Silicon Shecky

Infosec Practitioner

Connect

Frost Piss.. er First Post of 2018

By Leave a Comment

From the frozen sections of the Northern U.S. welcome to 2018! I hope everyone had a good holiday and is refreshed. If not, step outside in the cold, you’ll at least be somewhat refreshed.

Spectre/Meltdown. There I have mentioned it. With so many fantastic write-ups and posts out there, you don’t need another one so lets move on.

One of the things I have been noticing is a lack of forethought. We (and our bosses especially) are so caught up in the reactionary phase of things, that we tend to not think things through. A new vuln comes out, chicken little starts screaming, and we all get over stressed. This happens whether there is a POC, it is found in the wild, or neither. In a products community forum recently, it was asked about the current hullabaloo, why worry about the endpoints since there is nothing in the wild. I responded with the same statement I am making here. Why be reactive when you can be proactive.

Now I know, we have pent test, vuln scans, SEIM and blah blah blah that makes us proactive. Does it really though? How often are we reacting to something from one of our tools? Yes, you can claim putting the tool in place is being proactive. How long though between finding something with the tools, and mitigation? Days? Weeks? Months? How often could being a little faster on the response to some proactive tool stop a piece of malware coming in?

While this is a big deal, there is another one. That is in the planning stages for, well, anything. Take acquisitions for example. Are you doing an audit on their security posture? What about their AD? How messed up is that? When will it get cleaned up? How are they granting access and putting people in security groups? How will this translate to your company’s policies? What happens when you try to merge them into your AD/File Share structure? Is their share structure just going to be changed to your domain, or are you copying the data over only? These are important questions and affect your company’s security posture.

It is a new year, and really time to start thinking anew. After all, you can’t fill up an already full tea cup, and you can’t learn unless you empty your preconceived notions.

As we move to a new year

By Leave a Comment

There are plenty of things that have happened in our world this year. Tons to choose form as to what to make a defining moment. Think about it. Net Neutrality fight goes on, Wannacry makes worms smexy again, Breaches upon breaches, EternalBlue (or any number of major bugs found). Unfortunately all these have to take a back seat to a big old monster.

 

Yeah, Jason went there, and he is right. Sexual Assault, Bullying, acting holier than thou, it needs to be fixed. I have known may women in the IT and infosec world, all of them smarter and better than I. I know that I am not perfect, and I am sure I have creeped some of them out, made them feel uncomfortable, and for that I am sorry, I do not do it on purpose. I personally try to do what I can to make women (and everyone else for that matter) feel welcome and safe.

Like Jason, I cannot imagine what they have/are gone/going through. I just know what I hear, what I see, and try to make it understandable to me. Think about it though, how often growing up were you made to feel uncomfortable? How often did it happen when you should have felt comfortable and safe? How can you make changes, and promote the idea that we have to look out for one another. That someone accusing others of wrong doing is not a bad thing?

Discussion is the start. I have watched Georgia’s tweets recently as she has explained what happened to her, and the effects it has had. This is someone who has written some of the best starting pen-testing books out there!

I have talked about how the infosec community has helped me out. I think it is time we all put that same sense of community to use solving this problem. It starts by admitting there is a problem. It continues with discussion and promoting discussion about the issue at hand. Just like security, there is an end destination, in this case, no more sexual assault. The thing that is just as big is getting close to that destination. For every single step we take, be it Code of Conducts being posted, people being listened to when they say they have been drugged/attacked, or even stopping others from even getting to drug/attack others, we make a move in the right direction. We reclaim that sense of doing right that we are losing. We reclaim our community as one for ALL, not a select few. We show that we are serious about security, especially the security of ourselves and fellow infosec people (professional and amateur).

The journey of a thousand miles starts with a single step. Take that step, right now. No time is better. Happy New Year

 

For those that came in late…

By Leave a Comment

As we near the end of the year, I felt I would give a little background on this blog, and myself. All you OSINT fans get your paper and scorecards ready.

I’ve been working in the IT field professionally for 20+ years now. I started programming computers back on an Atari 400, so I’ve been around the block a few times. This blog came about when I was trying to be an independent consultant between full time jobs. That time was rather dark for me, as my prior employer had forced me to resign and then fought unemployment. There were threats, and I had a tough time finding a full time gig in the field (I was a network admin/engineer back then). So, talking with a friend who still does work in the affiliate marketing field, we created this site. The idea was for me to write posts, technical, non-technical, whatever, and maybe make a little off affiliate links on the site.

I ran into a couple problems though. First, keeping up with appropriate affiliate links was a pain. No one affiliate marketing group was perfect, there was checking links constantly so I wasn’t redirecting to malicious sites (Hijacked ads), and I sort of let that go. My blog posting was infrequent at best. I let it go, hoping to just make enough off the site to pay for itself. Eventually I dropped the ad idea all together. I have put a Paypal link for those wishing to donate to the site, and next year I will set things up with Patreon.

Since then, I’ve grown, but I am not one that does a lot of technical writing, as you might have noticed. I see the news and come up with thoughts and ideas, that I want to put out there. I shifted the blog to be more infosec based, as that is my passion. Still, it took until a few months ago, and talking with some people in the field, to come up with the idea of posting at least once a week. The idea being that my writing skills will get better, as would my skills at explaining tech. I know, still not a lot of in-depth posts here, but they will come as I get more comfortable and as I do more technical stuff that I feel is worth blogging about.  To that end I have taken a couple classes through the Brakeing Down Security podcast slack, namely Powershell for IR and Intro to Reverse Engineering. Thanks to those, I have a github of Powershell scripts I have created or modified here so feel free to look at that and contribute.

With the holidays upon us, I felt you should know a bit more about the blog and the idea behind it. Hopefully you all will start commenting on the posts, and some good discussions come up. I want to tank you for taking a moment out of your day for visiting this little blog, and may the holidays be incident free for all of you.