25 Aug 2020

Cleaning house

I've spent the last few months coming to terms with the fact I have anxiety. My wife had brought it up a few times, but things really came to a head as the pandemic pandemonium hit the Upstate.

13 May 2020

How time flies!

The last year has seen a lot of changes both personally and professionally. Finally I have gotten to a point where my routine allows me to focus on more than just completing the next task.

20 Aug 2019

Why you shouldn't self-host

I pulled the plug on my email server this morning…and I should have done it months ago. I decided to abandon my self-hosting plans after just under a year. Why? As I mentioned in my original post, hosting web and email servers can be an exercise in masochism. It is also not an endeavor for those with a lack of spare time. A great deal has changed in my personal and professional life over the last year, and dealing with all of the extra technical work did not appeal to me.

21 Mar 2019

Disabling Symantec AV for pentesting

Endpoint security tools can be a real pain when trying to get accurate vulnerability scans. Some tools go so far as to kill off a generic Nessus scan. Each has it’s own bypass mechanism.

20 Dec 2018

Starting your pentest...with reporting?

Reporting might sound like an odd place to start a pentest. When most well-known pentesters say that reporting is one of the most important parts of the test, you tend to sit up and take notice.

17 Dec 2018

Becoming a (better) pentester

In my never-ending quest to learn more about hacking in general, I’ve decided to take on a personal project and bone up on the skills required for penetration testing.

05 Dec 2018

HOWTO - Cracking WPA/WPA2 pre-shared keys

I was given the opportunity to run some tests against the wireless infrastructure at my office. The actual scenario is to deploy a rogue access point and start gathering intel on the organization. But I decided to take this a step further and do some pre-work to make a convincing rogue AP. What follows is my initial framework that I developed researching how to crack a WPA/WPA2 pre-shared key network. I’ll revisit this and improve on it as I gain more experience.

02 Dec 2018

Security Conferences near Greenville

Here’s a list of security conferences and events within a few hours drive of Greenville, SC. I am amazed at the number of B-Sides in the area after living at least 6 hours away from EVERYTHING for so long.

25 Oct 2018

FSSCC releases new tool to streamline compliance efforts

The FSSCC released a new tool that hopes to reduce the number of hours spent answering redundant security control questions. Like the ACAT tool, the new Cybersecurity Profile attempts to determine an institutions risk impact level. The main difference is the ACAT attempts to define the scale of the risk based on organization size, whereas the Cybersecurity Profile attempts to define the impact of the institution on everyone else. Much like how NERC attempts to establish a utility’s impact on the greater grid before applying controls, the FSSCC’s modifies some controls based on the impact assessment results.

02 Oct 2018

Uncover credit card numbers with PANHunt

It’s always good to know where random credit card numbers live on your network, even if PCI compliance isn’t a concern for you. Any unencrypted credit card information should be purged from the network to prevent accidental disclosure. I have used grep and Nessus in the past for these audits, but both where lacking in their functionality. Fortunately, I recently stumbled across the PANhunt repo on GitHub.

28 Sep 2018

Self-hosting my life

I know I’ve said I do not like pain…but I must be a massicist for moving almost everything I do into something self-hosted. Why on earth would anyone do this to themselves?

27 Sep 2018

Time Management for System Administrators

This book contains a number of valueable concepts for those new to IT as well as those who have been around for a while. While the book is somewhat dated technically (circa 2005), the advice is not. Topics range from how to deal with your boss, customers, managing email, automation, and eliminating busy work. It’s a quick read and definately worth a look.

16 Sep 2018

Moving to Jekyll

So I’ve finally grown tired of beating my head against the WordPress wall. I am sick and tired of all of the routine overhead involved with WordPress. I get spastic every time I see another Russian/Chinese/Viagra spam comment bot, and I get a migrane every time mod_security shits a fit and blocks all of the back-end PHP. Fire erupts from my ears and obscenities from my mouth. The whole routine just sucks time away from actually doing work and generating content. Combine that with the increased attack surface and inherent difficulties with DR, it’s time to go. I want something that relatively simple, not much harder than actually writing the content, and doesn’t require me to learn an entirely new markdown langauge.

13 Sep 2018

Email Security Checklist

This is a work-in-progress. Most of what is contained here were originally culled from my experience over the years. I have slowly been going back and trying to find backup documentation, validate assumptions, and ensure I’m up to date. The ‘checklist’ is vendor-agnostic at this point and geared more towards the protocols in general, with a focus on security and resiliency.

19 Jul 2018

Out of the frying pan and into a better fire...

