If you caught the last blog installment you’ve seen that I’m a big proponent of the Steve Jobs “one more thing” methodology.
To ‘finish out’ (as if) the rack design I’ve made two more modifications. The first was reversing the switch positioning and doing some OCD-level cable maintenance.
The last, and the piece de resistance in my opinion, was removing one of the original lower shelves and replacing it with a bank that holds 4 Raspberry Pi. (Pies?)
In case your curious the Pi’s are configured for:
Pi-hole (security, DNS, ad-blocking)
HOOBS (home automation)
NEMS (a Nagios instance for monitoring)
Kali (shenanigans and attack emulation)
That should hold me over for a little while. And I’m really pleased with the results.
I have a tendency for DIY projects to never be finished. Actually that’s not entirely true. I finish them, but then I continue to build/expand on them. This has been true of many elements of my home office since moving to our home two years ago. A few months back I posted my DIY network rack built from IKEA end tables. A week or so later LED’s were added. I have several automation routines that will change the LED color based on status conditions.
The rack has served me very well so far, but I wanted to make a few improvements. Previously I had laptop (on riser stand) and a portable (15″ usb-C) monitor on the top. The monitor (and wireless keyboard) is connected an Intel NUC inside the rack that dual boots between REMnux and Windows11.
I wanted to make room for a full size monitor on top, but I was running low on real estate. A couple orders later on amazon and I had exactly what I wanted.
First I added a dual-arm stand that could accommodate a full size monitor (24″ fits well here), and a second arm that supports a laptop. I wound up replacing the monitor arm mount with a different mount that kept it closer to the support pole (the screen was a little too ‘in the face’ before that.) Since the composition materials of the Ikea tables are likely MDF, I added a steel panels on the top and bottom of the clamp for extra durability.
The height is perfect for a standing workstation. If I need to work on the laptop, there is enough free space to open and operate fully without impacting the monitor.
So here it is, the [updated] “Lack Rack” finished… for now.
One of the evidence items during the 2022 Magnet User Summit CTF was a full file system extraction of an iPhone running iOS 15. Recently the CTF creators made the evidence (and corresponding challenge questions) available at CyberDefenders.org. You can register for a free account and then download the evidence. There’s several recommended tools listed in the challenge summary. For me the tools used were:
Version 6 of Magnet Axiom added support for YARA rules. By default the installation ships with the free Open-Source YARA rules from Reversing Labs. These YARA rules may be updated within Axiom periodically. In addition to the included rules, AXIOM supports adding your own YARA source folders.
If you need to update the included rules on demand, you can do so with a PowerShell script and the GitHub CLI. The script below can be used to update the included rules, as well as other YARA sources you may be using within Axiom.
Prerequisites:
Prior to running the script you’ll need to install GitHub CLI
Once installed run gh auth loginto establish authentication with GitHub
When running the script you will need to run as an Administrator in order for the file-copy to ~\ProgramFiles to be successful
Set the working directory to the local git repository for the YARA rules
That’s all there is to it. If you’ve got multiple repositories to sync, just add lines to cd (Set-Location) into those directories and repeat the gh repo sync command.
Feel free to copy the code above, or you can download directly from my GitHub.
Are you utilizing YARA rules within AXIOM? If so, leave a comment on what are some that you’ve found useful.
Baker Street Forensics 