Recently went through and cleaned out dead links in my Feedly news feeds. Not only did this kick in plenty of nostalgia, but also reminded me that I should update the sidebar links on my blog! While going through these, I sat back and thought about how time-consuming this process is, how annoying it is to update wordpress themes (just give me a raw txt file that I can put code in rather than wrestle with weird interpretations and random carriage returns!), and for what personal purpose this even mattered.

In short, I need to sit back and think about what exactly I am doing with this blog site and how to make it better for me. Moving to hosted WordPress has helped with site maintenance, but has made other things more difficult. In the past, I always edited files by hand and coded things directly, but these days I tend to use the WYSIWYG, but it’s not usually quite what you see…it’s more like wrestling with a slippery eel to get things to look the way I want, rather than the way the themes want. This makes updating the sidebar annoying. At best.

There’s really four parts to my blog: the posted content, the sidebar link list, comments to posts, and the links at the top that spider out to other things about me, with this blog page being the nexus point where they converge.

The sidebar links
The extensive sidebar list of links has been part of the site’s identity since the beginning, but it’s also an old school relic.

The list is somewhat save-and-forget, except for some of the most-used items. The rest, I honestly forget are here. For some, it’s still just better to use Google to get the latest, greatest.

These links are also best used by me, and probably not clicked on by anyone else ever. The list is roughly doubled up in: feedly, podcast subs, youtube subscriptions, twitter follows, discord server memberships.

I do know that clicking links will place referal pokes to the targets…maybe. It’s one of those ways to get noticed, but I’m not sure blogs and/or comments are “noticed” anymore or really followed at all. A blog used to be your focal point online that other things revolved around, but these days the social sites have supplanted them. There is also so much flow these days, that I don’t ever really “catch up” on blogs I’ve missed. They’re much like IRC or Twitter; you pop in and maybe look at the recent buffer, but the rest of the log is in the past and there’s no reason to spend that time reading backwards.

The bottom line: the link sidebar is a relic with questionable value to me, and is annoying to update.

The comments
The comments are easily forgotten, since I don’t get many and don’t expect many. The problem is the lack of two-way discussion. Comments on blogs are often post-and-forget, never looking back for an update without specific effort to do so. It’s far better to follow and tweet to someone on Twitter these days, or in extreme cases, find someone on a discord/slack/IRC.

In the past, prior to all the social networks, blog comments were useful to expand your exposure. Comment on someone else’s blog, put your own link in the comment, and likely get a poke or comment back in return. Again, though, today that is better done in Twitter/discord and by posting content that actually is useful to be consumed.

To be fair, comments are cool, akin to a Like, but dialogue anymore is best done elsewhere.

The bottom line: Ultimately, comments are an after-thought these days on any but the most popular blog sites, like Krebs’ blog.

The blog contents
But that does bring up the question of why I should ever update the blog? I honestly don’t look back on many things. The biggest two reasons: 1) shows off my interest and 2) allows me to organize and solidify thoughts. I may not reference the post itself ever again, but the act of writing something out helps ingrain the information and thoughts.

It’s not something I really do for anyone else except me, and as a way to sort of demonstrate my interest/enthusiasm/participation in the greater communities.

The posts I most-often re-reference myself are the personal ones like my yearly goals and results, or links to really informative checklists and processes; things that I struggle with putting links to in the sidebar only to forget them!

The bottom line: I still like maintaining the blog and it does have personal value to me.

The personal link nexus
I can’t see this going away anytime soon except maybe on a github page with a similar list of links. The whole point is to act as a point of convergence for my “stuff.” A place to find my Twitter link, LinkedIn page, Github page, and just a little bit about me (that age-old bio or About page that I feel is still necessary to tell your story properly).

Being able to control this convergence is still an interesting deal, as it lets me decide whether I want my personal name attached to a particular screenname somewhere, but as I get older, I also care less except with my own personal threat models.

As a bonus, I still love my personal domain.

The bottom line: I still plan to use this personal domain and resident site to be my nexus here, and I think I’ll expand the links a bit to include Github and maybe some other spots.

Plans
The links on the sidebar …could…be put into a github instead of this site, and probably more easily updated, too.

I could use github to also save backups of things like my podcast opml, feedly feeds export, and so on. Things that are not sensitive or inherently private.

A github is at least easier to update. And while it might not fix anything about my list of links and its usage, maybe it’ll help me pare it down a bit. Better yet, if I have a feedly export, why bother with the blog/news lists?

There is also the choice of having a private github for a few other things. I definitely don’t want to make it a huge “backup” of things, since that’s what other file-sharing services are sort of for, but at least some of my online presence and “home” page can be tailored a bit in private.

