3rd Annual ITS Tactical Pumpkin Carving Contest

Posted on October 11, 2012 by The ITS Crew

Back for it’s third year, the ITS Tactical Pumpkin Carving Contest is all about getting into the Halloween spirit and carving up a tactical pumpkin.

Submitting a photo of your carved pumpkin will get you entered to win some awesome prizes, including ITS Gift Certificates to our store and even the yet to be released MSCS (Modular Skeletonized Carrier System!)

Be sure to check out the rules and resources listed below to see how you can get your entry in. Be sure to also check out all the great winners we had last year and the year before! Continue reading

Posted in ITS Information | Tagged , , | 7 Comments

Preparing for the Inaugural ITS Tactical Muster

Posted on October 10, 2012 by The ITS Crew

If you’re new to the site, you may not have heard about the ITS Tactical Muster. It’s a multi-day skill-set building excursion that focuses on many of the topics we advocate on this site. The benefit here is that we break free from the digital world for a bit and really get our hands dirty.

The ITS Crew has been working tirelessly behind the scenes and spent months planning in order to deliver the best experience possible. Expect to be stretched both mentally and physically with the activities we have set up.

The date for the Muster is just around the corner and if you’re lucky enough to be attending this action packed workshop of team building and skill development, you’re probably almost ready. But there are still some more things you can do in the mean time to make sure you’re prepared for when you arrive.

Here are just some of the articles we’ve run in the past that you may want to revisit. Read them, practice them and learn them. Remember that ITS Tactical and the web in general, is full of resources, so dig deep and keep learning! Continue reading

Posted in ITS Information | Tagged , , | 9 Comments

Signaling Considerations for Your Vehicle Emergency Kit

Posted on October 9, 2012 by Bryan Black

Lately, I’ve really been diligent about re-evaluating the emergency equipment I store in my vehicle. While that information is definitely coming in a future article, one of the things I’ve recently contemplated is what kind of emergency signaling to carry. More specifically, emergency signaling devices to alert oncoming traffic that I have an emergency.

While there’s certainly no shortage of options, those options also took some consideration to narrow down. Let’s take a look at some of the pros & cons I’ve found, with what’s available on the market and what I based my decision on. I will state that this is entirely my opinion and what I’ve found to be the best option, may not be the best for you.

Requirements

Right off the bat, I knew I didn’t want anything that would rely on a battery to operate. Batteries die and while I feel like I have a pretty good system for keeping emergency equipment up to date, I really don’t want to be dependent on batteries. That takes strobes and any kind of battery powered lighting off the list. Strobes can be extremely effective, but also are outside of the norm of what drivers would expect to encounter on a roadway. A bright strobe flashing on the side of the road might be more of a distraction than a device that would make them move over a lane.

Some other considerations on strobes and battery powered lighting, are that they’re also electronic devices. We all know how Mr. Murphy likes to mess with electronics, it’s one of his hobbies. Electronic signaling is also a more expensive option and you’ll more than likely want to retrieve them after the emergency is over; this in itself can be dangerous. You’re also out that money if a driver happens to run one over.

Another requirement I had, is that whatever device I used, needed to be seen both in the day and the night. Reflective devices were the next thing I considered. While highly visible at night with reflection from a light source, they’re not as visible during the day as they are at night. Some reflective devices I’ve seen, like reflective road triangles, are prone to falling over in high winds. The bright orange or red triangle is fairly visible during the day though.

Candidates

This brings us to one of my favorites, chemlights. While these are great at night, they aren’t as good for daytime use. Having a few around in a vehicle emergency kit can’t hurt, as they’re great for an emergency lighting source. Placing them on the side of the road to alert drivers may not be as effective as other options. Chemlights also have a shelf life, but I’ve found they still work well after the expiration date.

Flags are another choice for emergency signals, but I consider these to be a supplement and wouldn’t want this as the only option. Even with a highly visible marker panel, like the VS-17 or an MPIL, there’s a chance a driver wouldn’t see it until they’re close. These are also limited to a daytime emergency signal, unless combined with a reflective device. Again, we’re back to the notes above on reflective devices.

ITS MPIL

The ultimate option in my book is road flares. Flares are a universal roadside emergency signal and there’s no mistaking a few road flares every few feet leading to a roadside emergency. They burn bright during the day and especially at night. While you wouldn’t necessarily want to use one to light up a trunk at night, they do make fantastic emergency fire starters. This alone makes them a great dual purpose device and a supplement to a vehicle emergency/survival kit.

