At work, we have this thing on Fridays called power up time. It is the last 4 hours of the week to work on personal projects, test new ideas to see if they are worth implementing, or self improvement. Most weeks it is when I get to look at the most tickets doing Tactical level intelligence since the rest of the week is filled with project or priority case work.
Recently while working on tactical level information for SOC tickets, I was able to add in a little fun, and actually power up. I wanted to do some reverse engineering of the malware associated with the ticket, to see if there was more IOCs that could be extracted.
Earlier in the day I read an email in the SANS DFIR alumni list, which included someone talking about using Remnux with docker. So later in the the day working the ticket, and because I didn’t have a Remnux box, I decided to check out the docker containers. This was also my first time working with docker as well. Starting at Lenny Zeltzer’s Remnux Docker Site.
I went to my linux vm, a box that gets reset to the fresh installed state via snapshot after each use. After a sudo apt install docker.io and a sudo docker pull remnux/pescanner I had the container.
I ran it and learned a little bit about docker. I also got an understanding of some of the information that VirusTotal displays under the detail tab.
So my current reading list had changed 3 times in the last 3 weeks or so since the Fall class ended. I had started with:
Then it was going to be some Social Media Intelligence books:
Now it’s Counterhack Reloaded, which I’m using as my only study materials before the GCIH exam in a couple of months.
Can someone tell me again, why I try to make plans since I always seem to get pulled in many directions at once and not study what I want?
The worst part of my job, is not being able to talk about some of the stuff I do at work that I think is really cool.
*See edits at bottom.
I don’t know if I’ll be able to answer the question. I’ve been using Android Lost and Prey for years. They’ed worked OK in the past, but when I “lost” my phone recently neither tool worked.
To be honest this is the second time these tools failed.
A couple of weeks ago, I did my talk at Circle City Con. This was year two, and my second year as a speaker. It was a good CON, and I can’t wait to go back next year.
Over the weekend I did my very first ARRL Field Day. It was rather interesting. For those that don’t know what Field Day is, it’s when the Amateur Radio Service (yes there is a public service aspect to the HAM Hobby and License) gets together to make contacts under adverse conditions. The club I am in, Ford Amateur Radio League, teamed up again this year with the Livonia Radio Club. We had a tent with a generator out in the middle of a field.
As I mentioned before here and here I’ll be at Circle City Con, talking about the Raspberry Pi WIDS project I did last year at Eastern.
I’ve updated all my Raspberry Pis, including the firmware. I’ve setup a Raspberry Pi B+ and the Raspberry Pi 2 with the respective Kali images. But they still need to be set up as kismet drones, and tested.
I also need to set up the hard drive for the con, and update my slide deck.
1 week to do it in. Plenty of time. (Famous last words).
I currently have 2 lines ran to the basement. One black 15 foot, 1 red 25 foot. I ran the black line last year before the basement flooded in August, but I couldn’t tel you why I did it now. I really don’t remember. I think it was for my old tower. The red line is for the span port. I chose to color code them to make it easier to know what does what.
I used the pre-drilled holes in the floor for some reason the cable provider for who lived here before me drilled 2 holes next to each other. The old cable is still there, the other was empty, and what my provide used. Dropping the black line was quick and easy. The red cable though, was a pain in the butt. I could get it in the hole, but it would get stuck at the bottom edge of the wood. I ended up pulling up a length of coax, and then taping the span cable to it. I then fed it through the hole. That got it down there, then I fed from above instead of pulled because it was a tight fit, and figured pushing would do less damage to the cat5e twisted pairs.
I was thinking it would have been great to have flight line, fish tape, or a pole, but after looking at the head on a fish tape last night, I don’t think that would have worked either.
Black – switch to switch
white – entertainment
red – span
blue – Firewall to Switch, Switch to Router
green – ISP
I don’t know what color I’m going to use for the PI farm. I was thinking maybe purple.
Got my acceptance letter to University of Maryland University College this week. I start my Masters of Science degree in CyberSecurity this fall.
I was on the fence of CyberSecurity or Digital Forensics and Cyber Investigations master, but think CyberSecurity gives me more opportunity after graduation. The cool thing is, I can take 2 more classes on top of my degree and get the Digital Forensics and Cyber Investigation Master Certificate.
After I get those taken care of, I’ll go back one last time to get a MBA, which will be 3 more classes if I get accepted to the business school.
So I’ve been dropping hints about this since July or so. The biggest hint was on my “Raspberry Pi Projects” entry from September. Since then I have been told by the editor of The Linux Journal that the article is going to be published. It will be in either the December, or January issue. I hoping January, because that’s the annual security issue.
Short version, 6 Raspberry Pis, 6 wireless cards, a laptop, 1 switch. About 4% the cost of a large network vendor’s commercial version.
I’ll be submitting this talk for the 2015 Conferences I go to. (Planning on Circle City Con, DerbyCon, and GrrCon).
(oh, and this is the second publication I’ve done. The first one was a book review for “The Ethical Hacker Network” back in 2010.