Hello and welcome to the Thursday, April 6, 2020,

edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

These days, JSON is everywhere, and with that, it's really kind of important that you learn to use the tool,

JQ, the ubiquitous jason parser for the command line today we do have a nice diary by jesse who goes over how to use

jq in order to parse cowrie data cow of course, is part of our honeypot,

so that's sort of the motivation for him to look at Cowry logs closer.

They are stored in JSON, at least that's one of the log format options you have.

So he goes over how to summarize your logs quickly with JQ.

And if you have an interesting vulnerability in garage door openers as well as other devices

made by Next, that's N-E-XX.

The trick with these garage door openers is that they connect to Wi-Fi.

So it's not one of those simple garage door openers where you

have to be in a certain vicinity and use one of those rotating a code kind of transmitters.

Instead, you may be able to open your garage door from anywhere in the world.

In order to facilitate this, there is an MQTT server. MQ is a message

queue. It's often used for IOT devices like this. A garage door controller here could,

for example, send status requests or updates to MQ. The trick here with Nix is that all devices use the same password in order to connect

to this MQTT controller. So the end effect is that once you know what that username and password

is, and that is sent to every single device with next and it's also present in the firmware

you'll be able to update any other garage door that uses the same controller and it's even not

that hard to search for it because everybody uses that same account messages to garage doors worldwide are all broadcast to every single garage door,

...