Only a Math Genius can Solve this Puzzle–Not Really!


Yaacov Apelbaum Sumerian mathematic tablet


One of the most popular math equation puzzles on social media is interesting because it doesn’t have one correct answer and it illustrates the nature of a solution divergence.

Here is an example.  The following two problems can be solved correctly regardless if we use sum of the digits in the product or product of the sum of digits methods:


But when it comes to the next set of 33×33=? each solution diverges and will yield two different results (see result table bellow for method 1 and 2).

For method 1 (sum of the digits in the product) it is: 33×33=18

33×33=1089 or 1+0+8+9= 18

For method 2 (product of the sum of digits) it is: 33×33=36

(3+3)x(3+3) = (6)x(6)=36


Here is a graphic solution for method 2

Yaacov Apelbaum If X and Y than Z

Here are the solution for the first 40 sets for each method.

Method 1

Method 2
11 11 121 4 11 11 4
22 22 484 16 22 22 16
33 33 1089 18 33 33 36
44 44 1936 19 44 44 64
55 55 3025 10 55 55 100
66 66 4356 18 66 66 144
77 77 5929 25 77 77 196
88 88 7744 22 88 88 256
99 99 9801 18 99 99 324
110 110 12100 4 110 110 400
121 121 14641 16 121 121 484
132 132 17424 18 132 132 576
143 143 20449 19 143 143 676
154 154 23716 19 154 154 784
165 165 27225 18 165 165 900
176 176 30976 25 176 176 1024
187 187 34969 31 187 187 1156
198 198 39204 18 198 198 1296
209 209 43681 22 209 209 1444
220 220 48400 16 220 220 1600
231 231 53361 18 231 231 1764
242 242 58564 28 242 242 1936
253 253 64009 19 253 253 2116
264 264 69696 36 264 264 2304
275 275 75625 25 275 275 2500
286 286 81796 31 286 286 2704
297 297 88209 27 297 297 2916
308 308 94864 31 308 308 3136
319 319 101761 16 319 319 3364
330 330 108900 18 330 330 3600
341 341 116281 19 341 341 3844
352 352 123904 19 352 352 4096
363 363 131769 27 363 363 4356
374 374 139876 34 374 374 4624
385 385 148225 22 385 385 4900
396 396 156816 27 396 396 5184
407 407 165649 31 407 407 5476
418 418 174724 25 418 418 5776
429 429 184041 18 429 429 6084
440 440 193600 19 440 440 6400



It is interesting to note the series growth patterns for each method.  Where in method 1, the values tend to cluster around a range of several values (see pattern for 30K solutions), in method 2 the growth is polynomial.


© Copyright 2017 Yaacov Apelbaum, All Rights Reserved.

Anguished English


Yaacov Apelbaum - Anguished English

“Thy sin’s not accidental, but a trade.” (from Measure For Measure)

Getting bombarded by Phishers is no fun but sometimes these communications offer some comic relief. This posting is dedicated to the anguished English and linguistic jewels they produce. May the tormented ghost of Shakespeare continue to sabotage their exploits.

Here are my top ten favorites:

1. Starting the message in one language and then switching to another as in “Dear Cliente,”

2. Getting subject verb agreement wrong as in “Your account just make…”

3. Poor punctuation as in “Due to concerns, for safety and the integrity…”

4. Nonsense content as in “Most of your date in our database were encrypted…”

5. Poor formatting as in missing a space after a period.that’s right.

6. Wrong capitalization as in “This is the Last reminder…”

7. Poor grammar as in “If this message sent as Junk or Spam, its just an error…”

8. Excessive use of exclamation marks as in “Update Required!!”

9. Poor spelling as in “It has come to out [our] attention that…”

10. Failure to do basic arithmetic accurately as in “$254.99 + $20.00 = $374.99”


Yaacov Apelbaum-Anguished English PayPal 1


Yaacov Apelbaum-Anguished English PayPal 2


Yaacov Apelbaum-Anguished English PayPal 3


Yaacov Apelbaum-Anguished English PayPal 4


Yaacov Apelbaum-Anguished English PayPal 5


Yaacov Apelbaum-Anguished English PayPal 6


Yaacov Apelbaum-Anguished English PayPal 7

Yaacov Apelbaum-Anguished English PayPal 10

Yaacov Apelbaum-Anguished English PayPal 8


Yaacov Apelbaum-Anguished English PayPal 9


© Copyright 2016 Yaacov Apelbaum, All Rights Reserved.

