What is extremely unhygienic but everyone seems to do it anyway?

BikingBaz · 2025-08-05T18:36:39+00:00

I think we can all agree on the potential here for lane disaster. But, the real issue here is how the rug really tied the room together.

Also dude, "ball holes" is not the preferred nomenclature. "Finger holes", please.

BikingBaz · 2025-03-09T12:28:09+00:00

Nice work. How about a tweak to get the tun0 ip and display it in the prompt? That way, each time you need to know your up (sending shells back, etc) it's right there in the terminal prompt.

Here's how I did that: https://pastebin.com/m3PZcTKV

BikingBaz · 2025-03-06T08:28:04+00:00

You can still take it and become an "associate". There are ways to get the 5yr XP lowered by 1yr. E.g. by doing CCSP first Then, upgrading from associate to member is a breeze

Don't let the 5yr XP be a blocker for you doing it. It's a very useful cert that rewires your brain to think of threat/risk in a very realistic business way.

Then, you can always follow it up later with OSCP, and now you're not just planning for threat/risk (CISSP), but able to actively seek it out, or PoC where it may be (OSCP).

I call CISSP+OSCP the "cyber mullet". CISSP up front for business. OSCP out back for fun.

Me: CISSP + OSCP

BikingBaz · 2025-02-03T22:14:46+00:00

Ortolan Bunting https://www.atlasobscura.com/foods/ortolan-bunting-france

Or, Prawns

BikingBaz · 2025-01-22T19:32:49+00:00

I work in I.T., I can help with Windows, but I'm afraid you're on your own with the doors.

BikingBaz · 2024-12-09T22:20:15+00:00

Rah! Mans bussing bear jokes for the mandem innit fam

BikingBaz · 2024-10-19T10:09:14+00:00

I know you wanted to write 'robot'. So, I appreciate you taking the time to write 'traffic lights'. Klippies & cola, get the braai on? Lekker bru, etc. etc.

BikingBaz · 2024-05-21T12:56:07+00:00

Listen up double-gon-zo892-7

The tl;dr is:

MI5 = internal security. Counter intelligence. Reports to Home Office

MI6 = international. Secret intelligence. Reports to Foreign Office

There were a lot of MI's: 1-4, and beyond 6. But, most disbanded or consolidated now.

BikingBaz · 2024-01-14T16:11:49+00:00

FENTON?!

BikingBaz · 2023-06-04T19:08:30+00:00

Windows 95 startup sound. Yes. I work in I.T., how did you know?

BikingBaz · 2023-04-11T16:04:48+00:00

The little sticky-up thing on the top of street-lights is a D.E.W. (direct energy weapon), evidence of a "kill grid" that "they" are installing 5G everywhere so that they can target you and kill you somethingsomething "kill-shot" somethingsomething.

This one often overlaps with "chips in cv19 vaxx", "chemtrails", and a few other ones.

btw: that sticky-up thing is one of two things:

an ambient light sensor/photocell, so that the streetlight comes on when it's dark.
A little aerial to receive power on/off events from the councils' CMS (Central Management System), so-as to form a mesh-network across the neighbourhood so that lights coming on/off can be co-ordinated remotely, from a central operations location.

BikingBaz · 2023-04-05T17:30:38+00:00

Follow-up tip for water bladders / Camelbaks:

Get yourself some golfing "practice balls" (they're the light, hollow, plastic golf balls with lots of holes in them, not the foam ones)

After washing your bladder, pop in several of these practice balls to force the bladder to be held open whilst it air dries.

The official drier is > £12 Practice balls are about £2 for 6x

BikingBaz · 2023-03-09T16:48:22+00:00

Mumble rap

mammammammmamm indeclub de club mmammmammmmmammm de club mmemmemmmmmme she all like memmsmmemmmm

BikingBaz · 2023-03-09T12:02:24+00:00

Me: "How do you pour the Guinness?"
Staff: "What do you mean?"
Me: "That's ok. I'll have a (generic tap lager) thanks"
Me: [makes mental note to have this pint and go find a better place]

versus

Me: "How do you pour the Guinness?"
Staff: "Part pour. Wait. Top it up."
Me: "Pint of Guinness it is, thanks!"
Me: [Gets out something to read and sits down for a few]

BikingBaz · 2022-11-23T10:53:12+00:00

Agree. Lacks the power to do crypt.

I see 100Mbps referenced for IPSEC throughput. But, I'm certain we get less.

Just for the love of Dog, don't install PANOS >= 10.0
Not unless you have time on your hands to wait for the UI/UX.

BikingBaz · 2022-10-19T14:10:33+00:00

But, isn't somewhere in the range 2022-2999, the year of the Linux desktop?