Activating a road flare is accomplished with a simple strike cap, much like a gigantic match. Depending on the length, these can burn from 5 minutes to 30 minutes and don’t require retrieval from the roadside. They’ll eventually burn themselves out. I’d also like to bring your attention to a fantastic 2005 study (link to PDF) done by Penn State Transportation Research. The study analyzes the effectiveness of Orion Signals Emergency Road Flares in enhancing the “safety zone,” or the area which is created by the presence of safety devices.

I opted for Orion Signal 30 Minute Road Flares with an integrated wire stand to prop them up on the roadway when deployed. It’s somewhat thin wire, but even if the flare did fall, I feel they would still be just as effective.

I’ve come across flares being utilized on the ground and it certainly didn’t lessen their effectiveness. I’m currently keeping six of them in my vehicle, as well as in Kelly’s car. I truly feel emergency signaling devices are an important part of a vehicle emergency kit.

Your Thoughts?

I’d like to hear from you, what do you carry for an emergency signaling device in your vehicle. If you don’t carry anything, what do you consider to be effective? Please don’t just say an open hood!

Posted in Survival | Tagged , , , , | 22 Comments

Inside Red Team Operations, Part 2: Analyzing Recon Data and The Dry Run

Posted on October 5, 2012 by U. Fridman
2 of 3 in the series Inside Red Team Operations

RedTeams2MainToday we’ll be looking at the 2nd part of our Inside Red Team Operations series, which takes us through the process of planning, preparing and executing a security vulnerability assessment and penetration test; bad-guys style.

In Part 1, we looked at some of the elements and techniques for planning the operation and the recon. In this part, we’ll see how the information gathered during the 1st phase can be used to plan the operation.

Sorting Through Recon Data

Through OSINT, social engineering, phone probes and physical recon, we collected a large amount of data about our target. Some of that information is useless and some is the key to the success of the operation. Going through the information is tedious work but it can be rewarding.

Focusing on People

The first focus is on people. We collected email addresses and information about their employees. This should give us a clear picture of the who’s who in the company, or at least one or two names we can use to mount a social engineering attack. I usually focus on the people that hold mid-level positions. They tend to be well informed about what’s going on and are usually very helpful on the phone or over emails. That willingness to help usually comes from a person wanting to climb into a better position and want that extra “you see? I am very helpful and people rely on me” message to be spread.

Once we have a name, we can search all the information we have about that person. If needed we can perform a deeper recon on him/her. There are several websites that provide information about a particular person, however social media sites like Facebook, Twitter and especially LinkedIn provide all the information we may need.

Products and Technologies

The second thing we focus on is products and technologies. A huge part of a successful social engineering attack is having your facts straight.  If the target is a company manufacturing/developing products, they usually have them listed on their Website. Focus on those and try to get the product owners, managers, developers, spokesmen, etc.

If the target is an organization (either private or government) then the focus should be on the service these organizations provide and the points of contact.

 

Infrastructure

Finally we focus on the technology, or more specifically what powers their networks, web servers and their IT infrastructure.  This includes informational scans for things such specific product names and versions, problems with them as reported by their own IT people. Backend and frontend technologies such as any database, CRM or other data management, web services technologies and code.

This information will allow us to start planning any possible penetration via the exploitation of a technical vulnerability. For example, if I know their main web page is hosted on a Windows 2003 Service Pack X, with IIS X.x and MS SQL Database X, then I’ll be able to pinpoint a possible vulnerability that might not be patched in this system and either find an exploit for it or write my own.

In our project, we want to be able to penetrate the company’s network and if that fails, penetrate the company’s premises.  Sorting through the data, we found that the VP of marketing’s email address is listed as a point of contact on a bird watcher’s forum.

How is this relevant? Well, we now have “something in common with the VP.” We’re going to become not only an expert bird watcher, but “all the sudden” there is a new bird watching expo being planned in a few months. Since this VP is such a successful business person, we’d like him to be one of the keynote speakers at this expo. How’s that?

Observation-Nador

Preparing The Bait

The first thing we need to do  is  get our facts straight. We don’t need to learn everything there is to bird watching, but take 24 hours to read about it, familiarize yourself with the jargon, the hot spots in the country and local area. You want to sound credible.

Second, buy a domain that reflects the “bird watching expo” that is coming up soon. For example, birdwatchexpovegas.com, or something similar. This will be our bait. We’ll use this Website to try and exploit the vulnerabilities we may find in their system, or if this fails, as a supporting site for our cover story.

It would be a good thing at this point to try to figure out what kind of laptops/workstations the employees use. Knowing what OS (version, patch version, etc.) will help us narrow the possible vulnerabilities we can exploit.
One way to do this is by calling and using social engineering to get any number of employees to disclose that information. Another is to directly approach our target with an email.