Capturing the Flag

Yaacov Apelbaum - Who Knows What Evil Lurks in the Heart of a Cyber Attacker

If you are a typical cyber security  practitioner, you most likely catch-up on the latest developments by visiting on-line sites like News Now, by reading various publications, and by periodically attending various vendor workshops. For the majority of security managers, the daily work grind and life/work balance challenges diminish the prospects of going back to school and plowing through hands-on in-depth training.

Over the past two decades, the corporate cursus honorum for IT management has been the much coveted MBA degree. In a large number of Fortune X00s, having an MBA from a top school was considered a prerequisite for an executive promotion. an MBA attested that an individual possessed all the current business acumen and the polish needed to take on any future corporate responsibility, it was the ultimate professional endorsement of merit.

This trend—other than having the end result of a glut of MBAs on the market—has also resulted in a shortage of highly technical cyber security managers. Consider some of the wholesale data breaches in some of the largest US retailers for 2014 alone. Check out the biographical backgrounds of some of the CISOs of the impacted companies. Not surprisingly, you will find no shortage of MBAs from top tier schools. What appears to be missing are individuals with vocational specializations in cyber security, and I’m not referring to rank and file CISSPs.

Of course, a common counter argument to this is that as a manager you are not supposed to know the ‘nitty gritty’ details of every technology in your corporate inventory and instead are expected to delegate to and draw on the expertise of others.

I don’t think that this is the case. Cyber security unlike databases, BI, or ecommerc, is almost entirely a technology and procedural play and as such, a security manager should not have any gaping holes in his knowledge or overly rely on subordinates to make sense of threats and counter measures. It would be unacceptable for a airline pilot to have gaping holes about the his Boeing 787 Dreamliner flight operations and him delegating the actual flight responsibility to the cabin crew.

I’ve recently had a chance to witness just how limited classical enterprise defenses have become. This is especially true when it comes to Advanced Persistent Threats. In one incident that eventually became the catalyst for me going back to school, I witnessed how one cyber attacker managed within minutes to defeat all of the traditional enterprise defenses and counter measures without even braking a sweat. Amazingly, even after the debriefing and root cause analysis, the security team was no closer to understanding how a properly configured and maintained brand name FW and an IDS/IDPS failed to stop the attack, let alone even detect it.

If you are thinking that this could not happen to you, think again. In the incident that I just described, all target boxes were patched, there were strict access control measures in place, the network was sub-netted, and there were effective audit and password management systems in place.

After recovering from my momentary shock, I had an epiphany and realized that I urgently needed to re-hone my skills. I’ve heard about the SANS Institute from a number of colleagues and after checking it out, I decided to enroll in their Penetration Tester program. After juggling my bank account, my work schedule, and their course availability, I selected the following four courses:

  1. SEC504 Hacker Techniques Exploits & Incident Handling
  2. SEC560 Network Penetration Testing and Ethical Hacking
  3. SEC575 Mobile Device Security and Ethical Hacking
  4. SEC617 Wireless Ethical Hacking, Penetration Testing, and Defenses

The SANS courses tuition is on the expensive side, ranging from $6000-$9000 USD. Add travel and accommodations and you are looking at about $12K per class. Each course is delivered in about a week (40-60 hours of classroom activity).  Classes are divided into lectures and hands-on labs with heavy emphasis on getting down and dirty.

Though it took me several months to complete the coursework, I have found the whole experience to be uplifting. In addition to getting access to practical, real-world expertise from some of the world’s best penetration testers, we practiced the gray art of performing detailed reconnaissance on would-be targets including mining a social media, and infrastructure data from blogs, forums, search engines, social networking sites, and other Internet resources.

In each course, we used the latest cutting-edge attack vectors as well as the traditional low budget techniques that are still quite prevalent. The aim of the course was to push the envelope in each domain and not to merely teach a handful of hacks and tricks. Another great component was exploring various administrative questions such as legal issues associated with responding to computer attacks, employee monitoring, working with law enforcement, and the collection and handling of evidence.

