ex nihilo nilhil fit


2020-07-12

Infosec Learning in June

I like this theme of cataloging the resources I'm using to learn more in the modern infosec space. It's a bit of an accountability route for me and it makes for a decent writing prompt. I struggle to keep a blog updated so this really helps.

I intend to continue the series with the things that I tackled back in June (plus some extra unrelated stuff). We're already almost halfway through July but I haven't covered this topic yet so here we are.

Death of The Manor

I lost a lot of time in June because of serious failures on the community network I ran for many years known as "The Manor." The first issue was the pandemic. I've basically sealed up my office where the server(s) ran and started working out of my home. I am a remote worker but I keep an office in a neighboring town for various reasons. Having an office with a dedicated business class pipe was useful, so I set up a little set of servers for friends and family to use.

Sometime last month, the building took a direct lightning strike and it took out a lot of our infrastructure. We had surge protectors on the electrical lines but not the cable coming into the building. This traversed several pieces of kit, ultimately taking out the whole network. I spent a couple of weeks trying to recover everything before throwing in the towel.

The Manor, as a community project, is no more. A large chunk of the month was devoted to getting all the users their backups and re-purposing what little bits of infrastructure were left. At the moment I just have a handful of servers running things for me personally. I did get a little bit of time to focus on infosec training, though.

I spent a good deal of time after the fall of the servers tweaking tripwire and GNU tiger once I rebuilt a couple of the servers. I still believe these are viable tools if you're running smaller services (perhaps at home or a small office). I haven't yet found a solid way to use them at scale, though.

Twitter Revisited

Last month I still made an attempt to re-join Twitter. I mused about it in May and have been considering it for a long time. I have a bit of FOMO around #infosec twitter and that community. I do believe the community is perhaps a little toxic and it is a lagging indicator but I want to participate to build my network.

I have a wide array of contacts for sysadmin/networks and programming stuff but my infosec rolodex is sadly empty. This was the primary reason for setting aside my complaints and joining Mastodon. I've not really stuck to the world of infosec in Mastodon because of all the friendly folks (and some old acquaintances from the fediverse). I lacked the discipline to stick to strictly security and I just happen to be having a good time.

Twitter wants a phone number. I'm not comfortable with this. I have read a lot of posts about people having to answer captchas and the like just to tweet and I am concerned about those things as well. I haven't completely given up on Twitter yet but it's not terribly attractive at the moment.

I need a better networking strategy, especially since I can't attend conferences in person at the moment.

Learning Plan Notes from FTE

As mentioned in the last post about this topic, I have a learning plan in place at my full time job. This is something I do annually wherever I work and I request input from my managers. I'm getting really close to being done with that list and I'm pleased with it.

In June (at the recommendation of leadership), I replaced the C++ book I was reading with No Starch Press' "C++ Crash Course" and I find it to be a much more streamlined introduction to the language. C++ isn't directly infosec related but the tooling we build for network monitoring is written in C++ so I need some competency in that realm.

I also added "Kafka: The Definitive Guide" from O'Reilly Media to the learning plan at work. We use Kafka in a couple of ways and, while also not directly infosec related, our tooling uses it so I need to understand it.

pwnable.kr

I spent some time playing with pwnable.kr in June and found the site to be really disjointed. It surprised me as it's one of the more popular CTF/wargame sites. The design and random Super Mario exploit video on the main page felt jumbled. Their SSL issues were a final concerning moment for me.

I set all of that aside and dove into the first two challenges. I found the first one to be a bit confusing but pretty well laid out. I must admit, I had to look up a couple of hints and found that I was looking in the right places but I was basically using the wrong options for certain commands. I feel good that I generally knew what I was doing but it was a little frustrating to be slightly lost.

I spent a little bit of time on the second challenge on hash collision and didn't get too far before I had to wrap up for the evening. I haven't revisited the site since, mostly because the whole thing feels quite chaotic. I am still looking for wargames.