So, what’s on my structured training list now that I’ve finished CCNA Cyber Ops? I have a 2018 goals post, but obviously things can change… I don’t blog about many of my training things, largely because I have a separate, private OneNote instance that has a huge breakdown and list of things I want to do this year, next year, and discussions on everything else that my career may entail beyond. I have a long term section, and a list of things I’m basically doing right now.

Right now, I have a small lull until I head to SANS West in two months and pick up my first SANS course, GCFA FOR508. I’ve decided to forego some courses people tend to take early on in their SANS experience, and dive into the deep end by skipping GSEC (SEC401), GCIH (SEC504), GPEN (SEC560), and GCFE (FOR500). I’ve never had the opportunity to do SANS courses before, and rather than go easy and do something I may know pretty well already, I decided not to wait years and instead get to a course that will certainly be a challenge.

To that end, I’m already doing a little bit of prep work to brush up on some forensics/IR topics so that I don’t entirely need to catch my mindset up much to hit day 1 at a brisk walk. I’ll be watching some random YouTube clips of the course and related topics, reading a few books I have sitting around on forensics and data collection, and otherwise preparing my workstation.

Beyond that, I’m likely going to do a little preparation for NetWars as well, though to be honest, I don’t expect much as a first timer. But I want to finish a bit more in my RHCSA/LFCS courses, refresh using Metasploit Unleashed (a course I’ve long since just never gotten through) to get my mind back in offense, and then do some retired HTB boxes to oil those wheels further.

I’ll also be at C2E2 (Chicago) in the middle of all of this, so that likely is enough planning for now to see me through to the midpoint of 2018.

(I’ve had this incomplete through brewing for several weeks now, but never really put it down in writing. I finally have. I didn’t like the presentation, but have posted it below anyway since I didn’t want to spend any more real time on it. So it is half-baked, but here for my own posterity.)

I’m just over 40 years old. I grew up both without and with the Internet. During the early years, I felt like so much information was available to us that had never been exposed before. Rather than relying on libraries or television shows or word of mouth to find something out about whatever arbitrary topic one had, the information could be self-served via Google. Life was wonderful! I feel like we’re collectively getting smarter!

Fast forward to around 2015-2016, and I feel like a tipping point may have been reached. So many people are online now, and social media has allowed so many people to highly efficiently pipe in with their own take on things (even if it’s just a mass of Likes or upvotes), that we now have a problem where I don’t feel like we’re collectively getting smarter quite so effortlessly anymore. It actually takes effort to make sure you’re not learning falsehoods or buying into someone’s bullshit.

There are two factors to this: 1) The dumb ones are on social media now, and 2) so many of us are on social media in general.

Anyone and everyone can post a comment or make a social media post that states something as fact. For instance, someone posts an image on Imgur that is inspiring or funny for some reason, and a highly-voted comment purports that this person did XYZ and was from ABC. But if you dig into it, you find the real story on Snopes or some other resource that paints an entirely different picture. The first comment? They may or may not have realized they were promoting false facts. And due to tone and group think, someone probably walked away from that comment telling someone else the same false fact. Even just walking away with a false reality to the original image is bad. That’s a problem, especially if you have more people who believe a falsity than who know the truth.

This is how rumors and conspiracy theories spread. And it’s ok when those echo chambers don’t impact people not looking for it, but social media has allowed these bits of “dumbed down” information to spread to those not even looking for it. This is how good news sites that practice some form of democratized content eventually become overrun with funny things that don’t matter at all to life.

It’s also becoming useful to someone or other to influence popular opinions and facts, which anyone should have been able to predict someday, especially anyone whose grown up with the Internet’s start. Plant some seeds and watch the flames grow on their own!

Are we still getting smarter? Yes, but it’s not so effortless anymore; it takes work to verify stories and opinions, and work through pages upon pages of a thread to get up to speed.

Activity got a little sparse here over the past few weeks. Part of the reason has been busyness at work. But another part of it has been tackling some personal activities. For the second year in a row, I went to the tabletop gaming convention Gen Con in Indianapolis. Between attending and preparing to go, that took quite a lot of my free time. Much of the rest of my free time has been spent trying to catch up on some new youtube channels and fitting them into my other habits and priorities. First, I’ve been turned onto BosnianBill’s YouTube channel which has 1000+ lockpicking videos. These are absolutely excellent; they’re small digestible videos and Bill talks wonderfully through everything he is doing while giving the viewer a very clear, close view of his work and clear audio of the progress as well. I’ve skipped around a bit to check other things out (I’m otherwise working backwards through his channel), and I found a tutorial video he did about picking spool pins and it’s absolutely invaluable and amazing how well he teaches lockpicking. Definitely a channel to subscribe to.