SANS Capture the Flag Las Vagas 2015

When it came to performing the actual exploit, we got to use the best tools on the market. This included both, COTS components and custom written utilities and scripts. In each class we learned dozens of methods for exploiting target systems and how to gain access to the systems post-exploitation. Just to illustrate the extensive hands-on approach that SANS adapted in teaching Penetrating Testing, here is a list of tools and techniques that we used in just the SEC 504 course:

– RootKits and detection
– Hidden file detection with LADS
– HTTP Reverse Shells using Base64
– InSSIDer for Wireless LAN discovery
– Nmap Port Scanner and Operating System fingerprinting tool
– Nessus Vulnerability Scanner
– Windows Command Line Kung-Fu for extracting Windows data through SMB sessions
– Sniffers, including Tcpdump
– Sniffer detection tools, including ifconfig, ifstatus, and promiscdetect
– Netcat for transferring files, creating backdoors, and setting up relays
– Metasploit, Metasploit, Metasploit Lots of Metasploit
– ARP and MAC analysis for ARP cache poisoning attack detection
– Password cracking
– Cross-site scripting and SQL injection web application attacks
– Intercepting and forging session cookies
– Detecting and executing DoS attacks techniques
– Detecting backdoors with Netstat, lsof
– Covert channels using Covert TCP
– clandestine network scanning and mapping
– Exploitation using built in OS commands
– Privilege escalation
– Advanced pivoting techniques

The great thing about the SANS curriculum is that they go pretty far down into the rabbit hole. A few of the classes required hard core coding skills (you get to write/execute some buffer overflows). Other classes were procedural and got down to the wire in terms of the inner functioning of RFC and protocol. For example, in the Wireless Ethical Hacking we had comprehensive coverage of WiFi, cordless telephones, smart devices, embedded home devices, mash technologies like ZigBee and Z-Wave, Bluetooth, DECT, and NFCs.

In the Mobile Device Security we practiced reverse-engineering iOS binaries in Objective-C, reverse-engineering Android binaries in Java and Dalvik Bytecode, evaluating mobile malware threats through source-code analysis, defeating Apple FairPlay encryption for application binary access, and overcoming anti-decompilation techniques.

SANS Capture the Flag Washington DC 2015

The participants in the classes came from diverse backgrounds, including three letter agencies, incident handling team members, and security administrators. The classes are well-suited for anyone with a good command of TCPIP and networking and they would also benefit architects and technical leads involved in security operations and R&D.

The delivery of the material is completely immersive. You go from 0-90 in one second.  Each course is equivalent to a traditional graduate semester course of 4 credits so we had to complete an average of one textbook per day.  At times, you feel like you are drinking from a fire hose.

Taking good notes and hitting the books at night will help you stay afloat. It goes without saying that the instructors were outstanding; they offered unlimited tutoring and were always available—even during lunch and after hours—to help answer questions and work through the practice labs.

Yaacov Apelbaum - SANS SEC504 Yaacov Apelbaum - SANS SEC560 Yaacov Apelbaum - SANS SEC575 Yaacov Apelbaum - SANS SEC617

Several interesting sessions in each class revolved around learning how to avoid being caught through various tactics and strategies for covering your tracks such as: File and directory camouflage, piggybacking on existing user Internet sessions to avoid detection, event log tampering and pruning, and performing memory cleanups.

For me, the best part of each course was the final session called “Capture the Flag”.  There, in a culmination of all of the hard work, we got to practice everything we had learned over the previous week. Each class had different parameters for capturing the flag, but they tended to follow the same patterns. We needed to do some reconnaissance, reconstruct the network layout of our target, map our victim’s equipment and software inventory, and then proceed to execute the attacks. Once you breached the target, you would perform some additional exploits and start pivoting between hosts and ‘living off the land”. The overall objective of this exercise was to collect flags that had been placed on various locations on the victims’ network by the instructor. Some of these flags contained encrypted files or messages that we needed to decrypt and use as clues for other attacks, others involved passwords that were being sent over VOIP, in memory session information, or data hidden in binaries.

SANS Capture the Flag Boston 2015

The capture the flag event usually lasts a full day and ends when one team successfully recovers all flags. At that point, the competition is stopped, the results are verified, and the winners are awarded the coveted challenge coins.

    Yaacov Apelbuam SANS 575 Capture the Flag Token  Yaacov Apelbuam SANS 617 Capture the Flag TokenYaacov Apelbuam SANS 542 Capture the Flag Token

    If you are a computer security practitioner, I highly recommend that you take all four courses. Even if you can only afford one, go for it. It will change your prospective on pen testing forever and help you take a proactive role in keeping your company safe and out of the negative limelight.

    Performing a good penetration test is much more than just hiring some outside help and rubber stamping an audit. Verifying the integrity of your corporate security, takes more than kicking the tires and lifting the hood these days. Anyone can throw a bunch of attacks against an organization and regurgitate the output of some automated tools in hundreds of pages of reports.

