Saturday, May 23, 2020

Covid-19 / Coronavirus Year and some personl updates

In my last post, I was hoping for a new and exciting year. Well first of all, I was made redundant with 11 others in the startup that I joined just barely 3 months ago. It was an organisation restructuring they say. In hindsight, it was a blessing to be let go then rather than now since the covid-19 pandemic started shortly after that.

As I am writing this, it has been about a little over 2 months since the pandemic started. While it was a lockdown both here in Australia and also my home country, Malaysia, things are starting to ease up now. My daughter will be going to school next Monday and I am pretty sure a lot of us will be returning to the office shortly. I love working from home/remotely so this is something that I am not looking forward to.

That being said, I have been studying a bit on my offensive security skills and I am hoping to nail a couple of exams this year (probably related to offensive security or the compliance part). I have been doing a fair bit of penetration testing for a few Australian based companies and government agencies so that has also been taking quite a bit of my time. Any free time I have now I tend to either chill and annoy my daughter or basically do some light reading.

I am hoping to secure a part time role to supplement my income and at the same time try to do something that is entirely non-IT related. Let us see how I will fare...

The Kali Linux logo (the choice of Linux distribution for a lot of hackers and security professionals) ... regardless of whether it has anything to do with security or not, Iike the design of a dragon on a dark blackground. Simple yet alluring design.

Friday, January 03, 2020

New Year 2020

When I reflected back on 2019, I felt happy and sad at the same time. Happy that the Hyrulian princess graduated but sad that a close family member is longer here together with some friends who succumbed to cancer and other unfortunate events. There were of course other memorable events,  some good and others bad in 2019 as well.

I have joined a startup end of this year, discarding corporate looks in favour of a very much toned-down environment and a lot of work to do in terms of getting them to where my vision of an organisation with a mature cyber security posture will be. In this role, I play both the governance and a fair bit of technical security engineer. At least I hope to believe that this will help me in a couple of the technical certifications that I am hoping to gain in 2020!

The bush fires in Australia are another issue that breaks my heart. Seeing so many people suffer especially those who have lost their loved ones, half a billion animals dead with some species maybe extinct according to one expert and no signs of the fire going away makes one wonder why is this happening? I can only pray and hope for a miracle for this catastrophic event to end soon and bring much relief to those who have suffered so much.

I am hoping to a better 2020 for everyone. Let's look forward to it!

Wednesday, December 04, 2019

Summer Christmas

Do you know that in December it's summer in Australia? That means instead of I am dreaming of a white Christmas ... it becomes I am dreaming of a non-sweaty Christmas. Summers in Australia can be brutal. We're talking about hitting 40 or even sub 50 degrees celcius here! Time for more sunscreen.

Tech-wise, after a couple of months running Linux Mint as my main distro, it took a backseat to now me running Manjaro Linux on a daily basis and has became my main distro. Cutting edge, rolling release, much more stable than Arch, it's an awesome distro. I still use Linux Mint on my other computer.

I been working for a couple of months now with an awesome startup company. Awesome people, awesome culture, big big plans that I have for security here and it's a challenge which is really tough yet rewarding which is to make use of what very limited funds there is to maximize the security posture here. There's lots of very good free solutions out there. Granted that you may need to work it out a bit when it comes to deployment and maybe setting it up isn't really as simple as ABC but with a bit of technical knowledge and DuckDuckGo, you will find you way.

For internal VA, I deployed Kali+OpenVAS for the infrastructure site on a cloud instance. Pretty straightforward if you ask me. To GUI into it, you can just VNC over SSH tunneling locking down to only specific IP addresses with this access (like the office IP, etc.) and presto you have GUI! Currently using the latest and greatest Kali Linux 2019.4 with XFCE and yes, Kali Undercover works although my use case for it in this instance is very much limited to just enjoying how my non-security folks look as I am running Windows only to find the terminal rather "different".

For the application security side of things, I am using Qualys FreeScan for the moment. I am thinking of Upguard. But so far I like what I see in Qualys with the report scheduling and OWASP top 10 scans which are all free. It may lack the visibility and the convenience of their bigger brother or the competition in the field ala Acunetix, Netsparker, Nessus, etc. but for a startup with limited funds, free is always more than welcome.

Certification-wise, it seems that I have seriously strayed away from my initial goal of hitting up the OSCP examination the past year but I am now reorganising my time and have begun studying back. Only time will tell if I go astray again. I really must get back into the pentesting world. It's my first love. And one of the main reasons why I want to go into security in the first place.

