Wednesday, December 04, 2019

Summer Christmas

Do you know that in December it's summer in Australia? That means instead of I am dreaming of a white Christmas ... it becomes I am dreaming of a non-sweaty Christmas. Summers in Australia can be brutal. We're talking about hitting 40 or even sub 50 degrees celcius here! Time for more sunscreen.

Tech-wise, after a couple of months running Linux Mint as my main distro, it took a backseat to now me running Manjaro Linux on a daily basis and has became my main distro. Cutting edge, rolling release, much more stable than Arch, it's an awesome distro. I still use Linux Mint on my other computer.

I been working for a couple of months now with an awesome startup company. Awesome people, awesome culture, big big plans that I have for security here and it's a challenge which is really tough yet rewarding which is to make use of what very limited funds there is to maximize the security posture here. There's lots of very good free solutions out there. Granted that you may need to work it out a bit when it comes to deployment and maybe setting it up isn't really as simple as ABC but with a bit of technical knowledge and DuckDuckGo, you will find you way.

For internal VA, I deployed Kali+OpenVAS for the infrastructure site on a cloud instance. Pretty straightforward if you ask me. To GUI into it, you can just VNC over SSH tunneling locking down to only specific IP addresses with this access (like the office IP, etc.) and presto you have GUI! Currently using the latest and greatest Kali Linux 2019.4 with XFCE and yes, Kali Undercover works although my use case for it in this instance is very much limited to just enjoying how my non-security folks look as I am running Windows only to find the terminal rather "different".

For the application security side of things, I am using Qualys FreeScan for the moment. I am thinking of Upguard. But so far I like what I see in Qualys with the report scheduling and OWASP top 10 scans which are all free. It may lack the visibility and the convenience of their bigger brother or the competition in the field ala Acunetix, Netsparker, Nessus, etc. but for a startup with limited funds, free is always more than welcome.

Certification-wise, it seems that I have seriously strayed away from my initial goal of hitting up the OSCP examination the past year but I am now reorganising my time and have begun studying back. Only time will tell if I go astray again. I really must get back into the pentesting world. It's my first love. And one of the main reasons why I want to go into security in the first place.

Last but not least, I am just waiting for some of the Hak5 gear that I bought over during the Black Friday sales to arrive soon. There's a few other gear I have in sight ... not cheap nevertheless. Oh and yes ... the Cosmo Communicator. Would be sweet to see a fully functional phone with Linux running natively on it paired with an ALFA USB wireless card for awesome packet injection.

Onto Christmas! A warm one that is!

No comments: