Thursday, July 10, 2014

How to SSH with your Smart Card

If you have Linux servers, you must be familiar with SSH - Secure SHell. It is common for administrators to use strong authentication because they have the control of the entire company network and resources.

You can configure tools such as PuttySC, PuttyCAC or SecureCRT to use smart card credentials to SSH to your servers.

I made this video to show how it works, enjoy!

To configure your server for smart card authentication:
1. Extract the public key out of the certificate in the card, I run the following command:
pprint.exe -l "c:\Program Files (x86)\Gemalto\DotNet PKCS11\gtop11dotnet.dll"
2. Add the public key to ~/.sshd/authorized_keys on the server, it looks like this:
ssh-rsa AAAAB3NzaC1yc2EAAAAFAAABAAEAAACBANnQe0X1Rl6QezigIXlfe4uzBtKkI083/oL3fl3vfQKdpdwwlwit3ODAOh2qpfs97r+OYUQPY66knNCW/u6hX2hiQk5DXeMR1HuZXQRxGKBxJZAftRXO3pD6b3pfH7djnfudGpg8UMHUBoWDUJ1UMh60K/+0QUqAyKT42vexh1Kj token-key

Saturday, June 28, 2014

Install and Configure Citrix XenApp 6.5 in 15 minutes

I recently had to build a Citrix XenApp lab and I decided to make this video to help others that are just getting started with this software.

The video shows how to install and configure step by step:
- Citrix License Server
- Citrix XenApp 6.5
- Citrix Web Interface

Finally we connect to the Citrix environment to access a virtualized application.

Sunday, October 16, 2011

Neutral or stability shoes? Hack into your running!

Two month ago, I sprained my ankle. Now that my ankle recovered, I feel comfortable running again. My shoes had about 200 miles on them already so I decided to buy a new pair. I went to Texas Running Company and I discovered a very geeky equipment there, and I could not resist to share it on this blog.

I am not an expert in running shoes business but from what I understand there are two types: neutral or stability. Depending on how you run, you will need one or the other. But how do you know which one is good for you? You could ask somebody to run behind you and look, or you can go the techie way. And of course, this is the way I like the best. :)

In the store, they had a camera positioned right behind a treadmill. We recorded 2 short runs (about 30 seconds for each run) and analyzed them. I was honestly very surprised by the results.

The two pictures below shows the two shoe types. On the left, I was trying neutral shoes; on the right it is stability shoes.

As you can see, my right ankle bends inward when my feet is landing with the neutral shoes. The technical term for it is actually overpronation.

Here is the video of the 2 runs.

Since this is a tech blog, I would like to share how I merge the 2 videos I got from the store. I used Avisynth and VirtualDub with the following script.

clip1=AVISource("run1.avi").AssumeFPS(5, false)
clip2=AVISource("run2.avi").AssumeFPS(5, false)

Wednesday, August 3, 2011

Chessboard picture recognition project - part 1

Follow the discussion on YCombinator.

I like to play chess. It is challenging, it requires strategic thinking and it is a great way to clear up your mind. I also like to take my time to play it. It can take a day, a week or even a month! One day I took a picture of the game I was playing to help me to think about it later in the day. This picture gave me the idea to write an application that is capable to analyze the game picture and determine the position of each piece on the board. Maybe someday it could even determine the next best move or continue the game online.

I successfully implemented the first part of the application. This blog post describes how this program is working.

The photo on the left is the original picture I worked on.

Since I have never worked on computer vision, I started by reading about it on wikipedia. I also found a few student's research papers that put me in the right direction such as Scott Blunsden's paper and Chua Huiyan, Le Vinh and Wong Lai Kuan's paper.

The first step is to find the gridlines of the chessboard. I processed the image with a Canny edge detector and then a Hough line detector. I found a Java implementation for these algorithms from Tom Gibara's website and the Vision and Synthetic Environments Laboratory's web site.

The picture below on the left is the output of the Canny edge detector. The green lines on the right picture are the result of the Hough line detection.

The lines found on the picture above are actually the lines of the chessboard. But in some cases, the objects taken in the picture around the chessboard can bring some confusion. On the left picture, the chairs are introducing some lines that are not part of the board. To filter these lines out, I implemented an algorithm to filter 2 larger sets of lines with a 90-degree angle.

Once I got the 2 sets of 9 perpendicular lines, the program finds all the intersection points between these lines on the picture as shown on the picture on the left.

The program then finds the coordinates of each square that forms the chessboard.

At this point, I was able to isolate each square and process them separately. For example, the program is able to determine whether each square is white or black by calculating its average color and comparing it to the black and white colors. The results were correct except for one of the square because a piece of the opposite color was standing on it. Since the color of the squares of chessboard alternates, I could easily identify these errors.

What's next? I probably completed the easiest part of the project. I expect the chess piece recognition algorithm to be quite complex.

If you have a suggestion to help me finish this app, please leave a comment.

I am working on this project just for fun. If you are interested to see what are the real world applications of computer vision in the game industry, check out this web site:

Friday, June 17, 2011

Introduction to Metasploit and Armitage

Today I had a great half-day training on Metasploit and Armitage organized by our local OWASP Austin chapter and hosted by Microsoft. What I learned today was so interesting that I can't resist to share it here.

Raphael Mudge - Designer of Armitage

Metasploit is an open source penetration testing framework. It contains a database of exploits, payloads and post modules. The goal of the training was to find an exploit on a remote machine, run a payload through this exploit and execute a post module (which is what you can do after taking control over the victim's machine). Of course, you can find more detail about it on wikipedia.

Metasploit is a command line tool. To make it easier (and funnier), Raphael Mudge designed Armitage, which is a user interface for Metasploit. Here is how it looks like:
Armitage - GUI for Metasploit

When a machine on the network is comprised, Armitage illustrates it as a monitor wrapped into thunder lights. Perfect for a hacker movie:D

Here are the materials we had for this training:
The youtube video below is the screen-cast of the exercises. I show how to setup the lab environment. Then I demonstrate how to use Armitage to find and use an exploit. The video ends with a demonstration of social engineering where the attacker takes full control over the victim's computer.

When I first started Armitage, it could not connect to the database. I had to kill all ruby processes and reconnect again.Once Armitage started, you may be asked to enter your IP address. If you dont you can always set it later by running the following command in the console; it will set a global variable.

setg LHOST

Here are some interesting resources for further reading: