Business Travel (aka Road Warrior) Packing List.

So I’m about to embark on another trip across the US to discuss Cyber Security controls with a bunch of different companies across the West Coast. I’m looking forward to it. However, I absolutely hate packing for trips like this. You never know what exactly life has in store for you, if the weather will cooperate, or if you might spill a ramekin of cocktail sauce down the back of your last nice shirt (true story). So anyways, I’m trying to make it easier on myself by keeping a “living packing list”. I’ll continue to update this list as time goes on with whatever need-to-have items I require while traveling. Anyways, here’s the list so far.
Clothing
[ ] Dress Shirts
[ ] Slacks
[ ] Dress shoes
[ ] Belt
[ ] Underwear
[ ] Undershirts
[ ] Socks
[ ] Swimsuit
[ ] Shorts
[ ] T-Shirts
[ ] Running Shoes
[ ] Baseball Cap

Toiletries
[ ] Toothbrush/Toothpaste/Floss/Mouthwash
[ ] Shaving Razor/Shaving Cream/Blades
[ ] Comb/Hairbrush
[ ] Hair gel/hairspray
[ ] Nail Clippers
[ ] Deodorant
[ ] Talcum Powder
[ ] Ear Plugs
[ ] Sleep Mask
[ ] Tweezers
[ ] Hand Sanitizer
[ ] Aspirin/Tylenol
[ ] Afrin Nose Spray
[ ] Benadryl

Business
[ ] Pens & Notepad
[ ] Laptop Charger
[ ] Laptop
[ ] Hacking Toolkit
[ ] Business Cards
[ ] Breath Mints
[ ] Dry Erase Markers
[ ] Wireless Mouse (Purposely Vulnerable)
[ ] VGA to HDMI Adapter

Misc
[ ] Sunglasses
[ ] Phone Charger
[ ] HooToo Travel Mate
[ ] Roku Stick
[ ] Amazon Dot
[ ] VR Headset
[ ] WifI Hotspot
[ ] Noise-Canceling Headphones.
[ ] Wired Headphones
[ ] Kindle
[ ] iPad
[ ] Watch Charger
[ ] Flashlight
[ ] Umbrella
[ ] USB Battery Pack
[ ] HDMI Cable

It’s a lot, but I’m able to typically carry this all in an average carry on and a brief-case or backpack. Free free to print this packing list as a PDF out as well for your own use.

New Script! – RDP Proxy Link Builder

Most of you know I work for a particular Privileged Account Security company. It’s sort of hard to unplug for your job when you really love what you do. With that said, sometimes when I’m off the clock, I’ll still work on some pet projects. This is one of them. In CyberArk’s Enterprise Password Vault version 9.7, they introduced a really cool new feature. Privilege Session Manager Remote Desktop Proxy. SysAdmins typically push back on any security control because they tend to introduce hurdles in their day to day operations. Security shouldn’t hinder operations as they’ll tend to be avoided or even worse yet, circumvented.  So PSMRDPP was developed to allow for Privilege Sessions to be initiated without having to authenticate and logon to the web interface. Using native RDP tools, you can access your privileged accounts. It’s really cool!

Anyways, I developed a script to build out the RDP links automatically that interface with the PSM Proxy server. It also works with Devolutions Remote Desktop Manager Sorry, only works in the paid version. They crippled the powershell functionality in the free version. Anyways, I’ve put the script up on GitHub. I’m going to continue to improve on the script, but for now you’re welcome to use it. It works great!

https://github.com/BinaryWasp/RDPProxyLinkBuilder

 

Hacker Conference Behavior

I’m heading to BSidesLV, DEFCON25, & Blackhat in Las Vegas this week. It’s going to be a great time and I’m really looking forward to it. Here’s some standard best practices I try to follow when attending a InfoSec related conference.

  1. Laptop Behavior
    1. Do not bring your laptop, unless specifically required. Try only using your your phone connected via VPN.
    2. Do not leave your laptop unattended at any time.
    3. Do not check-in your laptop as luggage.
    4. Turn off WiFi and Bluetooth.
  2. Printing, scanning, faxing
    1. Do not print from or scan to your laptops
  3. Internet access and connectivity
    1. Unless absolutely necessary for a job function, disable WiFi.
    2. Disable Bluetooth on your computer and phone.
    3. Disable NFS connectivity on your phone and computer.
    4. If Wifi is absolutely required, ONLY use your own provided wifi. I used a JetBack/MiFi and connect ONLY to that device.
    5. Always use a VPN as soon as you obtain WiFi access.
    6. Do NOT plug any network cable into the laptop.
    7. Do not plug any USB storage devices (hard drives, sticks, network adapters, Raspberry Pi’s, etc) into the laptop or phone.
  4. Document behavior
    1. Do not work on internal or sensitive documents in public.

 

Okay, break’s over. Back to work!

So I took a little vacation to a tiny little rock out in the middle of the South Pacific. Isla de Pascua, Rapa Nui, Easter Island…whatever you want to call it, it was amazing. What an incredible time I will never forget. It was a little odd not having phone, internet, or any sort of tether back to society. At the same time, it was really nice to literally be off the grid for some time. However. It’s all done. Break’s over. It’s time to get back in the swing of things.

A day after getting back, I packed up and headed to Denver at the Optiv ES3 summit to do a brand new talk on insider threat. I love the city of Denver, so I’m always happy to get invited back out there. The talk, despite being my first presentation on the topic, went really well. The talk was well attended, and well received. Plus, at the end of the day I got to hang out and talk with Brian Krebs. That was great! I’m planning on heading back out to Denver sometime in August, but until then…there’s a LOT more to be done. (btw – the goatee got a good trip shortly after this picture.)

There’s a lot going on between now and even August. First off, I’ve got to make it out to Phoenix for a few client visits and prep for a round of forums I’m presenting later in Q3. I’ll fly back late Friday night. Then it’s up to Boston this coming Sunday. I’m presenting two new presentations at the CyberArk 2017 Impact Summit in Boston. I’ll be talking on Ransomware. The goal is to focus particularly on the WannaCry and NotPetya ransomworms and defensive strategies to address the next generation of Ransomware.  The next talk, is what I’m REALLY excited about. My good buddy Len Noe and I are basically going to carpet-bomb the audience with live demos of real penetration testing tools. A few of the things we plan to demo are the PoisonTap, BashBunny, Inveigh and Responder, the Wifi Pineapple, and my favorite live demo…MouseJack (code injection on a machine not even connected to the network).  It’s going to be a lot of fun. I also built one hell of a powerpoint presentation to go along with it. Something like 7 slides and 2.9GB. I rendered the slides as video and have scenes from Hackers playing silently in the background. Whichever breakout presentation gets the highest marks gets to present to the mainstage. Either way, it’s gonna be off the chain!

After Impact, we’ve got the CyberArk Midyear Sales Kickoff. I don’t have any expectations there, other than it’s going to be a lot of work while we’re up there.  After that, I have one week back in Dallas (unless something comes up, which it typically does). After that…it’s off to Vegas for Hacker Summer Camp! Woo hoo!  For Blackhat, I don’t get to attend, but I actually have to work the event. I absolutely love Blackhat. You get to meet a lot of great and interesting people. After that it’s onward to BSides and DEFCON 25. I’ve been waiting all year for this.  As soon as I heard it was at Caesar’s this year, I made sure my room was reserved. Due to my wife’s travel hacking, I have status at Caesars. I get a nice big room (photo below was the last time I stayed at Caesar’s Palace earlier this year at Gartner), access to free services, and the VIP lounge. So…now I have 3 friends staying with me in the room and live video feeds of the talks downstairs if they’re too packed. I’m really looking forward to it.

So yeah, that’s just July. August is gonna be crazy too!

