My buddy Gary runs the CryptoCousins podcast. I’ve been interviewed on his podcast previously. I saw Ray Redacted present at Dallas Hackers Association and thought he’d be excellent on their podcast. Not only did they interview him, he’s also going to be speaking at the Bit Block Boom conference on July 14th in Addison, TX. Check it out!
I survived the crazy 10 day, 6 city, 6 speaking engagement whirl-wind. Honestly, it really wasn’t that bad. I got to hang out with some really cool people. I got to see some really neat places, and I got to learn a bunch of crazy new things. You pick up a lot when you hang out at 6 different security conferences in rapid succession.
One of the unfortunate things I struggle with is keeping a good work/home life balance. It’s a struggle I think I’ll honestly have to deal with my entire life. I tend to excel in one area of my life and drop the ball in others. I still struggle with this as I do have a tend to be pretty stubborn and I don’t accept failure in myself. When I see this happening in other people, I tell them to check their priorities and to prioritize family over work. I tend to neglect my own advise. When that happens, I come back to this commencement speech from Shonda Rhimes. She’s a very strong and power-player in Hollywood. Her words in her commencement speech really struck a chord with me.
“Wherever you see me succeeding in one area of my life, that almost certainly means I’m failing in another area of my life.”
With all that said, I’m going to cut back a little on the travel, prioritize myself and my family and work on a few pet projects I’ve been thinking about. Looking forward to it.
- Date & time
- Address and location
- Name of the event.
- Description of event.
- Event agenda.
- Talk duration (30/60 min?)
- What the client want the speech to achieve
- Who will introduce me?
- Can I send them an intro or will they provide it?
- If more information is needed, who is my point person? (get contact info)
- How many people will be there?
- What’s their attitude toward my topic?
- Will I be expected to mingle and socialize with audience before or after I speak?
- Will there be a podium? Is it solid or see-through (lucite/plexi-glass/etc)
- Will there be a screen and projector? What video input (VGA, HDMI, etc)
- How many video inputs are available (typical answer is 1)
- Will I have a microphone?
- What type? (lape, hand-help, attached to podium, mic-stand, etc)
- May I arrive early to walk the stage and get comfortable about the equipment and venue?
- Who is in charge of making sure things go smoothly before and during my speech (get contact info)
I’m excited to announce that I’ll be speaking at the March 2018 North Texas ISSA chapter meeting. I’m planning on presenting the “Hacker Carpet Bomb” aka “Hacker’s Bag of Tricks” aka “Hackers Tooklit” presentation. This talk consists of nothing but live demos. Anyone who’s done IT presentations can tell you, live demos are dangerous. They rarely go right. Having a talk that consists of nothing but live demos is straight up insane. I’ve done this talk a handful of times. Not once has it ever gone perfectly, but that’s also the charm behind it. Exploits, even in perfect environments, sometimes fail. That’s part of it. Here’s the demo’s I’m planning to present
- Poisontap by Samy Kamkar
- Inveigh by Kevin Robinson
- MouseJack by Bastille Research
- Bashbunny by Hak5
- Rubber Ducky by Hack5
- WiFi Pineapple by Hak5
- USB Killer
Between now and then I need to find a device I can destroy on stage. If you have something you don’t mind literally going up in smoke, please let me know.
So please come out March 15th at 11:00AM. I’m sure it’ll be a fun and eye-opening event.
This weekend, I took the wife and kids to my parents house to visit. They’re in the middle of a large home remodel. As part of the remodel, the construction crew had knocked down a wall in one of the bedrooms and found a small altoid tin stashed in the wall. My parents had no idea what to make of the contents. Simply a piece of paper with some notes scribbled on it. My father (bless his heart) asked me if it had something to do with drugs (LOL). He told me the story and asked me what the paper was all about. I took the box, opened it up and smelled it (just in case…). I opened the note and was instantly hit with a wave of 90’s IT nostalgia. Back before the internet, parents had no real idea what sort of trouble someone could get into with simply a computer and a modem. This was my BBS list! At the time, you had to be 18 years old to sign up and participate on Bulletin Board Systems. This was my 13-year-old boy attempt to create a fake persona and keep my late night shenanigans with my friends hidden from my parents. It’s funny to look back at a time before the Internet had taken over daily life. A time before you could summon a car or a bag of groceries to your door with a flick of your finger. It’s nice to look back and see phone number before the requirement to add the area code.
This took me back to a really cool point of my life when I would logon at 12:01am right when the timers to all the doors would reset. I would wait for my friend Lu to logon and we’d play Legend of the Red Dragon till 2-3am. I remember once, a bunch of people (whom some I still keep in touch with) all met at the Parks Mall to hang out. It was probably one of the first times I realized it was okay to be a bit geeky and to be yourself. There’s other folks out there just like me!
I wonder if any of these still exist. I guess it’s time to find out.
I was interviewed a few months back on the CryptoCousins podcast.