A great deal has changed in the last two months for the better.  My family has completed our move to the South Carolina and we are loving all of it.  There is still a good amount of adjustment to do, but we are getting by.  My only regret at this point is not being able to get my boat in the water just yet.

02 May 2018

Career update

I’ve made a great deal of progress with my personal goals over the last few months. My CISSP is currently in review waiting for final approval, and my GPEN is in progress. I’ve even managed to post semi-regular blog posts.

We are steadily making progress on our family goals as well. A child enrolled in college, one property sold, another on the market, and an offer placed on our new property. If things keep moving at this pace, 2018 is going to be a great year.

More to come!

05 Apr 2018

Fixing SSL weak cipher & hashing issues in Windows

One of my biggest annoyances with my regular Nessus scans are the continuous medium risks related to weak SSL ciphers. Nartac Software created a simple tool to help admins fix these issues: ISSCrypto.  Simply download the tool, then run it as an administrator on your Windows box. I recommend you take the “Best Practices” template and apply those settings first. Always back up your current settings before changing anything!

04 Apr 2018

Energy Services Group attacked?

I became aware yesterday that several sources are reporting Energy Services Group was “hacked” or “attacked.”  There’s been a little saber rattling about hackers getting control of the US energy markets.  Being that I’ve had some dealings with ESG over the years, I thought I might speak to this.

02 Apr 2018

Why I'm ditching Google

A few months ago, I had moved almost all of my storage into Google Drive, OneDrive, or iCloud depending on the usage.  This allowed me to turn down my old Dell FreeNAS server in an attempt to save on my electric bill.  I’ve never been completely on-board with this model, even though I know I’m keeping some physical backups for emergencies.  It could be that I spend too much time listening to Michael Bazzell and Justin Carroll or the control freak in me, but not having control of my data really bugs me.

28 Mar 2018

Multiple Cisco IOS/IOS XE vulnerabilities posted

Folks - it’s time to tick everyone off with network maintenance windows!  Cisco PSIRT released 30 vulnerabilities in their router firmware across multiple versions of IOS and IOS EX.  Three critical vulnerabilities include one hard-coded credential affecting all IOS XE routers running IOS XE v16, and two which affect v15 under certain conditions.  Fifteen high risk vulnerabilities run the gamut from denial of service, buffer overflow, and privileged escalation.

14 Feb 2018

Lab setup

The draft for this project has changed three times since starting - mostly due to resource constraints on my end.  I’ve bounced between hardware, hypervisors, and focus but I’ve settled on an approach.  My immediate needs outweighed the need for a full VMWare stack.  What I really needed was a FreeNAS replacement, and after trying a few different options I’ve ended up right back on FreeNAS 11.  This platform will support most of my storage, media, and VM needs for a year or so.  It will also support several options for backing up and securing my data, allowing me to get off the cloud as much as possible.

08 Feb 2018

Differences between TCP and UDP

TCP and UDP are two very different protocols.  I’ve spent a fair amount of time over the years explaining these two issues to our power engineers and technicians.  What better topic to post here.

26 Nov 2017

IR Playbooks

Some sources for incident response playbooks for those who are interested:

24 Nov 2017

CISSP certification

I’ve been toying with getting this certificate for a while, but now I see this seems to be a golden ticket to get past the HR filters at larger companies. The cert demonstrates a broad knowledge of the overall security landscape and appears to be best suited to management types (queue pointy haired boss).

07 Nov 2017

Random DNS lookups by Chrome

After a couple hours of boredom waiting for a conference to start, I decided to fire up Wireshark and see what I could see across the wireless.  I was greeted with the first few packets appearing to be my machine reaching out to random domains on the internet (see below). Something was attempting to lookup random hostnames on every domain in my search list.  This freaked me out more than just a little.  Was my machine infected with malware randomly trying to call home?

31 Oct 2017

At a crossroad

My family is approaching a major life crossroad: My stepson will graduate from high school next year and heading off to college. 

19 Sep 2017

Sendmail took down my site!

After a week of being very busy with other things, I wanted to take a few minutes and check on my blog only to be greeted by “Site cannot be reached.” SSH’ing into the site resulted in a similar response. So what happened?

08 Sep 2017

Oh you sneaky bastards!

Equifax lost over 140 million customer’s personal information during a recent breach.  44% of Americans just lost control over their social security, drivers license, and credit card numbers along with their names, birth date, addresses…basically everything required to start building false identities and robbing them blind.

24 Aug 2017

Welcome to the new blog site!

I’ve finally gone pro!  Both my previous blogs have been migrated over to this new site running my own private domain.  The site is still in flux at the moment, but I’m hoping to grow it as time goes on.