Taking a break…

So I just wrapped up yesterday BSides Cincinnati. It was a great event. Great folks, great weather, great venue…just great all around. Anyways, I’ve been working, traveling, speaking a lot more than I had originally anticipated the last six months. I’m going to take a break from the travel/conference stuff for just a couple months and slow things down some. I’ve recently taken on a large amount of responsibility at work that needs my full attention. The kids are about to be on Summer vacation and I’m looking forward to spending a little more time with Mrs. Rainmaker. We’ve got an insane vacation planned sometime in June. CyberArk has an amazing customer conference coming up in July. And I couldn’t forget about Hacker Summer camp! Blackhat, BSides Vegas, and DEFCON 25 are all going down in July/August. I’ve got status with Caesar’s so I’m planning on getting a killer room, living the VIP life, and enjoying the trip to the fullest extent. Even without traveling for work and conferences, that’s still a lot of travel planned.

Again, this is only a small break. I already have a new deck prepared on Insider Threat. I’m going to pick that back up in September along with the others. Knowing me, I’ll probably have more time to work on projects at home and maybe update my blog from time to time. 🙂

Mastodon

So recently, the InfoSec community has made a mass exodus from Twitter to a new social network. This is an interesting one. Everyone’s moving to Mastodon. Mastodon is a free, open-source social network made up of federated servers. It’s a decentralized platform that doesn’t have a single company running, storing, and manipulating (for commercial gains) your data. Anyone can stand up a Mastodon server, however most simply pick out a server from the long list and participate.

From an end-user perspective, this is a twitter replacement. It’s very similar in that you have a limited (albeit longer character limit) to work within. Tweets are now called “toots” (yeah…sorry about that). Retweets are now boosts.

I’m still on the fence about the entire thing. I’m afraid it might not have enough traction in the social media market to be successful. However, I’m not going to complain. Rather I’m going to logon and participate. You can find me at Rainmaker@Mastodon.cloud.

 

More Speaking Events!

More events to add to the calendar:

May 5th – CISO Thought Leadership Forum – Dallas,TX Panelist on Insider Threat.

May 12-13 – BSides Denver – Denver CO

May 20th – BSides Cincinnati  – Cincinnati OH

June 20th – Optive ES3 – Denver CO

July 12th – CyberArk Impact – Boston MA

Inbetween all this, I’ve got my regular Advisor duties to attend to. Somewhere in all this, I’m taking the wife and kids to Easter Island in the middle of the South Pacific. After this, I think I’m going to take a couple months off to refresh and brush up on some new content.

 

GIAC – GPEN Certified!

I took my GPEN certification exam on Thursday and I passed. I was rather nervous to be honest about the exam considering two of my fellow co-workers struggled with it. I waited until the very last day to take the exam and I’m glad I did. Luckily I scored a 91%. Even though it was open book, it was a doozy of an exam. I had my notes, index, and the texts to work from…and it was still a challenge. TBH – I’m really proud of my index (no I won’t share it with you). It looks like a unicorn threw-up on a notebook, but it had just about everything I needed. I’m also excited because I scored high enough to be in the advisory council and to possibly be a SANS mentor! I’m very humbled and honored!

Just a little tip thought: I won’t go into specifics, but I would advise anyone taking the exam to brush up specifically on the netcat switches and really learn scapy backwards and forwards. Not only will it help you with the exam, but I’ve found myself using both tool in my day to day roles a lot now.

So…what’s the first thing I do now that I don’t have a certification deadline looming over me? Go pick out another cert to tackle. My wife tells me that I’m goal driven. I need a goal to strive for if I want to be productive. At this point I’m strongly considering either the CCSP from (ISC)2 or one of the Amazon certifications. I need to skill-up on cloud a little bit before I go after the OSCP. So let me know. What do you think? What certification should I go after next?

 

One last thing….

 

Dearest people outside of the realm of InfoSec,

Someone mentions the word ‘Penetration’ in proper context, and you folks lose your damn minds. Get your heads out of the gutter. Thanks.

Speaking Engagements!


So, I’m going to be a little busy the next few weeks. Not entirely sure how many gigs I’ve got booked, but here’s my speaking calendar booked out so far…

Oh yeah, sometime between all of this I’m doing my regular job responsibilities and studying for my GPEN. Wish me luck!