His company email is the point of contact for the bird watchers forums, so he is expecting to see bird watching related stuff on this inbox. Using the Website we just created we add a little piece of code to the page that can extract some of the information we need. We then can craft a very convincing email directing the target to our site.

If this works, then we’ll have a file sitting on our server with enough information about his browser and system for us to be able to pinpoint a vulnerability that can be exploited. On top of this, it’s often safe to assume that large corporations and organizations don’t have the latest patches, so we can use 0day exploits as well and see if they’ll work.

A good thing to have at this point is a good attack that can be spread via a PDF or a Word document. Those two file types have a lot of potential for hiding exploit code that can leverage Adobe Reader and Microsoft Office, two products with a LOT of vulnerabilities. Another good technology to exploit is Flash. You’d be surprised at the things you can do with Flash. We could use the PDF or Word Doc on an email and the Flash on our Website.

Dry Run

Before we can try all of this on our target we need to perform a dry run. This will be used to not only test our code (Website, exploits, etc.) and our script (the social engineering script, the cover story,) but to also polish the whole plan and have contingencies for every part of it. What if the exploit doesn’t work? What if the target is not interested in the expo? What if he is using a web browser that has been patched? What if his secretary is the one answering the phone? A lot of things wind up not working out.

We need to go through the whole attack and figure out the weak points. If you can, bring someone that isn’t involved into planning and have him/her poke holes in the plan. You’ll be surprised at the things you miss when you’re extremely focused.

Now comes the tricky part. We need to replicate the target environment as closely as we can. That’s when the initial digital recon comes into play. We performed informational scans using one of many tools. We should have enough information about their internet facing network and some of the employee’s workstations in order to prepare our own copy of those systems. Grab a good server, install a virtual machine manager and start cracking.

Do they use Linux for their mail server? Do they use Windows with IIS for their website? Do they have Firewalls? Routers? Any other security device that can be detected? It’s important to note that in most cases, an informational scan will return minimal information, so it’s necessary to go head first into gathering more. This can be done by either calling or visiting the target.

Once we have out servers and workstations ready have your team play the parts and have a person not involved in the planning play the target. Follow the flow and see where it fails.

Stay tuned for Part 3, where we’ll execute the operation and see how to react when things don’t go as planned!

Posted in Security, Tradecraft | Tagged , , , , , , , , , , , | 1 Comment

Using Google Maps and Android Phones to Scout for Free Campsites

Posted on October 4, 2012 by Jeff More

Earlier this year, I wrote an article for the Art of Manliness on the benefits of dispersed camping outside of established campgrounds and how to use them to launch off to last minute weekend getaways, but the how of finding these campsites deserves a post of its own.

US Forest Service maps are great, but don’t always reveal as much about the terrain as Google Maps can. Here we will use Skynet’s Google’s eyes to help us find a nice off-the-beaten-path campsite. Continue reading

Posted in Navigation | Tagged , , | 5 Comments

Reader Tip for Difficult Paracord Projects

Posted on October 3, 2012 by The ITS Crew

We were recently contacted by one of our readers, Nick, who had a great idea to utilize a small nail fused onto the the working end of a length of paracord.

This not only provides a better tip than fused paracord alone, but will give you a helping hand to weave paracord, somewhat similar to a fid or a marlinspike  in traditional ropework. Continue reading

Posted in Misc. | Tagged , , , | 11 Comments

Operation Gratitude: Helping Our Troops with Handmade Donations

Posted on October 1, 2012 by Kelly Black

You may recall our post last year about Operation Gratitude collecting crocheted and knitted scarves to send to our troops stationed around the world. This year the need for scarves and other handmade  items continues and there’s still plenty of time for you to get involved.

Last year I crocheted five scarves that were sent to Operation Gratitude and this year my goal was to double that by knitting and crocheting ten scarves. There were several friends of ITS who joined me and also made scarves that were sent to our troops through Operation Gratitude. We sincerely thank those of you made scarves or other donations last year and hope that you’ll consider contributing again this year.


Continue reading

Posted in News | Tagged , | 9 Comments

Oktoberfest is Here! New Titanium Entry Card and ITS Oktoberfest Patch Debut Today!

Posted on September 28, 2012 by The ITS Crew

Manufactured out of aircraft grade Titanium, this .032 in. thick emergency lock pick card is the same size & thickness of a normal credit card and provides you with two identical sets of tools! With most lock pick cards, once you snap out the picks, you’re left without the same storage you once had.

[flickr id=”8032923752″ thumbnail=”medium_640″ overlay=”false” size=”medium” group=”” align=”center”]

With the ITS Titanium Entry Card, you’ll have a set left over if you need to use one in an emergency situation. Whether it’s accidentally locking yourself out of the house, or just helping a friend, you’ll always have a way in.