    Participating in hands-on structured training will help you avoid this trap and allow you to fully grasp your company’s real security needs so that you can formulate the most appropriate plan of action to in the most cost effective and timely manner.

    Going through the meat grinder, you get to witness first hand the process of hot dog making. It’s not a pretty sight, but its an informative one. One of my most profound takeaways from this whole experience was answering the existential question of the spoon. Yes, the spoon does exist, but only for the end-user, sysadmin, DBA, and auditors. There is no spoon if you are a proficient attacker. With the right strategy and tools, concepts such as access control, event log integrity, and passwords are meaningless and are but chaff before the wind.

    Yaacov Apelbaum - There is no Spoon

    I keep my three hard earned challenge coins on my office bookshelf as a reminder that there is likely someone out there right now who is targeting my network through some kind a a clever attack. He/she has all the right tools and resources and are as determined and hard working as I was to get his coins.

    And as far as my earlier MBA comment is concerned, if you are curious to know just how many managers attended the classes, the answer is just one. None of the 20-40 participants in each classes had senior managerial responsibility. In fact most of the folks I spoke to were surprised that a CTO would take time from his schedule and opt to get his hands dirty instead of just delegating this to one of his directs.

    After all, ‘Isn’t that what a manager is supposed to do?’

    © Copyright 2015 Yaacov Apelbaum All Rights Reserved.

    How to be a Happy Cat

    Yaacov Apelbnaum - How to be a Happy Cat

    Based on the illustrations of Gay Jolliffe

    Several months ago, I was working on a UAV project that involved some sensor integration. After spending several sleepless nights figuring out the right power distribution by trial and a lot of error, I figured that there must be an easier way. It was time to hit the books. After some research, I found that two decent introductory books on the subject are the "’Make Electronics’ series and ‘Electronic Components’ by Charles Platt.

    I am still working through these books at present. Other than learning a lot on the subject and building some neat devices, I have also discovered that Mr. Platt is a prolific author; a true Renaissance man.

    I perused some of his other titles on Amazon and I picked up “How to be a Happy Cat”.  It’s a great family read especially if you have a cat and kids who will undoubtedly enjoy the satirical narrative and Gay Jolliffe’s illustrations.

    Professing to be the “first and only self-help guide for cats”, the book answers many existential questions—from the point of view of a cat—that have  boggled the minds of felines since the dawn of history.  Here a cat can find answers to problems such as how to live more than nine lives and how to find lasting romance.

    One of my favorite observation in the book is:

    “There are millions of humans just waiting to pamper us with gourmet food, indoor sanitation, and professional care.  It’s absurd not to take advantage of the situation.”

    As far as the Make Electronics books, they’re great!  The labs are well structured and they take you from zero knowledge to a decent proficiency on the subject while requiring hands-on work and learning by doing.

    Another reason to go with these books is the coverage that you can find in YouTube and  the author’s responsiveness to questions.  When I ran into a problem with one of the experiments and just couldn’t figure out the solution,  I posted a question the the book’s website.  To my pleasant surprise, I got a detailed response from the author who provided me with some troubleshooting guidance.

    So in the spirit of sharing the knowledge, here are several tips and resources that I found useful if you are planning to work through the book:

    Ingredients  – Don’t try to assemble the supplies for the experiment manually. Instead, get a pre-packaged kit (i.e., Electronics Components Pack 1 and Electronics Components Pack 2).

    Component Sources – If you do need to purchase replacement LEDs, transistors, or relays, get them on Amazon or Ebay.  Most of the US retailers charge comparatively exorbitant prices for these components.  For example, I paid $2.69 for a bag of 50 LED, which is the same price Radio Shack charges for a single one. Not a biggie, but disproportionate.

    Testing Equipment and Tools – Get the best tools you can afford.  Nothing is free in life, so don’t skimp on price or quality of your multimeter, oscilloscope, signal generator, power supply, soldering station, etc. If you don’t know where to start, check out Dave Jons’s EEV Blog for product reviews

    Specifically for experiments 14 and 15, here are several tips and resources that I found useful:

    Experiment 14
    The two capacitors used in the “Pulsing Glow” experiment should have their negative poles facing away from the LED.  You can tell the negative poles by the location of the vertical white strip on the capacitor.  Also, when inserting the LED into the female header make sure that the negative LED leg (the shorter leg) is close to the black negative wire.