I’ve long been aware of the Critical Role show on Geek & Sundry since it began, but I’ve never taken the time to watch it since I knew it would be a timesuck. Essentially, the show is a group of voice actors playing D&D. I knew I’ve love it, and I finally started watching it a few weeks ago, and my fears were confirmed: I absolutely love it and need to keep watching to catch up. It’s also stoked my interest in D&D again, but not quite enough to pursue finding a group yet to scratch the lifelong itch. Maybe I’ll find a way to fit that in!

Lastly, I’m also watching some Linux courses over at Linux Academy, partly for my own learning, partly to normalize what I’ve learned over the years (and close some gaps), and partly to satisfy some training expectations at work. I’ll eventually be ready for, but won’t be taking, the Red Hat Certified Systems Admin test. Unless my title has “Linux” in it, I don’t think actually spending the money and time to take the test will be worth it to me, but the learning will be very nice to have. This sort of fills in my allotted personal learning time for the moment with something not terribly hard and with very little overhead pressure for the summer months.

Anyway, those have been my major timespends over the past month.

I was born in 1977. This technically tends to make me part of Generation X, but I have never identified with that at all. I’ve identified more with Millenials, though I would have grown up, gone through highschool, and graduated college well before I had a cell phone of any type in hand. So, I found this article interesting, as I think it makes a good point about this little gap of time between Gen X and Millenials that I greatly identify with: There’s Now a Name for the Micro Generation Born Between 1977-1983. I really like the identifier of having an analog childhood and digital adulthood. Definitely agree with that, as I got my first computer around midway through high school (for writing papers, learning, but mostly I got into Doom), and while video games were a huge part of my childhood, I wouldn’t call that digital to any degree. It was probably not until around late high school that I started “getting online,” and then it was just myself and not part of a social thing with other kids I knew. I hadn’t heard this term before, and just needed to capture it down for future reference.

I made a post back in November about some future learning plans. Of that list, I’ve “finished” building my lab for the moment which allows me to put time into vulnhub boxes and other lab work. I successfully finished the PWK/OSCP course (whew!). I’ve started getting back to attending local meet-ups and events (SecDSM, BSidesIowa, ISSA). I also have a PluralSight subscription where I fill some free time with courses hosted there; they proved very helpful in preparing for the PWK/OSCP.

Moving forward over the next 6 months…

I’ve added and also started to pursue other online labs/CTF styled efforts such as hackthebox.gr. I hope to make HTB my larger time spend for geek stuff over the summer months. Add this to Vulnhub lab efforts and I should have my puzzle-solving itch taken care of for at least the summer. Also, doing these hits some sub-goals of organization and learning a few new tools.

Work is footing access to the LinuxAcademy course site for 6 months with the goal that I will be completing one of a few 20-ish hour tracks in Linux. Obviously, I’ll take advantage of more courses than just that. My own goal is to shore up some of my Linux exposure. I’m comfortable in Linux day-to-day and command line operation, but I still have lots to learn and I do plenty of administration-by-Google. I’d love to eventually just add in a RedHat or LinuxFoundation or Linux+/LPIC certification under my belt. Probably one of the former two by end of 2017 or early 2018.

I am also impatiently waiting for the online release of the Offensive Security web application course, AWAE/OSWE. This isn’t live yet, but once it opens, I plan to get in on this to further my web application security assessment skills as a priority. I could also pursue self study on the syllabus or using books like the Web Application Hacker’s Handbook in the meantime. Failing that one coming out any time soon, I’m also open to looking at other web app security/assessment courses or certifications. Examples include eLearnSecurity’s eWAPT course, or maybe the CSSLP from ISC2.

For possible other directions later this year, the next Offensive Security offering CTP/OSCE is an experience I’d like to have finished by the end of 2018. But having done OSCP, I know this will be another time suck. I’d like to look into the SLAE from SecurityTube as a pre-cursor.

Also, the CompTia CASP has appeared on my radar of something to pursue, and seems to be getting good exposure and reviews. Other possibilities are the CCNA as a way to get into the deeper Cisco security stuff or doing some other vendor-specific stuff like Palo Alto, Fortinet, VMWare, AWS Cloud Security, and so on.

My lab does still need to have a plan implemented for standing up (and re-standing up efficiently) an AD environment that I can use for testing. I’d like to package some additional PowerShell and maybe even Ansible/DevOps concepts into this effort, but that might be too big of a scope.

And a bit further down the priority list would be something like the ISACA CISA/CISM or much deeper study into Python.

