Xperienced TV

Episode 2: First Steps Into Cybersecurity

Well, the second video is up. This one doesn’t really go into much detail, but we are setting up a small hacking lab. This will be focussed on web security to start with, so bear with me. Also, there’s a lot of attempts at trying to get some form of script for these things, but I still end up waffling on…

Anyway, with that all said and done, I now have a workstation and a target in my first ever mini hacking lab. Admitedly it’s not the greatest, but it’s done with things I had laying around and is therefore cheap and cheerful.

As mentioned in the video, I could have done everything on one machine. Since WebGoat is bound to a localhost port, it would also have made things a little easier. However this felt like a more realistic approach. I’m not going to have physical access to some things and in the real world a lot of apps wouldn’t be running in a docker container on my machine. I don’t know… It made sense to me at the time.

This first version of the lab I set up Kali Linux on and old Intel NUC that was originally running Windows 10, and that was as simple as downloading an ISO form Kali’s website, using Balena Etcher to create a bootable USB stick and running that from the boot menu of the NUC. Pretty much kept the defaults and let it do its thing.

The only problem I ran into was the latest version of Balena Etcher not working properly when I tried to load the Kali ISO. A quick search around the internet revealed that rolling back to v1.18.11 would work and, surprisingly, it did.

Setting up the Pi is pretty simple as well. The Raspberry Pi Imager makes it easy to flash the OS to an SD card and, despite the verification failing each time I tried, the Pi booted up alright. From there, I installed Docker through a command line script and pulled the WebGoat image down as well.

Running WebGoat takes ages on that Pi 4… Still, it did eventually run, so that was a relief.

In Kali Linux, I was then able to SSH into the Pi 4 and run docker with WebGoat from there. Again, it took ages to boot up, but it got there eventually.

Burpsuite next. Kali already somes with BurpSuite installed, so just needed to make sure I was on the latest version. The Community Edition will be fine for this. Could also downlaod it from their website, but didn’t need to on this occasion.

With that up and running, switch over to the proxy tab and launch the browser from there (making sure intercept is on). The Chromium browser that loads up is now connected to BurpSuite. Anything I navigate to in there will show in Burp for inspection. Just don’t forget to forward the requests when you’re done inspecting or altering.

And that’s it. That’s the first version of our lab set up. It’s simple. It’s not the fastest. It works. Onwards and upwards! Now I can settle in and learn some exploits before coming back to do another video on what I’ve learned! Can’t wait to share the progress with you all!

There are other electronics projects that I’ve got ready to go, though… But I’ve already bored you with those in another blog post.

If you’re still reading: Thank you very much for dropping by and until the next time, until the next blog post: Catch you later! Bye bye!

Electronics Projects Pipeline

The second video is currently in progress, and I just wanted to talk about things coming up on the channel. I’ve been talking about what I want to do with cybersecurity and electronics, but didn’t want to pad out the video too much by going into details. Luckily I can whack some stuff into the blog and if you want to read it, you can. If you don’t, at least it gives me an outlet to think through my ideas and either get really excited boaut them or realise how ridiculous they sound. So here is everything that I have in my little brain at the moment:

Digital Computer Electronics

The series kind of stopped in the transistor section… There were supposed to be three videos talking about transistors and only ended up having two. I would like to restart this from the beginning and whilst the original videos gained a couple of thousand views in total, I’m going to delist them and start again. There were some things in those vids I wasn’t happy with, and feel like they need a fresh approach. The ultimate aim of that series is to end up building some modules and parts for a basic ‘computer’. It probably won’t be pretty, but it’ll teach me and hopefully you a bit about the internal workings of computers. Ben Eater’s breadboard computer it won’t be… I’m not that good.

