Category Archives: blog

Updating still

I’m still going through updating the old links. The good news is that my RSS feed didn’t start bringing back the old posts that I’ve been updating. The bad news is that I had to delete my feed from The Old Reader and re-add my RSS feed.

I do plan on getting back to writing soon. I’ve opened the FAIR and CTI posts. I want to get back to those. I also want to write up some of the Honeypot stuff I’ve been working on over the last several years. I don’t think I ever did a book review on Chris Sanders’ book Intrusion Detection Honeypots, which got me started and I’ve been expanding on. Also, I want to compare and contrast Intrusion Detection Honeypots running NetCat listeners vs. OpenCanary.

* Note the amazon links above are alffilate links, for which I earn a commission from qualifying purchases.

Hello php8.1, thank you for breaking things.

This server runs Debian’s Testing release. Yes, Testing changes a lot and is not meant for long-term production servers. But I like to be a little more up-to-date on the software packages, and there are times when Debian Stable is too far out of date for what I need or want to run on this server. I do use it as a shell server too. And yes, I know bastion hosts, one “process” per server. That assumes one has a budget for multiple servers.

Anyway, I updated the server, and it pulled PHP 8.1. Previously I was running PHP7.4. Well, something interesting happened during the upgrade. I rebooted the server to get the new kernel loaded, and when everything came back up, I had the “White Page of Death” on the WordPress page. This is a self-hosted server, no CPanel, phpAdmin, or anything like that. If I have to fix a problem, it’s the command line and me.

Continue reading

Prepping for a project

I’m getting ready for a fun little project with a friend. Several years ago, while doing my undergrad, I got a copy of Chris Sander’s “Applied Network Security Monitoring.” I was going to do a book study group at school when it came out, but it turns out it was a required text for my Incident Response course.

Sadly, that class was a mess, and I don’t think we used the book in it at all. A different friend and I referenced the book to build a project for one of our other classes. We used it to build several honey pots, with what was supposed to be centralized logging. That, however, failed due to the Data Center we put the logging server in. The DC we picked for the log server didn’t allow logging to that DC for some reason. The other ones through the VPS provider would have worked fine. Just not that one. No clue why. We did complete the project with the honey pots but had to monitor each one instead of having central logs.

Anyway, talking about burnout recently with friend one mentioned above, we both feel burnt out. We don’t want to do anything computer-related after work. Studying, Udemy, Coursera, Hack-in-The-Box, Try Hack Me, scripting, blogging, etc. To get around this, we’re going to work through Applied Network Monitoring, and we’re also going to blog about it.
Before confirming this was the book and project we would do, we asked Chris Sanders via Twitter if the book material was still relevant. He said the concepts would be, but the tools would be different now.

It should be fun.

Once my friend gets his blog set up, I’ll link to it too. And yes, I know I still have some OpenFAIR/CTI/OSINT related content I want to blog about; see the comment about being burnt out above.

Well that was painful upgrading my site to use a new php version

I got an email saying that my site auto-upgraded. I wasn’t happy about it, some of the settings I on the server should have prevented that. But it did the auto-upgrade anyway.

When I logged in, the dashboard said to update to PHP I checked the terminal, since I’m self-hosting, and saw I had the newest available in the repo installed on the server. I had to do testing to find out, no it kept pulling the older version.

I searched around, and all the howto guides were for people using Cpanel or some other hosting tool. They also suggested the PHP text tool. Which I used, and it said all my plugins would work. But the howto guides for hosted accounts past that point wouldn’t work for me though. I’m self-hosted. I finally found a blog post by someone saying what to change, the webserver to point to the right files. So I did.

And the site broke.

The error wasn’t much help, but more searching found I could turn debug on get better information. So I did that. The page was tossing errors. Google those, and found a walkthrough to fix Crayon Syntax Highlighter.

I also had to toss Attack Scanner, which made me sad, but that plugin was shut down in 2017.

And I thought getting Let’s Encrypt fixed a couple of weeks ago was a pain.

 

Trade School, Degree, or something else completely?

Last Thursday I listened to Risky Business 377. The part that really got me engaged was the section with the sponsor, RSA. They were talking about how they are working with schools to build educational SOCs.

What they were talking about though, and I’m paraphrasing from my point of view, was making Universities less theory like and more Trade school like. For example why not add a check point certification class to get students out with some experience and a certification after 3 months of class?

Continue reading

New Job and stuff

So for those that hadn’t heard, I started a new job about a month ago. I’m no longer doing firewall audits, secure network design, and mainframe web emulation. I was kind of sad to leave some of the projects I was working on un-finished, but that was the nature of the beast.

So now I’m working in a Security Operation Center, as a CIRT Event Analyst (or at least that was the job description they sent me after I interviewed of what the job was going to be).

The downside is I now have a 2+ hour daily commute. It should take 45 minutes or less, but well we only have 2 seasons. Winter and Road Construction. It also means I have less time to work on things I want to. Reading and projects have been affected.

I’ve also been less than healthy lately. I got really sick before Bsides Detroit. The night before the con, I was at the hospital. I also ended up missing the con because of being sick. A fever for a week, and everything spinning regardless if I was sitting standing or laying down. Turns out I had an inner ear infection. Got drugs that helped but didn’t make me better. I wended up running a fever for 3 weeks. Now I just have this annoying cough.

I graduated.

I graduated from Eastern Michigan University with a BS in Applied Information Assurance. Now that is done, I’m working on some stuff that I want to do. I also am trying to to get accepted to UMUC for a Master of Science. I’m unsure if I want to go for the Cyber Security or Digital Forensics and Cyber Investigations degree.

Some of the projects:

  • My Raspberry Pi WIDs modifications
  • Study for my CISSP
  • Hacker’s Challenge (from 2001)
  • R Programming (Coursera Data Science Program)
  • catching up on leisure reading
  • Studying for my General Amateur Ticket
  • Designing a new home lab
  • some other things not for open consumption

I’ve been busy again:

I know I haven’t written here lately, and I’m not getting in the number of blog posts I want per week. However I’ve been busy with school and projects. I only have time right now, because I can only run 1 Raspberry Pi (of 6) at a time (right now), and the first one is going through Kali’s apt-get upgrade. Man talk about not the fastest. Going to clone that drive and copy to other flash drives.

Currently, I’m working on a project for my independent study at Eastern Michigan University. The project and documents have to be turned in by Monday night, so I’ll talk about that after I get the stuff done.

The Eastern Michigan Campus Crime Project turned out really well. My team and I presented on it at Circle City Con in Indianapolis.  What I thought was going to be a simple 4 week project will probably take the rest of the year to complete. That’s with 4 of us working on it. There is some more interest on campus and suggestions on how to move this forward. I’ve got a really good team, and I’m really proud to have worked with them on the project.

I also dug out, and updated (slightly) my Human Trafficking talk. I’m a little wary of posting that one. Goes against my OPSEC views, but the presentation is important enough. I will say this, things have changed in a year+ since I stopped working on it. Got some good books to go with it too, I’ll get reviews of them up eventually.

There will be another book review up over the weekend (probably Sunday) as well.

WordPress and some security

I was recently listening to Paul’s Security Weekly episode 366: How Security Weekly got defaced, and started thinking about my own security posture around my WordPress sites. When I first created The Rats and Rogues Podcast site, I read everything I could find and on WordPress security. There wasn’t much. Later when I created this site, I still wasn’t impressed.

Continue reading