There’s an endless amount of learning to do!

It’s interesting to get by blog back up and read some of my last posts and orphaned drafts. Honestly, 2014 was pretty rough for me for a few reasons, which contributed to my blog just staying down.

I was really busy at work with some large projects and lack of staff to help out. In 2013, both Google Reader and Twitter decided to make life more difficult. I still haven’t completely moved Feedly into my regular list of habits to replace Google Reader, and I still bounce a bit between Twitter apps once Twitter started turning away all the third-party ones. I have, however, made room for Reddit…

I also was finding it difficult to say anything new about security on my blog. I was sort of getting sick of the same old thing, as well as just posting links to the same things others were posting about it. It’s a lot like retweeting a tweet that has already been retweeted 24 times in your own feed. What’s the point? But I was also just not having much new to say.

And then in early 2014, my blog’s server’s motherboard died out.

On a brighter side, I had some nice promotions at work due to the efforts, cultivated a new hobby/habit with tabletop gaming with friends, and found good companionship. And now have the chance to pursue security as a full time job.

This storm basically just led to me doing other things with my own time. Until now. 🙂

It was a bit sobering to go through the links I had for news and blogs. Almost 50% of what used to be around are no longer present. Some are gone entirely, some are just not updated anymore, a few have changed content. As usual, I just post my own last farewell as a list of retired links. Next up will be all the tools and other resources I had in my side bar. I’m not very happy with the style of the links. Each item should be closer together, but I’ll tackle that another day.

http://blog.1manit.net/
http://adminspotting.net/
http://andyitguy.blogspot.com/index.html
http://artofinfosec.com/
http://arved.priv.at/weblog/
http://www.attackvector.org/
http://menno.b10m.net/blog/blosxom.cgi
http://www.blackfistsecurity.com/
http://www.clearnetsec.com/roller/page/cns
http://www.computerdefense.org/
http://blog.cowtowncomputercongress.org/
http://staff.washington.edu/dittrich/
http://blogs.ittoolbox.com/security/dmorrill
http://jarrodloidl.blogspot.com/
http://www.computerworld.com/blogs/schweitzer
http://edsmiley.com/
http://geekybits.blogspot.com/
http://ha.ckers.org/
http://www.i-hacked.com/
http://hackreport.net/
http://www.hackosis.com/
http://www.headhacker.net/
http://www.honeyblog.org/
http://distributed.honeynets.org/
http://hype-free.blogspot.com/index.html
http://infonomicon.org
http://www.infosecleaders.com/
http://infosecpotpourri.blogspot.com/
http://infosecplace.com/blog/
http://www.infosecramblings.com/
http://infosuck.org/
http://www.innismir.net/
http://www.theinterw3bs.com/
https://beechplane.wordpress.com/
http://www.757.org/~joat/
https://kinqpinz.info/
http://layer8.itsecuritygeek.com/
http://blogs.ittoolbox.com/linux/locutus
http://www.curphey.com/
http://www.matasano.com/log/
http://www.matthewneely.com/
http://mcwresearch.com/
http://metasploit.blogspot.com/
http://blog.ncircle.com/
https://www.nettwerked.net/
http://blog.n0where.org/
http://ogenstad.net/
http://michaeldaw.org/
http://pcianswers.com/
http://www.penetrationtests.com/
http://philosecurity.org/
http://practicalexploitation.com/
http://rarmknecht.net/wp/
http://ravichar.blogharbor.com/blog
http://riskanalysis.riskmanagementinsight.com/
http://www.rootkit.com/
http://www.secmaniac.com/
http://www.securitybraindump.com/
http://security4all.blogspot.com/
http://www.security-hacks.com/
http://securityincite.com/blog
http://www.berylliumsphere.com/security_mentor/
http://securitymoey.com/
http://www.nmrc.org/~thegnome/blog/
http://spoofed.org/blog
http://blog.starmind.org/
http://www.stevegoodbarn.com/
http://myweb.facstaff.wwu.edu/~riedesg/sysadmin1138
http://blog.vulnerableminds.com/
http://www.wirelessve.org/
www.2blocksaway.com/

Terminal23.net is back up and running! I’ve been absent for a few years due to life and a hardware failure. For years, I ran my site off a system sitting in the corner of my office, but its motherboard decided to finally die out. Life went by pretty quickly, but recently I got the itch to bring this site back up. I picked up a new motherboard and exported all of my contents into a proper format to move back up to a new hosting provider and into WordPress.