Give it a listen and let me know what you think. I’m a little embarrassed as I was on the road traveling for business as well as under-prepared. I didn’t really do as much of the homework as I had hoped. Either way, give it a listen and enjoy.
So before sobering up and leaving Dallas Hackers last night, I did a quick (and inebriated) firetalk on some of the books I’ve read recently and my thoughts. I will update this blog post with a summary of each book and my thoughts on them. However I wanted to get this post up before I hop this flight to Tel Aviv, Israel for a week. Here’s the list. Enjoy!
So I’m about to embark on another trip across the US to discuss Cyber Security controls with a bunch of different companies across the West Coast. I’m looking forward to it. However, I absolutely hate packing for trips like this. You never know what exactly life has in store for you, if the weather will cooperate, or if you might spill a ramekin of cocktail sauce down the back of your last nice shirt (true story). So anyways, I’m trying to make it easier on myself by keeping a “living packing list”. I’ll continue to update this list as time goes on with whatever need-to-have items I require while traveling. Anyways, here’s the list so far.
[ ] Dress Shirts
[ ] Slacks
[ ] Dress shoes
[ ] Belt
[ ] Underwear
[ ] Undershirts
[ ] Socks
[ ] Swimsuit
[ ] Shorts
[ ] T-Shirts
[ ] Running Shoes
[ ] Baseball Cap
[ ] Toothbrush/Toothpaste/Floss/Mouthwash
[ ] Shaving Razor/Shaving Cream/Blades
[ ] Comb/Hairbrush
[ ] Hair gel/hairspray
[ ] Nail Clippers
[ ] Deodorant
[ ] Talcum Powder
[ ] Ear Plugs
[ ] Sleep Mask
[ ] Tweezers
[ ] Hand Sanitizer
[ ] Aspirin/Tylenol
[ ] Afrin Nose Spray
[ ] Benadryl
[ ] Pens & Notepad
[ ] Laptop Charger
[ ] Laptop
[ ] Hacking Toolkit
[ ] Business Cards
[ ] Breath Mints
[ ] Dry Erase Markers
[ ] Wireless Mouse (Purposely Vulnerable)
[ ] VGA to HDMI Adapter
[ ] Sunglasses
[ ] Phone Charger
[ ] HooToo Travel Mate
[ ] Roku Stick
[ ] Amazon Dot
[ ] VR Headset
[ ] WifI Hotspot
[ ] Noise-Canceling Headphones.
[ ] Wired Headphones
[ ] Kindle
[ ] iPad
[ ] Watch Charger
[ ] Flashlight
[ ] Umbrella
[ ] USB Battery Pack
[ ] HDMI Cable
It’s a lot, but I’m able to typically carry this all in an average carry on and a brief-case or backpack. Free free to print this packing list as a PDF out as well for your own use.
Most of you know I work for a particular Privileged Account Security company. It’s sort of hard to unplug for your job when you really love what you do. With that said, sometimes when I’m off the clock, I’ll still work on some pet projects. This is one of them. In CyberArk’s Enterprise Password Vault version 9.7, they introduced a really cool new feature. Privilege Session Manager Remote Desktop Proxy. SysAdmins typically push back on any security control because they tend to introduce hurdles in their day to day operations. Security shouldn’t hinder operations as they’ll tend to be avoided or even worse yet, circumvented. So PSMRDPP was developed to allow for Privilege Sessions to be initiated without having to authenticate and logon to the web interface. Using native RDP tools, you can access your privileged accounts. It’s really cool!
Anyways, I developed a script to build out the RDP links automatically that interface with the PSM Proxy server. It also works with Devolutions Remote Desktop Manager Sorry, only works in the paid version. They crippled the powershell functionality in the free version. Anyways, I’ve put the script up on GitHub. I’m going to continue to improve on the script, but for now you’re welcome to use it. It works great!
I’m heading to BSidesLV, DEFCON25, & Blackhat in Las Vegas this week. It’s going to be a great time and I’m really looking forward to it. Here’s some standard best practices I try to follow when attending a InfoSec related conference.
- Laptop Behavior
- Do not bring your laptop, unless specifically required. Try only using your your phone connected via VPN.
- Do not leave your laptop unattended at any time.
- Do not check-in your laptop as luggage.
- Turn off WiFi and Bluetooth.
- Printing, scanning, faxing
- Do not print from or scan to your laptops
- Internet access and connectivity
- Unless absolutely necessary for a job function, disable WiFi.
- Disable Bluetooth on your computer and phone.
- Disable NFS connectivity on your phone and computer.
- If Wifi is absolutely required, ONLY use your own provided wifi. I used a JetBack/MiFi and connect ONLY to that device.
- Always use a VPN as soon as you obtain WiFi access.
- Do NOT plug any network cable into the laptop.
- Do not plug any USB storage devices (hard drives, sticks, network adapters, Raspberry Pi’s, etc) into the laptop or phone.
- Document behavior
- Do not work on internal or sensitive documents in public.