A SecurityOnion Lab

I'd like to deploy SecurityOnion at home and at my office (if I ever go back) to replace my hodgepodge mixup of my router's monitoring, Suricata, and Zeek. I'm also learning a lot about some NSM tools that I wasn't aware of in the past (SiLK and friends) via the applied NSM book and I wanted to test drive some of them. With that in mind, I wanted to build a virtual SecurityOnion lab and I did just that. I posted about it in late june on this blog.

Since it's been installed, I've been tinkering with VirtualBox networking options. My next step is likely to set up a third VM to serve as an HTTP proxy for the two guest machines so that I can watch all traffic and not just host to host traffic.

Books

I finished "Mastering Python for Networking and Security." I found it to be more of a reference than a cover to cover read. There are lots of good tricks in there. It has taught me that I need to have a good note taking strategy so I can recall this kind of information when I need it. I leveraged O'Reilly Safari for this book and I think I need to purchase more dead tree copies of such books. They do stagnate, however.

I am still reading "Applied Network Security Monitoring" and I'm about halfway through the book. I've learned a bit about storage for FPC here and I'm learning about a few tools that I'm surprised I have never seen before. Much like Zeek when I started working at Corelight, I have no idea how I missed these tools. I hope to finish this book up this month (July) and move on to some other things.

I started reading through "Kali Linux Revealed" (kali.training). This one is very elementary. I know Kali well enough and I've spent decades using Linux. I'm reading this one because I plan to attempt the OSCP test and I'd like to know how Offensive Security structures their learning. I also hope to find any useful tidbits in here that will benefit me when I decide to take the plunge into OSCP training.

Once I finish this book, I'll also read Metasploit Unleashed for similar reasons. Again, I know metasploit pretty well. I'm simply trying to pick up on the Offensive Security language and teaching styles while maybe picking up on some pieces I've missed. Sometimes reading elementary texts can bolster things we already know.

I started reading Kevin Mitnick's "The Art of Invisibility" since it's recommended by just about everyone. It seems like more of the same privacy scare and elementary advice but I'm only a couple of chapters in. I'm reading this one just to say I've read it.

I purchased a copy of "Operator Handbook: Red Team + OSINT + Blue Team Reference" by Joshua Picolet. This is certainly next on my reading list. Unfortunately I snagged a PDF copy so I'm going to have to convert it to an ePub or maybe buy a physical copy of this one. I found it on the System Overlord blog after stumbling through a ton of "how to get into infosec" blog posts. It looks like a promising reference tome.

Finally, I added several telecom and cell service technical manuals to my Skillsoft learning plan. These aren't strictly infosec related but knowing the technologies means finding exploits will be easier. I've long had an interest in telephony and I'd like to catch up on the modern landscape and see what kind of holes exist there. We live in an age where I can run a full central office on a laptop... why not play?

Various Papers and Lists

I spent a lot of time last month consuming papers in the depths of the ACM Digital Library and (still in review) papers that were sent to me by colleagues. I mostly focused on the IEEE/ACM Transactions on Networking, the ACM Transactions on Privacy and Security, and a few things from SANS.

I've added a bunch of mailing lists to my RSS feeds to keep a pulse on things. Much like Twitter, these are lagging indicators. I've added the various nmap lists (full disclosure, bugtraq, etc), NIST news, packetstorm's exploits section, CERT recently published vulns, various items from SANS, and reddit's /r/netsec and /r/reverseengineering.

Along with those, I've subscribed to a couple of related mailing lists. So far it's not been too much of an info firehose. I'll let the experiment run for a few months and see if it proves useful.

Bonus Round

Finally, on a fun note, I read "Masters of DOOM: How Two Guys Created an Empire and Transformed Pop Culture" by David Kushner because I've been on a classic DOOM kick with what little free time is left over from this. While this book is a great history of id games and the Johns, it also contains a decent cautionary tale about death marches. I've worked in both IT and software development for quite a long time and have learned to actively push back against the grind.


ascia technologies
[ mrrr 0 || 1 ]