This is my first foray into WordPress, so I’ll be playing with the themes/appearance for a while here, and also doing some reviews of my old content to see what needs fixing. But, I have to say the export from MovableType3 into WordPress went far smoother than I had expected. The appearance is a different story. The current layout and theme settings are pretty close to my old site, but not quite close enough to my liking. Still, I’ll take what I can get in the short term here! The colors and general layout work for now. Maybe I’ll just code my own templates like I did previously…

The past 2 years have easily been my largest gap in blogging and having a web presence of my own since 1996. (I don’t count FaceBook or other smaller services.) A lot has changed, and yet a lot remains the same. Perhaps I’ll go into more detail as I decide where I want terminal23 to go or if I want to slice off a more personal blog or FaceBook presence off to the side.

I made terminal23.net for 3 primary reasons. First, I wanted to organize my own thoughts on security in a place that I could reference in the future, either to recall a tool, a script snippet, or just dump out some thoughts going through my head. Second, I wanted a curated place I could consume my favorite links that I found useful, from other blogs to web resources in the security world. Third, I wanted all of this to be viewable by any curious persons, especially those looking to see if I know anything about security and want to employ my services.

Looking back, I have 1724 published posts on this site dating back to 8/9/2004. Probably 98% of those posts are dealing with IT security to some extent or other, from tools to new scripts to commentary in general. During much of that time I had a more personal blog with 268 posts since 10/05/2001. And even older than that, had a site presence of some sort since 1997/1996, though anything from those probably only exist on a floppy in some box somewhere.

At the time of my site going down, I had a listing of over 469 other security blogs, news sites, tools, and various resources.  I do plan to bring those back, but they will take more time to check and port back in.

Just because I was curious, I did some checking on my site here. I have 1,454 posts here on Terminal23.net dating back to 8/9/2004. That’s 19 posts per month. Prior to that, I made all my posts on my personal blog at HoldInfinity.com (less geek, more personal blog), which has 268 posts since 10/05/2001. I’d say I’ve been blogging about security since 2004.

Even prior to that, I’ve had a web site since 1997 (maybe late 1996 if I really push the definition), but are no longer available except maybe on a floppy somewhere in a desk.

Getting a list of servers can be a pretty valuable first task for working with large numbers of computers. Yesterday I had a reason to get a list of them all, and thankfully all of my servers are in the same OU tree in AD (/Machines/Servers). I also see SynJunkie did a similar thing this week, but I prefer not to use third-party cmdlets. 🙂

$blagh = [ADSI]”LDAP://ou=Servers,ou=Machines,dc=my,dc=domain,dc=com”
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $blagh
$objSearcher.Filter = “(objectCategory=computer)”

$PropList = “name”,”cn”,”lastlogon”
foreach ($i in $PropList){$objSearcher.PropertiesToLoad.Add($i)}

$Results = $objSearcher.FindAll()

Write-Host “found $($Results.Count) servers”
$Results

What this does is look for all computer objects under Machines/Servers in my domain my.domain.com. For all computers that it finds, it pulls out the name, cn, and lastlogon properties.

To find a list of all the properies that can be pulled out, after that above script do this:

$Results[0].Properties

Based on the properties I pulled, it should be obvious I was looking for signs of dead computer accounts. This can easily be changed to look for user accounts, properties in them, and other OUs.

Quick note that BackTrack 4 beta is publicly available now.

I-Hacked has a series of nice links on installing BackTrack 4 that I didn’t feel up to snagging and reposting here.

The weakness I posted about yesterday is being presented right now at the CCC. I listened to the beginning of the preso just enough to get an idea of what they are doing (the stream is too broken up to properly listen to right now). It appears the team is able to leverage md5 collisions to fake a CA root certificate because the CA roots still validate by md5 hashes. So I suppose if you can MITM connections (or MITM the CA check?) you can pose as a Root CA and validate SSL certs that you control. I might have missed something there, since I’m not watching the rest of the preso right now.

Does this mean the Internet is buckling right now? Not really. I might change my mind if Joe Teenager down the street can hop on an open wifi network and MITM all SSL connections successfully without my knowing it.

A couple articles skittered across my desk the other day. Los Angeles traffic engineers admit hacking into traffic light control systems and Rogue IT admin hands former employer’s network over to spammers.

There is lots of talk about the criminality of the black hat underworld and about profit-pursuing hacker groups (although maybe this is just the growing up of the teenage hacker vandals from 10 years ago now needing income), but there is another important set of threats: relatively normal people with access.

This includes former employees that can still use accounts for bad things, easy password guessing, or abuse of legitimate access just, well, because they can. It stems from both negligence and the simple aging of our reliance on technology. Ever wonder how many stale accounts you might have in your organization just because people with knowledge have left? And I’m not talking about obvious stores like LDAP/AD, email, VPN, network devices.