Sunday, September 17, 2017

OSCP Update

I missed a couple Sundays because I was out of town and had something else going on.  I don't remember what it was but it was important at the time.  I am continuing along.  Started on the labs getting ready to actually start attacking some of the networked machines.  The materials are good but I am finding myself doing a lot of side reading.  A lot of people have mentioned that before, but it is true, you do have to do additional research.

Friday, September 08, 2017

Fuck Me... R.I.P. Jerry Pournelle

Jerry Pournelle had a huge influence in my life. 

I read "The Mercenary" my sophomore year of high school and "Lucifer's Hammer" and "The Mote in God's Eye" soon after.  He along with Robert Heinlein were fundamental in forming my world view, my view on what it means to be a man (in the generic human sense) and my views on politics.  They helped me articulate ideas that had been building in my head for quite a while at that point and I think made me a better person through their writings. 

Jerry Pournelle passed today.  Normally it would be the thing to do to offer a prayer, but I am going to instead offer The Line Marine March as it appears in his Falkenberg's Legion Series. 

We've left blood in the dirt of twenty-five worlds,
We've built roads on a dozen more,
And all that we have at the end of our hitch
Buys a night with a second-class whore.
The Senate decrees, the Grand Admiral calls,
The orders come down from on high.
It's 'On Full Kits' and 'Sound Board Ships,'
We're sending you where you can die."
"The lands that we take, the Senate gives back,
Rather more often than not,
But the more that are killed, the less share the loot,
And we won't be back to this spot.
We'll break the hearts of your women and girls,
We may break your arse, as well,
Then the Line Marines with their banners unfurled
Will follow those banners to hell.
We know the devil, his pomps, and his works,
Ah, yes! We know them well!
When you've served out your hitch in the Line Marines,
You can bugger the Senate of Hell!"

"Then we'll drink with our comrades and throw down our packs,
We'll rest ten years on the flat of our backs,
Then it's 'On Full Kits' and out of your racks,
You must build a new road through Hell!
The Fleet is our country, we sleep with a rifle,
No man ever begot a son on his rifle,
They pay us in gin and curse when we sin,
There's not one that can stand us unless we're downwind,
We're shot when we lose and turned out when we win,
But we bury our comrades wherever they fall,
And there's none that can face us, though we've nothing at all."

I previously mentioned The Line Marine March  and the trouble it got me in in school, but I made my point at the time.  I also at various times had the pleasure of corresponding with Dr. Pournelle.  He was always gracious with me despite being far smarter and far more accomplished.  Again, R.I.P.

Wednesday, September 06, 2017

This one time at band camp...

alright, to be upfront this isn't exactly that kind of story, it's more of just an absurdist tale as related to me by this friend of mine, Kate.  (so it's really kind of a sea story).

Kate, is kind of an interesting person, which we can go into later, but the germane thing is she is in Infosec or Cyber-Security or whatever you want to call it, and the company she works for is, well we'll justsay their program is not mature.

That lack of maturity is kind of the point of this post.

As Kate tells it her department is charged with doing assessments on new devices and applications being added to the network and is supposed to be involved in insuring that application updates are secure.  Apparently there are recurring issues with getting security included in project meetings and discussions - supposedly the SDLC requires that IT utilize the secure coding standard, do data classification etc.  But the SDLC is an IT policy and the others are cyber security policies.  Security falls under IT but the policies aren't signed by the director of IT.  Each underling signs his own.

According to Kate she has suggested a number of times that the policies be aligned, and been told no.  At one point she was told, "We only care about cyber-security policies", so yesterday she finally pulls the SDLC and compares what is in it with what everyone believes is in it.  Guess what?  The SDLC doesn't say squat about security other than requiring proof of Separation of Environments and Separation of Duties.

Ooooooops.  Guess, they aren't required to get any security input at all.

Kate, writes this up send up up to the senior analysts and the manager and is now waiting for some sort of response.

I thought this was funny because it echos a lot of what I think is fucked about cyber-security.  The siloing of everything, concentrating on process rather than on actually securing the data / systems, and an us vs. them menatlity with IT.  This is why shit is so fucked.  Comparing the SDLC and the cybersecurity policies probably took Kate no more that 10 minutes and it is a major hole, that from the way it sounds no one will patch voluntarily.  So welcome to the world of the breached.

Wednesday, August 30, 2017

Sunday, August 27, 2017

OSCP progress report 2

Well, it's Sunday and I promised a report on how the OSCP stuff is going -

So far so good.

I am sticking to the plan I outlined in my last report, mostly; I fell a little behind yesterday because of some family stuff but I will catch up today and tomorrow.  Working through the buffer overflow chapters at the moment.

I am already starting to see a way to tie some of this stuff in with work too (I mean even before I walk in and say hey I am an OSCP give me a raise).  I mentioned a couple weeks ago I am building a VM lab at work for training / testing configurations.  One of the questions has been what vulnerable VMs to put on the "corporate" segment (not real corporate but the segment we are going to attack), well this site has a list of machines, on Vulnhub, that have similar vulnerabilities to the machines in the OSCP labs.  (found via this site).  I knew about vulnhub already of course, and plnned to use some of their images already, this just ties stuff together a little.

Tuesday, August 22, 2017

OSCP first progress report

Started yesterday after belatedly receiving the email notification that my materials were ready.  I signed up for the 90 day plan and I fully expect to have to extend at least one 30 day period because, honestly, I am not very bright.

Progress so far - 75 pages into the manual (about 20%) and have been working along with the examples.  I know that doesn't sound like much but I have a plan - when I am starting a new course I always like to go thru the materials once before starting any exercises or homework, so that is what I am doing.  I ma going to read the manual and go thru the examples along with the video, then after I have done that I will go back and do the exercise.  I think that will give me the best reinforcement of the learning.  I expect that to eat up the first month.  then I will start the real work - trying to compromise the 10 lab machines.

I know this doesn't sound like an ambitious schedule but I know me and I know that I get bored quickly if all I do is one thing so I am trying to be realistic.

After this I will start posting these updates on Sundays.

(I thought about doing video postings like a bunch of other people but that would probably break youtube)

Monday, August 21, 2017

OSCP begins

There was a little bit of confusion on when I was supposed to start this - initially I thought the 19th, then I got an email saying the 27th, then it was the 19th again but nothing showed up so I was thinking whelp, the 27th it is; but last night at about 11pm a quarantined email message came thru and I scrambled really quick to get stuff set up.  Doesn't seem like a particularly auspicious start but I am optimistic.

The materials look good.  The training manual is a 375 page watermarked .pdf.  Even before I got the packet people have been asking for copies.  Sorry guys not happening.  There are also videos (about 30 hours worth I think) also watermarked.  Again sorry guys but no sharing.

The workload seems fairly daunting - most of the write-ups I have read have recommended 100 - 120 hours lab time, so I went for the 90 day package, but I am a dumbass so I expect I will be extending at least once.  In order to successfully complete the course you have to compromise 10 machines and do a write-up (for CPEs).  They provide a template and it's pretty extensive.

Anyway that it so far I have read the first section of the manual so I will start labbing this evening.  That's my plan, by the way, read the manual and watch the videos on the way to and from work and then lab it in the evenings.  I changed that plan when I realized I would quickly get bored and burn out.  The new plan will take longer but is more in line with my learning style.

OSCP Update

I missed a couple Sundays because I was out of town and had something else going on.  I don't remember what it was but it was important ...