Tuesday, September 1, 2020

So, You Got Access to A *NIX System… Now What?

Note to Reader: For simplicity, I will be referring to all Unix, Linux, and other Unix-like systems simply as *nix, unless a specific distinction needs to be made.

As a pentester, you will likely come across a *nix system at some point. If you are like many of the people I have worked with and encountered in the security industry, you are much more familiar with Microsoft Windows-based systems than *nix systems. This is completely fine. Most attackers focus largely on Windows-based systems due to the marketshare, end-user exploitability, and attack surface. Microsoft Windows in 2019 made up over 97% of the most attacked operating system in the ransomware category. In whole, *nix systems can make up a large percentage of the ecosystem of an enterprise (often not the largest), however is often less focused on from an attack surface perspective. In most networks, when you encounter *nix systems, they are typically less prominent than when compared to the numbers of Microsoft Windows based systems. Common uses of *nix systems tend to be development systems, mobile devices, database systems, embedded devices (firewalls, web cameras, etc.), web services such as jBoss, Tomcat, or Jenkins, and cloud infrastructure such as AWS. Whereas Microsoft Windows is much more commonly found running on end user workstations, email systems, and, of course, domain controllers (as well as other roles found in *nix).

Thursday, May 21, 2020

A Beginner’s Guide To Staying Safe/Anonymous Online

 WHAT IS OSINT?

It is probably safe to assume you have heard of OSINT at some point (Open Source INTelligence). However, if you have not, it can very generally be described as the collection and analysis of data gathered from publicly accessible sources. People who perform OSINT have a wide variety of sources they can pull from and many different techniques they can use. For example, they could scrape information about you, your friends and family, or your company from your social media profiles. They could search through the multitude of data breaches that have been made public, looking for passwords to your accounts. The amount of data that can be found online can be rather daunting. This article will cover some steps you can take to limit your exposure, access to your information, and why that is important.

Tuesday, October 30, 2018

Of Failure and Success

 Experience is simply the name we give our mistakes.

— Oscar Wilde

Over the course of a year, I watch many InfoSec conference presentations whether in person at the conference or via a recording on YouTube, I read a multitude of amazing blog articles, and I follow and read the messages of many InfoSec personalities on Social Media. The thing that keeps coming to mind throughout all of this is, “Wow there are some amazingly smart people out there doing some wonderful stuff.” Then following that are the thoughts, “Why am I not that good? Why is it so difficult for me to create some new tool or make some new discovery? Why do I keep making mistakes?”  From discussing with others on social media and at conferences I have become well aware that it is not just me having these thoughts.

Friday, September 21, 2018

How Can I Become a Pentester?

After I tell someone that I am a pentester or that I work in InfoSec, the most common question I get asked is if I can help them fix their computer. The second most common question I get is, “How can I become a pentester?”

My answer is usually fairly concise and to the point, “Learn how computers and networks work, learn what rules are in place to protect them, and then learn how to circumvent those rules.” While that answer is fine if I am in a hurry, I thought I might take this time to elaborate a bit more and provide a more helpful answer.

Monday, February 5, 2018

Intro to Programming - Part 1

This is my first post of a new series of programming centric posts.  This series will be starting with a short overview of common programming topic without going into too much depth on basic concepts like, What is a programming Language, What is a variable, etc...

There are entire courses, college classes, and so on available if someone really wants to learn the topics in more detail.

The purpose of this "Intro to Programming" series is to make sure everyone has at least a basic understanding before I get into the next series on "Intro to Python Programming".  Once that series is complete, I will be moving on into "Python for Pentesters".

Video:


SlideDeck via SlideShare: