Digital Shokunin

2018 came with a big transition for me, a new opportunity came up that allowed me to pivot into InfoSec full time. Without going into too much detail I’ll be doing a bit of offensive security. This is very exciting for me to say the least.

One of the things I am working on that I have had plans to build out eventually for some time is a home pentesting lab. I’ve managed to setup a multi-core CPU PC with about 32 GB of RAM. I’ve setup a virtual environment using KVM that I plan to be managing with RHEL based tools. For now I’m using the Gnome Boxes and/or virt-manager. My plan is to simulate a fully functional environment networked VM’s to act as an attack range for both known and new exploits that I’ll use for practice or research.

The last year I’ve been busy working quite a bit with AWS. I’ve gone so far as to get my certification as the Associate Level as an AWS Architect. I accomplished this earlier in the year as well as renewing my Puppet Certification just recently for 2017. I may also be getting Docker certified.

Also related to AWS, I’ve recently discovered some infosec related resources on AWS from the offensive perspective. The first is Daniel Grzelak who has a blog on some of the possible way someone can back door an AWS account using AWS services. Another is a tookit called CS Suite which I haven’t had a chance to use extensively yet, but can help with auditing AWS security. AWS also provides some tools to do the same.

Atom.io was getting too bloated. So after much trial and error, and learning curve, I went hard into vim, and started using spacevim. In fact, I’m typing this up in spacevim right now with a live Markdown preview showing in a side browser window.

The biggest challenge besides getting it working and all the dependencies, was to get the terminal colors and unicode characters to display properly. At work, I settled on a Terminator terminal over X11+SSH session to get the colors just right, even though setting xterm-256color (or color256 maybe) as your terminal type and also installing the powerline fonts. The Deja Vu Mono from powerline works best I’ve found. Weirdly, it works better over an X11 session using a X Server on Windows (MobaXTerm) with vim running on a private cloud provisioned Ubuntu 16.04 server then it does on my Ubuntu workstation/laptop at home. The difference really is that just a few characters show up as random unicode blocks, even after changing the font on my home machine, not sure the difference (edit: I since fixed this by installing nerd fonts: https://github.com/SpaceVim/SpaceVim/issues/619 ).

So I can’t STFU about keto, so the below is what started as a sentence or two explanation of my experience of keto in response to something that turned into a blog post, so I decided to cut my comment short and post it here.

I started the last week of January, I’ve gone from 268 to 233, and that’s falling off the wagon several times (sometimes intentionally for special meals/travel) and getting back on it. I’ve also been doing some moderate weight lifting using the 5x5 routine and intermittent fasting (watch videos by Dr. Jason Fung on YouTube) when I start to plateau or I’ll carb shock my body with something super sugary if the weight loss tapers off for several weeks (bro science behind why I think it works, but it works for me, some people think it’s terrible). Also, while whiskey is okay, it seems to slow my weight loss because it has calories and slows metabolism, makes you retain water when you’re recovering, etc, so I drink less and am about to try something called LyteShow that helps. The other thing I get sometimes is Halo Top ice cream, which Publix, and surprisingly Walmart sells, which believe it or not is keto friendly ice cream (if you only eat a 1/4 cup and are super low on other carbs that day) that uses primarily sugar alcohols and dietary fiber mostly in place carbs or artificial sweeteners.

Iworked another year as staff for CarolinaCon 2017. This year I helped run the hardware hacking village with my friends and fellow members of FALE which was mostly if not completely used to assemble badges for the conference which where Atmel based hardware badges that communicated wirelessly with RF modules on the ~900+Mhz frequency range. The badges were designed by my friend melvin2001 whom I miss badly now that he’s moved across country. The code for the badges are located on the FALE GitHub.

Now I’m sitting on a plane, heading back to my family.

I just got through with the RedHat Summit 2017 in Boston and I also visited some of my family while there. It was an intense 3-4 days.

I generally love Boston, and also Cambridge across the river. While I was there, I took a visit over to the MIT Press Bookstore, and bought a few books, including Grokking algorithms which was a book that I already had on my wishlist, but wasn’t one I could find in the store anywhere else. It was going to be my next Amazon purchase, but I was lucky enough to find it there. I also bought Tokyo Boogie-Woogie, and one other book. I also explored Chinatown and had my first hot pot, which was an awesome experience.

I have only two kids at this point and for the foreseeable future. Both are fairly young, but one is getting old enough that I’m starting to think about teaching her some of the basic programming and STEM related subjects fairly early. She already is quite taken by Minecraft, and can navigate the computer pretty well even if she doesn’t yet know all the keys on the keyboard. She knows how to move and do things, etc. She can also use a tablet or touch screen device with ease.

I’m sitting on a plane waiting for my delayed flight to Boston listening to Adam Savage rant about Apple’s lack of ease of use (of which I totally agree). I figured it was the perfect time to finish this blog. Oh yeah, why am I on a plane? I’m heading to Red Hat Summit 2017. I might write about that later. In like a year or so. Yes, I back dated this if you realize the RH Summit is in May, but I’ve been meaning to write this post for over a month.

2016 has been another crazy year for me, and 2017 is just as crazy. I’ve been putting off updating my site for a while (a whole year). So here is a summary update of just some of the things I’ve been working on for 2016 and the first few months of 2017.

Certifications: I am now a Puppet Certified Professional 2016, I guess if its not obvious, I’ve been working even more heavily with Puppet, going to training, writing modules, etc. This was my first certification and I will say the test is very difficult testing you on every obscure area of Puppet, and it changes a lot between versions. If you’re studying for this exam, you need to practically read all their documentation on top of training and having real life experience. Their are study guides, I also just recently obtained certification as an IBM Certified System Administrator for WebSphere Application Server Network Deployment V8.5.5 and Liberty Profile. Mostly because I’ve been working with it heavily for a while so the certification was just a formality, I barely studied for that one.

I gave another talk for this year’s CarolinaCon 12 called “Never Go Full Spectrum Cyber”. For this talk I focused on mistakes “hackers” and even some InfoSec professionals have made and then a short summary at the end of OpSec lessons that could have prevented the mistakes covered earlier in the talk.

The talk slides are here. [UPDATE: The talk video is here.]

I referenced OpSec work and talks done by the grugq. You can find his site I mentioned in my talk at grugq.github.io. The grugq’s talk I also mentioned is called OPSEC: Because Jail is for wuftpd.