18 Jul 2017

OpenConnect Server with Duo Two-Factor Auth in Ubuntu 16.04

Ever need access to your home network, but you are somewhat locked into the Cisco AnyConnect client for some reason?  OpenConnect Server is a great alternative to OpenVPN for these situations, and the OpenConnect client is commonly used on Linux distros to connect to Cisco AnyConnect servers.  In my case, I use a combination of Windows, Mac, and Linux some of which are rather locked down.

01 Jun 2017

Hell Week (or when your AS/400 goes belly up)

Isn’t it funny how most crises don’t arise from just one bad event happening? Most crises arise from a long history of small, seemingly good decisions which weaken what used to be a resilient system. While all of those people walk around congratulating each other on cost and time savings, a small few are trying desperately to raise alarms. Those small few become cast as neigh sayers, the enemies of progress. Or, as with my personal situation, specifically ask to no longer be responsible for the resulting mess.

22 Mar 2017

The real state of ICS security

As I sit here in blustery Boston taking a break from SecureWorld for a bit, I’m actually brought back to some of the talks given at other conferences this year. I’ve been going over some of the recent talks at RSA and Shmoocon covering ICS security and frankly, I’m not as impressed as I thought. Sitting where I do in the industry, I see plenty of cyber and physical risks to the electric utility industry that should be addressed. Waving them off as being less important than squirrels isn’t doing the industry any favors. Now every utility and generation executive gets to wave that article around in the faces of their security team as an excuse to cut their desperately needed budget.

03 Jan 2017

A quick and easy master password tool

2016 has been a year full of breaches and a year full of passwords I’ve had to change.  One resolution I’ve made in 2017 is to get away from using any multi-account passwords combinations, which means I’ve got to go full tilt into a password manager.

14 Jun 2016

Remotely changing Outlook Exchange Profiles

I’ve got a couple of remote users who report not having any new email since sometime in 2005. These guys don’t sign on to the computers all that often, so I suspect Outlook didn’t automagically change their mailbox settings when I moved them to our new Exchange server back in 2005. Typically, I would do a remote assistance session with the users while logged in. However, these guys aren’t in the office very much and when they are I’m never at my desk. So I decided to try a new trick - and hopefully it works.

20 Apr 2016

Deploying Java in WSUS Package Publisher

After a few failed starts getting Java to update via WSUS Package Publisher, I’ve taken one more try.  Here are the steps I used to successfully deploy Java 6 update 115.  The process should work for any Java version.

26 Jan 2015

Avoid tech support scammers!

Tech support phone scams are a few years old, but still fairly common. If someone calls you claiming to be from Microsoft (or some other tech company) wanting to connect to your computer to fix something, hang up.

01 Nov 2014

News and Notables for Thursday & Friday

In case you haven’t heard, many Drupal hosting providers and users dropped the ball on getting their systems patched.  Tripwire reports automated scans started compromising sites just hours after the most recent patch announcement.  The lesson here: Pay attention to your installed products, especially the internet exposed ones.  Attackers started hitting our systems for Shellshock a few hours after I learned of it, and luckily I read the article just after it was posted.  You need to do you base level security as always, but patching is a never ending cycle.  You need to stay on top of it.

30 Oct 2014

News and Notables

Microsoft releases an advisory and fix-it tool to disable SSL3 in Internet Explorer, recommends SSL 3 is disabled on all systems.  It appears they are also disabling SSL3 on all their hosted internet services.  I recommend we all do likewise.

29 Oct 2014

Dollars for InfoSec News! Send them a couple!

If you subscribe to the InfoSecNews mailing list, as I have for several years, you know they provide valuable content.  If you don’t, wander over to http://www.infosecnews.org/ and take a look at their content.

Join me in donating a $1 to help support their efforts!  It’s all secured by PayPal.

Thanks for the awesome effort guys!

29 Oct 2014

Help Fight for The Future defend the Internet!

FFTF’s Net neutrality campaign against big media appears to be paying off - according to them.  As a collective group, we “The Internet” have fought off corporate mongers before.  Can we do it again and permanently institute fair bandwidth allocation for all?  Can we prevent big media from buying their way into first place across the internet, forcing everyone else into the background?

12 Oct 2014

Suricata/Snorby multi-machine setup

Boredom and too many “junk” computers scattered around my home finally congealed into a small-scale IDS system.  I’ve been toying with the idea of setting up Suricata to see how it compares to Snort, but I wanted to prototype a scalable multi-node system.  I’ve done this in the past, but it’s been several years and ran Snort/Barnyard/ACID.  So this isn’t a new idea, but I’m thinking about scaling out more with SSH-tunnels between multiple “scanners” and the “mothership.”  Long-term the nodes would be all-in-one, low footprint plug-and-play units.

