so I can add ports without needing to submit the app to the app stores.

Features planned or already implemented:
  1. Server side Definition Updates
  2. Port Scanning with presets and customizable ip ranges and port ranges
  3. Ability to run in the background
  4. Windows 10, Windows 10 Mobile and Android apps
  5. Fingerprinting of Web Servers
  6. Ability to email results through the app directly
  7. Keep Alive support (thinking about folks who want their sites always in memory)
  8. Alive Checks to alert you if your phone cannot hit the web server
Tentatively I am thinking about how to implement a flexible vulnerability scanner, at least a basic one. This might be as simple as checking against PHP, Apache, IIS and .NET exploits (targeting web applications and web servers).

Closing Thoughts

As mentioned above, the app is open source on GitHub and when at a stable point with a decent feature set I will be publishing to the Windows Store. In the meantime if a feature is not listed or if you have a suggestion please leave a comment below and I will be more than happy to add it to the list.
TAGS
none on this post