Mastodon Hillbilly StoryTime: 2020

Tuesday, September 1, 2020

So, You Got Access to A *NIX System… Now What?

Note to Reader: For simplicity, I will be referring to all Unix, Linux, and other Unix-like systems simply as *nix, unless a specific distinction needs to be made.

As a pentester, you will likely come across a *nix system at some point. If you are like many of the people I have worked with and encountered in the security industry, you are much more familiar with Microsoft Windows-based systems than *nix systems. This is completely fine. Most attackers focus largely on Windows-based systems due to the marketshare, end-user exploitability, and attack surface. Microsoft Windows in 2019 made up over 97% of the most attacked operating system in the ransomware category. In whole, *nix systems can make up a large percentage of the ecosystem of an enterprise (often not the largest), however is often less focused on from an attack surface perspective. In most networks, when you encounter *nix systems, they are typically less prominent than when compared to the numbers of Microsoft Windows based systems. Common uses of *nix systems tend to be development systems, mobile devices, database systems, embedded devices (firewalls, web cameras, etc.), web services such as jBoss, Tomcat, or Jenkins, and cloud infrastructure such as AWS. Whereas Microsoft Windows is much more commonly found running on end user workstations, email systems, and, of course, domain controllers (as well as other roles found in *nix).

Thursday, May 21, 2020

A Beginner’s Guide To Staying Safe/Anonymous Online


It is probably safe to assume you have heard of OSINT at some point (Open Source INTelligence). However, if you have not, it can very generally be described as the collection and analysis of data gathered from publicly accessible sources. People who perform OSINT have a wide variety of sources they can pull from and many different techniques they can use. For example, they could scrape information about you, your friends and family, or your company from your social media profiles. They could search through the multitude of data breaches that have been made public, looking for passwords to your accounts. The amount of data that can be found online can be rather daunting. This article will cover some steps you can take to limit your exposure, access to your information, and why that is important.