Nzyme: Your Wi-Fi Watchdog Against Wireless Woes

January 14, 2025

This was originally posted on LinkedIn by Kyle Goode. In effort to get the blog section more populated I’ve reached out to some authors and asked if they’d be okay having their content put on this site. Kyle was gracious enough to let me grab his posts and highlight them here. Make sure to give him a follow on LinkedIn.

Nzyme is a unique open-source Wi-Fi security solution. I have been a user since its 1.0 version, and to this day, I haven’t come across another platform that focuses as effectively on Wi-Fi security. While most access points can detect rogue access points, few offer the same level of capability as Nzyme.

Nzyme introduces the concept of "bandits," which scan and alert on common Wi-Fi penetration testing tools such as the Pwnagotchi, Wi-Fi Pineapple, and Flipper Zero ESP32. These tools are uniquely fingerprinted by the platform. Owning any of these "bandits" makes it easy and efficient to develop and test alert rules in real time.

Currently, alerts are limited to SMTP and can be categorized into two types:

System-based alerts: Triggered if parts of the platform, such as taps, start failing.
Security-based alerts: Triggered when a bandit is detected in the environment, malicious deauthentication packets are transmitted, or rogue access points are detected.

The Nzyme platform consists of a PostgreSQL database, the core Nzyme platform (called the Nzyme node), and a Wi-Fi dongle (called a Nzyme tap). These components are primarily run on Debian- or Ubuntu-based systems. While Raspbian is often recommended, regular Debian works just as well. Taps are Ubuntu-only but are also compatible with Debian systems.

Evolution from 1.0 to 2.0

In the 1.0 version, Nzyme was fully integrated, running as a single service. With the 2.0 alpha versions, the architecture has evolved to support a multi-node setup. You can now run a single Nzyme node and deploy as many Nzyme taps as needed for comprehensive network coverage. These components are distributed as separate packages.

One exciting feature introduced in 2.0 is trilateration, which requires at least three taps on the same floor of a building. Trilateration allows you to pinpoint the location of rogue devices, such as bandits. This is particularly useful if a threat actor gains physical access to your building and places a malicious device in an inconspicuous location, a common technique used by penetration testers. The 1.0 version even provided guidance on building a handheld tracking device for bandits, though I wasn’t brave enough to attempt it at the time.

The 2.0 version also adds support for Ethernet monitoring. By using a span/mirror/tap port on a switch, you can monitor network activity, such as DNS tunneling, beaconing, and remote connections like SSH. While I typically rely on Suricata with Snort rules and Zeek with RITA for comprehensive network monitoring, Nzyme’s Ethernet capability provides a simpler configuration and adds redundancy. Additionally, ARP analysis appears to be a planned feature in future versions.

System Monitoring and API Integration

Nzyme allows you to create monitored networks for your environment. As I’ve mentioned in a previous article, I’m a big fan of Prometheus for system monitoring and metric gathering. Nzyme offers a native exporter for Prometheus, making it easy to integrate into existing monitoring solutions.

Nzyme has also introduced Nzyme Connect, an API for obtaining GeoIP, MAC address OUI, and vendor information. Additionally, it offers Bluetooth device discovery. Although this feature is still in its early stages, I’m excited to connect it with my Ubertooth to explore its capabilities further. Nzyme Connect also serves as a SaaS platform for monitoring your Nzyme nodes and taps, with enterprise support now available. For added convenience, prebuilt Wi-Fi kits are offered, eliminating the need for manual configuration.

Future Features and Wishlist

I am eagerly anticipating the stable release of Nzyme 2.0 and the additional features that will come with it. One feature I hope to see in the future is webhook integrations with popular messaging apps like Slack and Teams. This would streamline alerting and incident response for security teams.

Nzyme continues to solidify its position as a versatile and powerful Wi-Fi security solution. Whether you're a security professional, penetration tester, or simply someone concerned about wireless security, Nzyme offers tools to protect your environment against rogue devices and malicious activities. I’m excited to see where this platform goes next.

Resources:

Nzyme

Nzyme Bandits

Nzyme Network Monitoring

Nzyme Trilateration

Nzyme Connect

Nzyme Wifi Kit

Launching Exploring Information Security

January 2, 2024

Starting January 2, 2023, I will be offering a set of services as Exploring Information Security, LLC. Check out the Services page for a full listing of what I plan to offer. I am offering a variety of services based on my skillset, past experience, and where I think I can be most effective helping people and organizations.

I have researched and established rates but I’m willing to negotiate lower rates based on demand.

Why the move to self-employment

I had an opportunity to start monetizing the Exploring Information Security podcast back in 2019. I was starting to have people from vendors reach out to me about hosting a guest. I had some conversations about but I still had a full time job that I enjoyed and had recently been promoted into management.

As I discussed in my final episode, I decided to shut the podcast down because management was a very stressful job. I was compensated well enough and wasn’t really looking for another source of income. I also wanted to spend more time with my family. I had spent less time with them so I could develop my career and get us to a better financial situation.

Fast forward several years, I am at a transition point in my career. I have enough money saved up that I don’t need to immediately find a job. I had planned to launch this last summer but I had an opportunity to join some friends at Antigen and see the inner workings of a startup while I helped get them through the busy season of incident response. I am very grateful for that opportunity and it gave me time to further refine Exploring Information Security.

I am still looking for a job and if you’re interested in chatting reach out to me on LinkedIn.

