Friday, January 03, 2020
Wednesday, December 04, 2019
Tech-wise, after a couple of months running Linux Mint as my main distro, it took a backseat to now me running Manjaro Linux on a daily basis and has became my main distro. Cutting edge, rolling release, much more stable than Arch, it's an awesome distro. I still use Linux Mint on my other computer.
I been working for a couple of months now with an awesome startup company. Awesome people, awesome culture, big big plans that I have for security here and it's a challenge which is really tough yet rewarding which is to make use of what very limited funds there is to maximize the security posture here. There's lots of very good free solutions out there. Granted that you may need to work it out a bit when it comes to deployment and maybe setting it up isn't really as simple as ABC but with a bit of technical knowledge and DuckDuckGo, you will find you way.
For internal VA, I deployed Kali+OpenVAS for the infrastructure site on a cloud instance. Pretty straightforward if you ask me. To GUI into it, you can just VNC over SSH tunneling locking down to only specific IP addresses with this access (like the office IP, etc.) and presto you have GUI! Currently using the latest and greatest Kali Linux 2019.4 with XFCE and yes, Kali Undercover works although my use case for it in this instance is very much limited to just enjoying how my non-security folks look as I am running Windows only to find the terminal rather "different".
For the application security side of things, I am using Qualys FreeScan for the moment. I am thinking of Upguard. But so far I like what I see in Qualys with the report scheduling and OWASP top 10 scans which are all free. It may lack the visibility and the convenience of their bigger brother or the competition in the field ala Acunetix, Netsparker, Nessus, etc. but for a startup with limited funds, free is always more than welcome.
Certification-wise, it seems that I have seriously strayed away from my initial goal of hitting up the OSCP examination the past year but I am now reorganising my time and have begun studying back. Only time will tell if I go astray again. I really must get back into the pentesting world. It's my first love. And one of the main reasons why I want to go into security in the first place.
Last but not least, I am just waiting for some of the Hak5 gear that I bought over during the Black Friday sales to arrive soon. There's a few other gear I have in sight ... not cheap nevertheless. Oh and yes ... the Cosmo Communicator. Would be sweet to see a fully functional phone with Linux running natively on it paired with an ALFA USB wireless card for awesome packet injection.
Onto Christmas! A warm one that is!
Wednesday, March 06, 2019
With a little Google-fu and common sense, I found this on the VMWare communities page and it solves my problems.
While I don't use Ubuntu, in Linux Mint (latest release 18.3) I went into privacy settings and told it to remember recently accessed files (Set to "on") and Never forget old files (Set to "On") and now I can add the machine(s) to my Library.
Friday, August 17, 2018
Winter is ending here in Sydney, Australia. Spring, my favourite season, is soon here. Can't wait for the beautiful flowers springing out to life. Although after that, the worst season comes which is summer. Do you know how pesky flies are in Australia??? Not to mention that is the time of the year where the magpies, freakin spiders, slithery snakes, etc. will be out to hunt me ... I mean food.
Still pursuing my OSCP although to be honest, with so little time and so little energy left after a day at work, not to mention my daughter now who demands more of my attention during the weekends, finding time for the OSCP let alone playing a quick round of Street Fighter is becoming a giant task. I'll get there someday. At least I think I will. And in the meantime, I thought I knocked the CEH off. GPEN might be the next one before attempting for the OSCP. We'll see ...
Tuesday, September 12, 2017
I had the same issue.
Looking at the code in the SR2 zip file, I pinpointed it to the file /data/custom_ramdisk_patch.sh. Looking inside the file, it's some remains of Magisk. I removed that file via the TWRP Terminal (rm /data/custom_ramdisk_patch.sh) and it solved the problem.
Hope this helps!"
And there's the quick fix.
Tuesday, April 25, 2017
By the way, for you security enthusiasts around the SEA region, one notable conference that might interests you is BlackHat Asia. This year, again it was held at the Marina Bay Sands Expo in Singapore. This is an excellent place for networking and getting to know the people in the industry. I have had the privilege of getting to know, meeting and talking with the Pingu team, Michael Ossmann of HackRF One fame, Jeff Moss with his young kid, Anthony Lai who is HongKong's OWASP chapter lead and the founder of the VXCON, another awesome security conference which I hope I can attend one day, and a whole group of other awesome security people. This is one conference you should seriously consider to attend even if it's for the free business pass.
|A view of events for the day. Usually the briefings and the business hall events will last for two days. Blackhat trainings last for two days as well but they are held prior to the briefings and business hall days.|
|One of the popular booths in Blackhat Asia business hall. Here the contestants are picking locks to win prizes. Photo credited to Anthony.|
Tuesday, March 14, 2017
The Nexus 6 has a new companion for on-the-go pentesting. Can't wait to see how this baby performs on multi core tasks compared to the 6. Was tempted to flash my OnePlus 3T at first but side loading the OTAs are kinda painful compared to the Nexus phones. Pixel phones? No can do with Google's change in the FS structure. For now.