[flickr id=”8032923646″ thumbnail=”medium_640″ overlay=”false” size=”medium” group=”” align=”center”]

Each made in the USA ITS Titanium Entry Card features two tension (torsion) wrenches and two sets of pick tools (single and triple and hump) perfect for raking or single-pin picking. Pick yours up here!

ITS Oktoberfest Morale Patch

In honor of Oktoberfest, we decided to come up with an ITS Oktoberfest Morale Patch to mark the occasion. Featuring an ITS beer stein emblazoned with our logo and “Herrschen,” German for Prevail, you’ll be ready to undertake the festivities!

New Plank Owner and Crew Leader Rocker Patches

We’ve excited to have finally (after many requests) produced our  Plank Owner  and Crew Leader Rockers in our Tan/Grey and MultiCam colorways to match our ITS Logo Morale Patches!

Please log in to access these member specific items in the store! If you’re not yet a member, click here to sign up as an ITS Crew Leader!

Posted in ITS Information | Tagged , , , , , , , , , , | 2 Comments

Do You Want to Be Challenged? Win a Free GORUCK Challenge at ITS Tactical!

Posted on September 27, 2012 by Bryan Black

Both Mike and I have completed a GORUCK Challenge and I feel that I speak for both of us, when I say it was a fantastic experience that we’d recommend to anyone willing to challenge themselves.

Personally I feel like the GORUCK Challenge is truly an adventure that will introduce you to yourself. By that, I mean that if you’ve never been through a true challenge that tested you both mentally and physically, how can you truly know yourself and your strengths and weaknesses? My answer to that, short of enlisting in the Military and volunteering for Special Forces or Special Operations, is to give GORUCK a shot.

I feel the experience you’ll gain through GORUCK is fundamentally better than any Mud Run type race around and GORUCK is certainly well beyond that level to begin with. I’d invite you to read through the  after action report from my GORUCK Challenge, as well as Mike’s write-up that finally convinced me to try it out. They offer two entirely different perspectives to GORUCK, mine from a Military background and Mike’s from a civilian background.

Today is about giving you a chance to participate in a GORUCK Challenge for free! We’ve teamed up with GORUCK to offer you a spot and all that we want you to do is leave a comment with at least 50 words, describing why you’d like to attend a Challenge. We’ll select what we feel is the most compelling comment and the winner will get to choose the destination where they’d like to attend a GORUCK Challenge for free!

While I urge you to read through the AAR’s above, the Challenge is  about fire in the gut, mental toughness and  functional strength! This is for everyone regardless of age or gender, I just want to make that clear.

All entries must be received by Sunday, October 7th at 11:59 p.m. Central Time. We’ll choose the best entry soon after and post up with the winner! A huge thanks to GORUCK for their help in making this contest happen and for their continued support!

Posted in ITS Information | Tagged , | 42 Comments

Rifle Dynamics Continues to Innovate with Awesome New Products

Posted on September 26, 2012 by Bryan Black

Rifle Dynamics New Products

Today, I’d like to present a short video we produced on some great new products from Rifle Dynamics. Shown below are the Stippled US Palm AK Battle Grip (with reduction), RD AK Triangle Stock Pouch manufactured by HSGI in the USA, the RD AK to M4 Stock Adapter manufactured by IWC in the USA and Jim Fuller’s AK Armorer’s Bench DVD by Panteao Productions.

If you’re interested in picking up any of these new products, head over to the Rifle Dynamics Web Store and be sure to check out all the latest and greatest on the Rifle Dynamics Facebook Page! The Stippled US Palm Grip shown in the video is a special order item right now and will be on the store when they’re available in a significant quantity. To inquire about availability, email them at [email protected]

There’s also been some new information released there about a Build Your Own AK Class that Jim Fuller and Billy Cho will be putting on February 8-10th of next year at their shop in Las Vegas, NV. You’ll be working with Jim and Billy to put together your own AK-47 that will be shipped out to your FFL upon completion of the course (if out of state). There are only 15 slots available, so if you’re interested, be sure to secure a spot by emailing Rifle Dynamics at [email protected]

I’ll be attending the course next year and look forward to seeing anyone that has the chance to make it out! It’s certainly a great opportunity to learn about building an AK, right from our friends at Rifle Dynamics!

Rifle Dynamics New Products

Rifle Dynamics New Products

Rifle Dynamics New Products

Rifle Dynamics New Products

Rifle Dynamics New Products

Posted in Firearms | Tagged , , , , , , , , , , , | 1 Comment