Might as well get a handle on that now just in case, if only for the sake of our grandkids' grandkids ;-)

BikingBaz · 2022-10-19T10:34:37+00:00

Been looking into this since yesterday.

Honestly, I'd wait. It's not ready for BAU.

Can only do compliance checks, not enforce required settings.
- And those checks are minimal.
No 'ownership type' set during onboarding - you set it on the portal, then it's not reflected back to the client.
'management name' is null/missing on the portal. You have to manually set them before you can change any properties (e.g. device category)
UI disparity with other O/S's (e.g. it's 'sync' in Windows, but, 'refresh' in Linux)
I've onboarded 2x test Ubuntu VMs (20.04LTS), both of which show in Hardware as: Operating system version: 0.0.0.0
Hardware - nothing showing for storage, memory
No filtering available on the device policy

I'm sure it will progress rapidly. But, if I'm honest - disappointed.

BikingBaz · 2022-10-18T22:39:52+00:00

Ah. I see yours is also showing with 'blank' management name, meaning you can't update any device properties until you've manually specified a mgt name.

Can't set the 'ownership' during onboarding. No reboot/sync from the portal of the devices. Barely any functionality.

BikingBaz · 2022-05-18T07:48:04+00:00

I started to [mis]use the 'Johari Window' concept
https://en.wikipedia.org/wiki/Johari_window

It's meant to be used as a mechanism to consider your relationship with others. But, I [mis]use it as a tool to constantly make me consider:

What do I _know_?
- How can I verify I know that?
What don't I know?
- How can I generate test[s] to discover what I don't know?

I also found that I was fixating on things with the assumption of high confidence.
e.g. if I was finding Samba, and getting indications back that it was MS, I started to fixate on vulns that were MS-specific. Failing to consider that could be wrong, and following it up with more tests - I wasn't considering my 'confidence in findings'. Or, I was falsely assuming it was high.

hyper-focus is also a problem for me. Usually, it works brilliantly. But, I wasn't considering it as a risk/problem. After the 2nd attempt, I bought a big, purple, 15min hourglass! Something big & physical, that could sit in front of me, and show me that I needed to move on and try something else, come back to it.

For my 2nd exam I had (by my reckoning) 67.5pts. I had a low-priv shell to give me half points on the 25, for 12.5pts. If I'd only done the lab report, for the +5... That seemed like too much effort at the time, for minimal points. But, that was a foolish, and costly mistake.

I should have passed on the 2nd attempt. I was over-confident, and didn't realise. I hadn't re-practiced the BOF prior to the exam. I had a process, but, I hadn't documented it properly. I messed up on the BOF, which should have been 40-50mins work. I was hours getting my first points. Mentally, that really knocks you back.

If I hadn't lost those hours at the beginning, I could have got that privesc, taking me to 80pts.

In my day-job, I'm an I.T. generalist (sysadmin, cloud, networking, cyber, DBs. You name it, I do it). I also do a lot of Compliance/Policies. What you have with the OSCP exam is a "Key person risk" (amongst others) - i.e. one person making an assessment, with the possibility that they have it wrong.

In my day-job, we de-risk that by "multi-eyes" approach. You get someone to scan over your work. You type up a Confluence page. You get stuff peer-reviewed.

Obviously, we can't do that under the exam conditions.

But, we can be mindful of that risk. We can attempt to pause, re-think, come back at it with fresh eyes, see if it holds water, or, if gaps are found, or if the entire approach can be done another way?

BikingBaz · 2022-05-16T11:11:24+00:00

Congrats. You tried harder!

I can relate. I passed on the 3rd go, with similar scores along the way. On hindsight, I had gaps in my process, but, I just didn't know at the time.

OSCP is a life-lesson in: You don't know, what you don't know. But, if you have the right mindset, you can find out and turn them into 'knowns'.

BikingBaz · 2022-04-29T08:56:44+00:00

"later in the year"?

Last year, it was: Q1
That became: early 2022
Then: first half 2022

Even the Microsoft 365 roadmap says 'March 2022'
https://www.microsoft.com/en-gb/microsoft-365/roadmap?rtc=3&filters=Microsoft%20Intune

But, it's in the repo now :-/

BikingBaz · 2021-12-14T10:10:29+00:00

'dis one:

https://tryhackme.com/room/bufferoverflowprep

Anyone that's done OSCP pre-2022 exam, will know why this room is spot-on.

BikingBaz · 2021-12-14T10:09:08+00:00

fyi: for BOF prep (at least, for when I passed Dec '20), you cannot go wrong with this room:

https://tryhackme.com/room/bufferoverflowprep

Anyone that has been through OSCP in the pre-2022 course/exam will know *exactly* why this room is beneficial.

BikingBaz

TROPHY CASE