Pachi Systems

For anyone that has ever seen my GitHub and wondered (https://github.com/PachiSystems) where did that name come from? It’s because I own two Japanese pachislot machines. I’ve had them for over 20 years and after getting the first one, I was obsessed with building what’s called a ‘battle counter’ for them. These things plug into a board the machine and either connect to a flashy thing that goes on the top, or to a central computer system operated by the parlour. The software and hardware for these can be quite expensive and incredibly difficultt o find outside of Japan and the pachinko industry, so I wanted to make my own. I even went down the rabbit hold of learing how to program for PIC microcontrollers and use that to figure out what the machines are doing in each of their states… All that research has been lost, but the desire to finish what I started remains. I’m thinking of making a series of videos that explore how I go about decoding these machines again and building a tracking system with modern microcontrollers like the Pi Pico, ESP32 or similar boards that can wirelessly connect to the internet or a piece of software to provide realtime updates on the status of the machine.

Dungeons & Dragons

I love playing Dungeons & Dragons. Although I do play other TTRPG games, D&D is the one I’m probably playing more than most. I like to run games for my friends and enjoy playing in a local group regularly as well. One thing I love about prepping a game is thinking of how I can provide some kind of physical interaction to the world I’m presenting. Before I’ve handed out printed materials, then I started with 3D printed items and I did try to create an electronic puzzle, but unfortunately it decided to play silly buggers when I transferred it from a breadboard to a vero board… This time, I want to do this again from scratch and make something that could potentially be used multiple times in different scenarios. It’ll use NFC, audio, visuals and possibly have to have some 3D print and laser cut stuff to go with it… Should be an interesting little project.

Escape Room

If there’s one thing I love more than TTRPGs, it’s escape rooms. The physical puzzle element really gives me a massive dopamine rush and being immersed in that is the best escape I can get from day to day routine. I’ve always been fascinated by how they’re put together and at one time I was even trying to figure out if I could go into business with my own escape room. But I didn’t have the money to do it. Plus I didn’t have the skills to create props, and pre-bought ones are quite pricey. However, there were some amazing videos out there. One channel that really made an impact on me was Playful Technology. I even learned a lot about MQTT and Node-RED. I never got to the point where I could do much apart from some simple things, but I had an idea for an escape room in a case/box that’s not the usual ‘defuse the bomb before time runs out’… Or ‘stop the nuclear launch’. This one is a bit more dystopian and there are three different endings based on what the user does once they’ve solved it… I’m quite excited about this one. It might cost a bit more than the other ones to make as I don’t have all the stuff, but it’ll be a really fun journey.

F***ing Cheap Flipper Zero

The Flipper Zero has had my attention for a long time now. The ability to store RFID, NFC, IR, and Sub-GHz data on one little device has fascinated me. It’s also got a lot of other uses that I would love to learn about. Since I couldn’t afford one, I thought there must be a way to build one. Recently I found some information online about the FCFZ which is pretty much a straight clone of the Flipper Zero, but you can build it yourself. I have most of the parts, so I’m thinking of building one from scratch and showing you how to do it as well. The only tutorials I’ve found at the moment are a bit hard to follow along with, so my aim would be to make it a bit more simpler to follow along with along with learning how to use it together. If at some point I manage to get a real Flipper Zero, we can also learn how to use that together. I’ll also be building a pwnagotchi, but having done that before I can say it’s a lot easier. Using one, however, I still have no clue about…

So that’s the current pipeline for electronics projects. I’m planning to continue on the cycber security with web hacking, so will be doing videos on the basics of HTTP and request manipulation. Stay tuned for those, but thanks for reading and until then next time, until the next blog post: Catch you later! Bye bye!

Welcome to XPtv!

I’m diving into a bit of nostalgia while picking up some new skills. It appears WordPress hasn’t changed much since the early 2000s… Still the same familiar setup. For now, this theme will do until we grow and decide on a fresh layout. Meanwhile, feel free to bookmark the site, check out the YouTube channel at https://youtube.com/XperiencedTV, and stay tuned for what’s next.

Oh yeah… Apologies for what’s about to happen in the next few days on there… Apparently you gotta publish shorts now to get pushed up the algo, so … yeah…