    Yaacov Apelbaum - Experiment 14 Pulsing Glow

    Experiment 15
    When assembling the five transistors, pay attention to their type (i.e. BJT vs. PUT) and their orientation.  The two transistors under the speaker are PUT 2N-6027, the remaining three BJTs are 2N-222A.  Note the 180 degree difference in orientation for both types.

    Yaacov Apelbaum - Experiment 15 Intrusion Alam Revisted 

    When preparing the project enclosure, use the following drill hole patterns.  This template fits a 6” x 3” x 2” (15 mm x 7.5 mm) project enclosure box.  To use it, print it out (make sure that the size does not change during printing), tape it on the enclosure cover,  and mark the centers of each hole with an awl.  Also, don’t pre-drill all holes on the cover. The sizes of the holes for the SPDT on/off switch and DPDT pushbutton switch (2 largest holes seen on the left side of the template) will be determined by the size of your specific components.

    Yaacov Apelbaum - Experiment 15 Intrusion Alam Revisted Drill Pattern

    Leave your functioning breadboard design intact and don’t dismantle it when transferring the circuit to the perfboard.  This will require you to purchase some spare parts, but having a functional prototype that you can refer to during the transfer process and use to troubleshoot is invaluable.

    When soldering the components, use =<0.5 mm wire size and a conical-wedged tip. This will help you maintain fine control over the size of the solder joint. I also found that setting my solder temperature to 750F allowed me to complete each joint in about 4 seconds.

    Yaacov Apelbaum - Experiment 15 Intrusion Alam Revisted Enclosure

    When assembling the final components, temporarily attach them to their poles by bending their lead wires and using alligator clips. Make sure that the whole system works, including the power on, self test, and magnetic sensor functionality before you perform the final soldering.

    Yaacov Apelbaum - Experiment 15 Intrusion Alam Revisted Enclosure top

    One more note: if you have a cat, batten down the hatches! We found LEDs, wires, transistors, and capacitors all over the house. Apparently, our own “Happy Cat” following the advice in the book, has been catching up on his circuit design as well.


    © Copyright 2015 Yaacov Apelbaum All Rights Reserved.

    The Doors of Ubud

    Yaacov Apelbaum Ubud Lilipad Lake

    I’ve arrived to Bali for a short stay.  At the Ngurah Rai airport, I took a cab to Ubud, a small town of about 30,000 inhabitants located north of the airport and about ninety minutes away.

    After checking into my room, I went out for a stroll around town. Ubud is a major hub for all sorts of regional drifters and the cafes and restaurants brim with tourists from every corner of the world.  Riding on this wave of opportunity, the city sports numerous galleries and handcraft stores.  The main attractions are the wood carvings, Balinese textiles, and paintings.

    If you are interested in some wood or handmade crafts, the low currency exchange rate ($1= 11,910 Indonesian Rupiah) makes them very affordable.  I visited a wood carver’s workshop in a nearby town and was amazed to find out that a hand carved teak house entrance door with elaborate screen and door frames was selling for abut $200-300 USD.

    Before the trip, I had a mental image of Bali being a paradise. Turns out I wasn’t wrong. The island is a lush tropical forest that is full of monkeys, bubbling streams, waterfalls,  and hundred eighty degree panoramas of remote, semi-active volcanoes. Unparalleled scenic beauty aside, the highlight of my visit was the doors, hands down.

    The streets in town have not been modernized yet and hence are a mixture of small business and old residential buildings.  Because of the Hindu prominence, the island is covered with scores of temples which include large public structures like the Mother Temple of Besakih, small village temples, and endless family residential temples.

    The entrance to the family residences and temples has a standard architectural form: a brick or masonry wall that surrounds the property and terminates in a wooded entry door.  These doors are just magnificent and turned out to be the highlight of my trip. I must have seen dozens of them and as you can see all are equally awe inspiring in their detail and artistry.

    Yaacov Apelbaum The Doors of Ubud-1 Yaacov Apelbaum The Doors of Ubud-2Yaacov Apelbaum The Doors of Ubud-4Yaacov Apelbaum The Doors of Ubud-5 Yaacov Apelbaum The Doors of Ubud-6Yaacov Apelbaum The Doors of Ubud-7Yaacov Apelbaum The Doors of Ubud-8 Yaacov Apelbaum The Doors of Ubud-9Yaacov Apelbaum The Doors of Ubud-10Yaacov Apelbaum The Doors of Ubud-12 Yaacov Apelbaum The Doors of Ubud-13Yaacov Apelbaum The Doors of Ubud-11

    © Copyright 2014 Yaacov Apelbaum All Rights Reserved.