Last but not least, I am just waiting for some of the Hak5 gear that I bought over during the Black Friday sales to arrive soon. There's a few other gear I have in sight ... not cheap nevertheless. Oh and yes ... the Cosmo Communicator. Would be sweet to see a fully functional phone with Linux running natively on it paired with an ALFA USB wireless card for awesome packet injection.

Onto Christmas! A warm one that is!

Wednesday, March 06, 2019

Restoring VM Images List in VMWare Player under Linux Mint

While running VMWare Player on my Linux Mint 19.1 box (don't judge me. I prefer to use things that work out of the box rather than spend countless of time, which I don't have now and frankly I better spend it on something else, to make it work), I quickly discovered that after adding multiple CTF VM images, there were not displaying on the selection area.

With a little Google-fu and common sense, I found this on the VMWare communities page and it solves my problems.

While I don't use Ubuntu, in Linux Mint (latest release 18.3) I went into privacy settings and told it to remember recently accessed files (Set to "on") and Never forget old files (Set to "On") and now I can add the machine(s) to my Library.

Friday, August 17, 2018

August 2018

Been some time since I last updated my personal blog. In a nutshell, here's what I have been up to for those curious.

Winter is ending here in Sydney, Australia. Spring, my favourite season, is soon here. Can't wait for the beautiful flowers springing out to life. Although after that, the worst season comes which is summer. Do you know how pesky flies are in Australia??? Not to mention that is the time of the year where the magpies, freakin spiders, slithery snakes, etc. will be out to hunt me ... I mean food.

Still pursuing my OSCP although to be honest, with so little time and so little energy left after a day at work, not to mention my daughter now who demands more of my attention during the weekends, finding time for the OSCP let alone playing a quick round of Street Fighter is becoming a giant task. I'll get there someday. At least I think I will. And in the meantime, I thought I knocked the CEH off. GPEN might be the next one before attempting for the OSCP. We'll see ...

Tuesday, September 12, 2017

Rooting a Nexus 6P using SuperSU v2.82 SR3 by Chainfire

From the XDA forums, comes a very good tip. If you are having problems patching your Nexus 6P using the SuperSU v2.82 SR3 and you saw that it failed in the logs, Chiyo-chan came up with this tip :-)

- Calling user ramdisk patch script
--- Failure, aborting

my log when trying to install after a clean system + boot reflash.
Is something wrong? HtC 10 stock rom


I had the same issue.
Looking at the code in the SR2 zip file, I pinpointed it to the file /data/ Looking inside the file, it's some remains of Magisk. I removed that file via the TWRP Terminal (rm /data/ and it solved the problem.

Hope this helps!"

And there's the quick fix.

Tuesday, April 25, 2017

Bash Bunny, BlackHat Asia

I gotten a Bash Bunny a month ago and boy this is a device to behold. It works somewhat like a rubber ducky but the plus point is you can immediately run scripts on it (it has a Python interpreter too!) without having to go through a compilation process like how the rubber ducky needs. The 3-way hardware switch toggle on the top is the icing on the cake. Modes 1 and 2 for unleashing the kraken while mode 3 makes it a mass storage device.
Bunny hoping
I been very interested in USB attacks for the past few months now seeing how many organisations and people still rely on USB devices amidst a storm of wireless technologies offerings. One of the questions that got me thinking is there are USB ports on planes. What happens if you connect a rubber ducky or a bash bunny into the USB port and uses a mimikatz-like exploit? Well, like any other computer, if it connects to the main network, you are probably in passwords heaven. But I doubt it. Most media terminals on the plane are standalone. WiFi on the other ...

By the way, for you security enthusiasts around the SEA region, one notable conference that might interests you is BlackHat Asia. This year, again it was held at the Marina Bay Sands Expo in Singapore. This is an excellent place for networking and getting to know the people in the industry. I have had the privilege of getting to know, meeting and talking with the Pingu team, Michael Ossmann of HackRF One fame, Jeff Moss with his young kid, Anthony Lai  who is HongKong's OWASP chapter lead and the founder of the VXCON, another awesome security conference which I hope I can attend one day, and a whole group of other awesome security people. This is one conference you should seriously consider to attend even if it's for the free business pass.
A view of events for the day. Usually the briefings and the business hall events will last for two days. Blackhat trainings last for two days as well but they are held prior to the briefings and business hall days.

One of the popular booths in Blackhat Asia business hall. Here the contestants are picking locks to win prizes. Photo credited to Anthony.