11 Oct 2014

Kmart & Dairy Queen hacked!

Looks like cybercrooks planted malware on Dairy Queen and Kmart’s point of sale systems.  Kmart customers are at risk of having their cards clone, but the company assured customers no personal information was at risk.  Dairy Queen did not specify what data was impacted specifically, but did publish a list of affected stores.

Would chip & pin card tech mitigate these attacks?

09 Oct 2014

Preview of next Patch Tuesday

Microsoft release the advanced notification today for October 2014, which includes three critical vulnerabilities for Windows, Internet Explorer and .NET.  Other patches for Microsoft Office and MSDN will be released as well.  Brace for impact.

09 Oct 2014

Reading for 10/9/14

Work In Progress - will finish updating soon!
09 Oct 2014

Apple two-factor authentication for iCloud starts today!

If you haven’t setup your two-factor authentication for third party apps in iCloud yet, now is the time.  Unless you are like me, and gave Google all of those tasks already. :)  Kudos to Apple for finally coming down of the high horse and admitting they can be hacked…kinda sorta.  :)

As a side note, I have to say I’m coming more and more into the dark side of fanboydom since I switch to the iPhone.  I didn’t switch by choice mind you, but I did switch.  Almost all of the annoyance from my Android days were gone, but I really miss the bigger screens and greater flexibility.  For now, I’m ok with trading the flexibility up for stability in a device more important than my laptop.

08 Oct 2014

Reading 10/8/14

  • The SANS Stormcast mentioned the Cuckoo Sandbox for malware research, so I took a few minutes and checked it out.  Based on the About and FAQ pages, this looks like a VM style sandbox to document what malware is actually doing to a Windows machine.  How it works - I don't know as I went tl;dr on it.  If you are interested in malware forensics, this bad boy might be just what you needed.
06 Oct 2014

Reading for 10/6

  • SANS ISC StormCast - mention of two new NMAP diary entries which I want to look into more.
03 Oct 2014

Reading for 10/3/14

As is the case lately, I'm far too busy to observe "f*** off Friday," where I try to limit operational work and focus on learning something new.  Next week I hope to bring this back in play.  As usual, work got in the way and I couldn't get my newsfeeds done until the end of the day.  Hope someone finds anything here useful. 
01 Oct 2014

Things I read today...

I know the title is rather boring, maybe I will think of something more exciting later.  I thought it might be worthwhile to share what I read in regards to information security today, and more importantly why.  We infosec professionals read so many blogs, newspapers, and articles today that I’m surprised we read anything for pleasure.  Hopefully this helps someone, or at least gives me a reference back to something cool I read later on.

23 Sep 2014

The security problem is a people problem...surprise.

Well it’s looks like the new cyber czar is a noob in the eyes of the greater IT community all because of his “you don’t have to be a coder” comment.  First, why would one in the IT field expect someone in management to be able to configure a firewall on their own? j/k  Frankly, the cyber czar or any other management position doesn’t need a detailed IT background to succeed where the real problem exist - between the ears of everyone touching a keyboard, mouse, iPad, or smartphone.

04 Sep 2014

It's been a while

It’s been a long while since I wrote a blog entry.  Frankly, I’ve just been busy focusing on other things like spending the short summer with my family and dealing with the many changes this merger has brought on me.

04 Sep 2014

Help prevent corporate phishing by changing your MFP's default subject line!

It’s all too often I see a threatening email with the subject “Scanned from a Xerox Multifunction Device” which could simply be spam, but it could also carry a malicious payload.  These devices come with enough vulnerabilities as it is, and everyone who deploys them should go through all the default settings.  All too often, the leasing company brings them in and only pops in the bare minimum to get the device up and running on the network.  I try to make my rounds and customize the settings, but how many IT shops actually do.

04 Sep 2014

Introduction

Hello - I’ve spun up this blog to help me better categorize the many aspects of work I do and help share my experiences without jumbling up too many topics.  I may choose to consolidate this back into my main blog at some point.

17 Jun 2013

My first experience with PenAir

EDIT - The company went out of business earlier in 2018...in the midst of me trying to get back home after purchasing my new house. It was a collasal shitshow and we lost nearly $1000 in tickets, hotel bills, etc.
07 Aug 2008

Maine's porn police

Once again, my great state of Maine comes up with another brilliant big-brother law: add computer techs to the list of “mandated reporters” of suspected child abuse.