CompSec Blog

 PGPy is a library for python that enables the creation, storage, and encryption/decryption of PGP keys and files in python. Recently, in a small project to reacquaint myself with python, I used PGPy for key generation and encryption and decryption. That project can be found in my github at  https://github.com/lpowell . The goal of the project was to use command-line switches to control the program, and to provide basic encryption and decryption capabilities, along with rot13 and base64 encoding.  First, to load in a key use key, _ = pgpy.PGPKey.from_file(keyfilename) . This loads the key from either a binary or ASCII armored file. You can swap out .from_file for .from_blob , if you plan on using a key stored in a string or bytes object rather than a file. In my example code, I pull the key from a file, as I found it to be the simpler method.  Next, you'll need to open a file or create a string or bytes object that contains the message you wish to encrypt. We'll call this file

 For my video project, one of the demonstrations included using an Ubertooth One to scan for Bluetooth and BLE packets. This blog post will cover the installation of the Ubertooth One on the Mac mini M1. The official install guide for Mac devices didn't work very well for me, and I had to install some extra tools in order to get it to work. The examples assume you are using Python 3, and have homebrew installed.  To begin, follow the instructions found here:  https://github.com/greatscottgadgets/ubertooth/wiki/Build-Guide . Additionally, you may find that you need to install pytq5, numpy, and qtpy. To do this, simply run   Python3 pip install pyqt5, numpy, qtpy . This will install the required libraries needed to run the Ubertooth tools. There are multiple ways to install pip on an OS X device, and I suggest following any of the methods here . Next, you will need to update the firmware of the device. When downloading the tools, a firmware directory should also have been created. W

John Hammond, a YouTuber and Cybersecurity researcher, has a series on Youtube where he analyses malware artifacts and discerns their purpose and method of attack. For most of these, he gets access to known malware files, and then blindly goes through them, de-obfuscating and cleaning them up, in order to present a readable version that can be analyzed. I personally find these videos very exciting and entertaining, as well as incredibly educating. He also has several other series and interesting videos on his channel that I highly recommend for anyone interested in software security and other general security topics.  Link:  https://www.youtube.com/watch?v=MJBKxs8UnFE

 Recently, on a certain site, a database was posted for sale featuring 3.8 billion phone numbers leaked from the popular app Clubhouse. This database not only includes the phone numbers of the app's users but also of the user's contacts list. The database by itself is mostly harmless though, as the only fields it contains are the numbers themselves. There doesn't seem to be any attached information like names or addresses. It will be interesting to see if more information shows up in another post. If one person or group is able to extract phone numbers, it reasons that others may be able to extract further information.  Article Link

While researching for my individual video project I came across this tool which allows for the sniffing and interception of bluetooth packets. This article covers some of the basic functionality of an Ubertooth One.  It's really quite interesting to see all the possibilities with devices like these. The tech behind them is very interesting as well. Hopefully, I'll be able to integrate some of this technology into my project video and include a demo of some of the interesting things it can do.

 This week I've been slowly working at going through the course material at  Free Code Camp . Currently, I've been taking some time every day to watch a little of the  CISSP course video  they have published on Youtube. The CISSP (Certified Information Systems Security Professional) is a certificate that is a highly regarded infosec certificate that covers topics ranging from asset security to security software deployment. The free resources provided by Free Code Camp have been excellent so far, and I highly recommend them to any wishing to study for the CISSP.