What are the services

Looking back over my career, I realized I really enjoyed being an educator and building out programs and processes that helped an organization be more efficient and effective. With that in mind the services I am offering are built around that. I am throwing several different services out there to see what will stick.

Sponsorships

This is for vendors who are looking to expand their brand. I’ve got several ways of doing this via the podcast and website. An existing or upcoming show can be sponsored. My podcasts are meant to be timeless and I’ve found that people don’t listen to the podcast in order. They pick and choose whatever podcasts interests them. Sponsoring a show means the ad will run for a much longer time.

Ads are short advertisements prior to or during the show. If a pre-existing show is sponsored I will edit and re-add so it gets refreshed in feeds. Another option is to produce an episode specifically for the vendor. A guest from the company comes on to discuss a topic that relates to a product or service. You can also hire me to run your podcast or webinar panels.

For the website, vendors can sponsor specific pages, blog posts, or the website overall with a banner ad. This can be things existing or I can create the page. Rates are based on effort and other factors.

Hit the contact button if you’re interested in these services.

Contact

Education

I’ve presented at several conferences and local user groups over the years but I’ve done even more inside organizations. I always like putting together presentations that are engaging and help people learn about security. The website is a reflection of that. Security Awareness is something that I think is very important for an organization but every time you bring it up to people they don’t have a good experience with it. I want to change that. I want to make content that is engaging and is something people will engage with more.

Coaching is something I’ve done a lot of as a manager and as a mentor to people in the space. This is why I’m offering Cyber Security Coaching services for individuals and organizations. I’ve had lots of conversations with people in management that are struggling to upskill there staff and I believe I can help with that problem.

Management is something I’ve done for over six years. It’s where I always wanted to be in my career and I spent a lot of time studying and consuming podcasts on the topic. It’s something I’ve been very good at as I’ve been able to retain people and get the most out of them. I knew that once I got into management I needed to shift my mindset from a doer to a delegator. My results were going to come from my team not from what I did.

There’s a talent shortage but managers can get more out of there people and do so without increasing the work week. I’ve done it and I’m happy to share how I’ve done it as part of Management and Hiring Consulting services. You can also review the management resources page on the site. It’s all my “secrets” to management. If you don’t have time for that click the contact button.

Contact

Security Consulting

I’ve built lots of programs and processes over my career. Many of them are still running today. I build programs to outlast me. My specialization is application security, vulnerability management, and security awareness.

I’ve implemented an application security program that got vulnerabilities down to zero for existing applications in 6 months. I’ve also improved security in cloud environments taking security scores in the 20% and getting them to over 90%.

I’ve built a vulnerability management program that reduced vulnerabilities in the environment by 86% in the first year. After a few years vulnerabilities in the environment were below 20 thousand after starting at over two million.

I’ve conducted security awareness training at lunch and learns, town halls, secure code training, and post incident sessions. I’ve also built a phishing program that phishing 6000+ employees monthly and reduced click rates and increased reporting rates by over 50%.

I have experience in other areas such as security engineering, pentesting, security operations, governance, risk, and compliance. I am a generalist with a wide view of security and how it can make the business better. Contact form is below.

Contact

Speaking Engagements

I enjoy taking a complicated topic and breaking it down into understandable and actionable terms. I’ve been doing this for several years both at conferences and internally at organizations. I think presenting is an art and that content can be engaging. Which is why I’m offering up my services for conferences or internal events people would like me to attend. Along with podcast services I’m willing to run a podcast or moderate a webinar panel for organizations as part of their marketing initiatives.

Contact

Donate

I’ve gotten a lot of great feedback over the years on the podcast. I’ve heard from professors who assign their students podcast episodes to listen to for homework. I’ve had co-workers let me know they listened and enjoyed the show. I’ve had people in the industry reach out to me to ask when I was bringing the podcast back. Today is that day and I’m excited to make a small impact on the industry!

For people looking to support the podcast I’ve setup a way to donate. The more donations I get the more opportunity I have to focus on developing great content for this site. Click the donate button to show appreciation and help me focus on producing content for the site.

Donate

Review

To review, I’m excited for the opportunity see if I can make Exploring Information Security a sustainable company. To this day I still meet people who used to listen to the podcast and I’m often asked if I’ll be bringing it back. That day is to day!

I want to keep this going even if I end up having to get a job. Launching it with services will hopefully make it sustainable and allow me to regularly produce content and build out the website. For individuals looking to contribute I have setup a place to support the show by donating money. I may down the road add a subscribers portal but the podcast and the content on this site will always be free. I want this site to help people grow and develop their careers and tackle the difficult problems in the information security space.

If you’re interested in services or just want to drop a note our question reach out by filling out the contact form below.

This post first appeared on Exploring Information Security.

Contact

Free security policy templates available for download

December 13, 2023

When I started up this website last summer one of the first things I was asked about was creating security policies for a company that didn’t have any. I thought it would be a good opportunity to try out ChatGPT and the results were very exciting. Within a couple hours I had ten policies for a small business that needed them as part of a security review. I had them review and then had them sign them.

ChatGPT provided me the first draft and then I edit and customized it to the company. For large companies this isn’t a big deal but for small companies that need security policies this is a good first step. I’ve decided to release the templates I made on my website. Feel free to provide any feedback in the comment section below.

As I’ve written before, I think AI is going to have a huge impact on society similar to computers or mobile phones. Specifically, in the security space it will impact anyone that creates documents like policies.

You can click the link below to access the policies for download. If you need help with your policies or need other consulting services click the contact link below and fill out the form.

This blog post first appear on Exploring Information Security.

Security Policies

Contact