The word cyber is used as a marketing term for roughly information security related topics. Everything is cyber. We are experiencing a cyber fatigue right now. Adding the term cyber creates no additional value. It is lipstick on a pig.
If you want to create a better environment, you have to face the problem itself. Proclaiming a cyber solution will not help you. It is the headless chicken mode in action. To really improve the situation, you have to face reality.
Management only learns the hard way. The only working KPI is money. Translating risks into real money is key.
What kind of work would I do if I had to do it forever?
First, you have to be an effective problem solver. For the first couple of years my motivation was off the charts. We’ve grown to subconsciously measure a person’s worth based off how many hours they work, how much is on their plate and put simply — whether or not they are running around like a chicken with their head cut off.
It was a time where I had a lot of independence in choosing how to work and what to work on. …
In my opinion management lost its precise sharpness. It has become dull term and it has drawn a lot of negativity. It could be resharpened, but it would be a great effort to rework such a big word. And even then you would not know, what you mean with management, because it would have two meanings for some time.
The word management is a portmanteau (combination of two words) from the Latin phrase “manum agere”. “Manus” means hand and “agere” means to lead, act, move or even push along. But it is “manum agere” and not “manus agere”, there is…
If you flow like water through a thick bamboo forest, you will leave your marks, no matter how gentle you are. Life means to create and therefore it has to break.
You are here on planet Earth. You will create a lot during your time. But this comes with a price. In order to create you will have to break. You need resources for your life. So make it count. Create something worthy. Generate entropy. Build something that is meant to last. Your burden is to leave this planet in better shape, than you found it.
This is not as…
At some point in time I realized, that doing something rewarding does not necessarily lead to an achievement. And most of the time achievements are not the result of rewarding work. I tried to fix this by changing my attitude towards this fact, but it did not work out for me. So why do something, that is not rewarding in the process or does not lead to anything?
It feels like a waste of time. I sat down, reflected and looked for activities that are rewarding in the process and have a high probability to return achievements. These activities are…
If you walk from A to B, there are two obvious reasons, why you would do it. The first is to reach B. The second is to walk.
If you enjoy walking a lot, it does not matter to you. You are enjoying the process itself. Keep that attitude, it is very helpful, but you already knew this.
If your goal is to reach B and you don’t enjoy the journey, why should you start walking? What comes after B? Will you stay at B or is it just the next hop? Look at the broader picture.
Draw a map…
MinU 1 is a boot2root machine from VulnHub. It is rated as easy/intermediate. I would rate it as intermediate, because it uses some techniques, which are more advanced. This machine may have a steep learning curve for beginners.
In VirtualBox the MinU machines gets an IP address via DHCP, which is very convenient. So 10.0.0.10 refers to MinU and 10.0.0.4 refers to the attacking Kali Linux.
I scanned the host with the options shown below. And opened the
full-tcp.xml in Firefox.
nmap -p- -sC -sS -T5 -A -oA full-tcp --stylesheet https://raw.githubusercontent.com/honze-net/nmap-bootstrap-xsl/master/nmap-bootstrap.xsl 10.0.0.10
This week I finished my two month of PWK. I got through most of the machines, even the harder ones and into other subnets. I did it part time, so I worked and did the lab. In short: Two very intense months, but totally worth it. A truly mind bending adventure.
Offensive Security is doing a great job! I had no issues at all. No VPN downtime, connection issues or bugs (besides the intended ones, of course). A very well explained setup guide. Everything went smooth. So nice! They even corrected the invoice for me, so that I got no…
Recently I came across the interesting task to check thousands of machines for sensitive data. Nobody wants to leak data through a misconfigured server. One classic way is to have a forgotten FTP server, which contains an old backup of some machine or service. These often contain — of course — credentials, private keys, database dumps or whatever an administrator felt like it was worth backing it up. Backups itself are not a bad idea, but putting them on an anonymously accessible FTP server is a big no-no. …
Ever seen a movie or documentary about monks in a monastery performing martial arts? Every time I am impressed by the level of power, precision, consciousness and calmness.
They achieve these levels of expertise through a simple, but effective concept. It is not efficient, because it is 99% hard work and it takes them their whole life.
This sounds painful, but you will understand why it is good and desirable. These people do not stand out, because they wear easy to spot clothing. They stand out, because of their mindset.
This is not an over-a-weekend recipe for success. You might…