Pages

Thursday, September 03, 2020

Zoom on a HiDPI screen on Linux

If you find that once doing scaling on a computer with a HiDPI screen running Linux, everything works fine except Zoom, try editing ~/.config/zoomus.conf and make sure you have “autoScale=false”.

 Credits to a Reddit post for this. HiDPI on Linux is still a bitch at times. Not sure whether Wayland in future will work fine out of the box. We'll see. On the other hand, Kali Linux's kali-hidpi-mode works VERY well with HiDPI so it's probably how some distributions handle the scaling.

Saturday, August 01, 2020

Saturday, May 23, 2020

Covid-19 / Coronavirus Year and some personal updates

In my last post, I was hoping for a new and exciting year. Well first of all, I was made redundant with 11 others in the startup that I joined just barely 3 months ago. It was an organisation restructuring they say. In hindsight, it was a blessing to be let go then rather than now since the covid-19 pandemic started shortly after that.

As I am writing this, it has been about a little over 2 months since the pandemic started. While it was a lockdown both here in Australia and also my home country, Malaysia, things are starting to ease up now. My daughter will be going to school next Monday and I am pretty sure a lot of us will be returning to the office shortly. I love working from home/remotely so this is something that I am not looking forward to.

That being said, I have been studying a bit on my offensive security skills and I am hoping to nail a couple of exams this year (probably related to offensive security or the compliance part). I have been doing a fair bit of penetration testing for a few Australian based companies and government agencies so that has also been taking quite a bit of my time. Any free time I have now I tend to either chill and annoy my daughter or basically do some light reading.

I am hoping to secure a part time role to supplement my income and at the same time try to do something that is entirely non-IT related. Let us see how I will fare...

The Kali Linux logo (the choice of Linux distribution for a lot of hackers and security professionals) ... regardless of whether it has anything to do with security or not, Iike the design of a dragon on a dark blackground. Simple yet alluring design.

Friday, January 03, 2020

New Year 2020

When I reflected back on 2019, I felt happy and sad at the same time. Happy that the Hyrulian princess graduated but sad that a close family member is longer here together with some friends who succumbed to cancer and other unfortunate events. There were of course other memorable events,  some good and others bad in 2019 as well.

I have joined a startup end of this year, discarding corporate looks in favour of a very much toned-down environment and a lot of work to do in terms of getting them to where my vision of an organisation with a mature cyber security posture will be. In this role, I play both the governance and a fair bit of technical security engineer. At least I hope to believe that this will help me in a couple of the technical certifications that I am hoping to gain in 2020!

The bush fires in Australia are another issue that breaks my heart. Seeing so many people suffer especially those who have lost their loved ones, half a billion animals dead with some species maybe extinct according to one expert and no signs of the fire going away makes one wonder why is this happening? I can only pray and hope for a miracle for this catastrophic event to end soon and bring much relief to those who have suffered so much.

I am hoping to a better 2020 for everyone. Let's look forward to it!



Wednesday, December 04, 2019

Summer Christmas

Do you know that in December it's summer in Australia? That means instead of I am dreaming of a white Christmas ... it becomes I am dreaming of a non-sweaty Christmas. Summers in Australia can be brutal. We're talking about hitting 40 or even sub 50 degrees celcius here! Time for more sunscreen.

Tech-wise, after a couple of months running Linux Mint as my main distro, it took a backseat to now me running Manjaro Linux on a daily basis and has became my main distro. Cutting edge, rolling release, much more stable than Arch, it's an awesome distro. I still use Linux Mint on my other computer.

I been working for a couple of months now with an awesome startup company. Awesome people, awesome culture, big big plans that I have for security here and it's a challenge which is really tough yet rewarding which is to make use of what very limited funds there is to maximize the security posture here. There's lots of very good free solutions out there. Granted that you may need to work it out a bit when it comes to deployment and maybe setting it up isn't really as simple as ABC but with a bit of technical knowledge and DuckDuckGo, you will find you way.

For internal VA, I deployed Kali+OpenVAS for the infrastructure site on a cloud instance. Pretty straightforward if you ask me. To GUI into it, you can just VNC over SSH tunneling locking down to only specific IP addresses with this access (like the office IP, etc.) and presto you have GUI! Currently using the latest and greatest Kali Linux 2019.4 with XFCE and yes, Kali Undercover works although my use case for it in this instance is very much limited to just enjoying how my non-security folks look as I am running Windows only to find the terminal rather "different".

For the application security side of things, I am using Qualys FreeScan for the moment. I am thinking of Upguard. But so far I like what I see in Qualys with the report scheduling and OWASP top 10 scans which are all free. It may lack the visibility and the convenience of their bigger brother or the competition in the field ala Acunetix, Netsparker, Nessus, etc. but for a startup with limited funds, free is always more than welcome.

Certification-wise, it seems that I have seriously strayed away from my initial goal of hitting up the OSCP examination the past year but I am now reorganising my time and have begun studying back. Only time will tell if I go astray again. I really must get back into the pentesting world. It's my first love. And one of the main reasons why I want to go into security in the first place.

Last but not least, I am just waiting for some of the Hak5 gear that I bought over during the Black Friday sales to arrive soon. There's a few other gear I have in sight ... not cheap nevertheless. Oh and yes ... the Cosmo Communicator. Would be sweet to see a fully functional phone with Linux running natively on it paired with an ALFA USB wireless card for awesome packet injection.

Onto Christmas! A warm one that is!

Wednesday, March 06, 2019

Restoring VM Images List in VMWare Player under Linux Mint

While running VMWare Player on my Linux Mint 19.1 box (don't judge me. I prefer to use things that work out of the box rather than spend countless of time, which I don't have now and frankly I better spend it on something else, to make it work), I quickly discovered that after adding multiple CTF VM images, there were not displaying on the selection area.

With a little Google-fu and common sense, I found this on the VMWare communities page and it solves my problems.


While I don't use Ubuntu, in Linux Mint (latest release 18.3) I went into privacy settings and told it to remember recently accessed files (Set to "on") and Never forget old files (Set to "On") and now I can add the machine(s) to my Library.


Friday, August 17, 2018

August 2018

Been some time since I last updated my personal blog. In a nutshell, here's what I have been up to for those curious.

Winter is ending here in Sydney, Australia. Spring, my favourite season, is soon here. Can't wait for the beautiful flowers springing out to life. Although after that, the worst season comes which is summer. Do you know how pesky flies are in Australia??? Not to mention that is the time of the year where the magpies, freakin spiders, slithery snakes, etc. will be out to hunt me ... I mean food.

Still pursuing my OSCP although to be honest, with so little time and so little energy left after a day at work, not to mention my daughter now who demands more of my attention during the weekends, finding time for the OSCP let alone playing a quick round of Street Fighter is becoming a giant task. I'll get there someday. At least I think I will. And in the meantime, I thought I knocked the CEH off. GPEN might be the next one before attempting for the OSCP. We'll see ...