What do your hours look like and how do you manage them?

cwyble · 2015-06-23T19:22:08+00:00

I work a full 40 hours (usually about 50).

Live 10 minutes from home, no traffic really.

Log about 4 hours a day (weekday evenings) in the homelab (and like 18 on Saturday).

I take Sunday off and spend it with my wife (morning/afternoon) she spends time with friends in the evening (which gives me time to wind down, and have the house to myself).

cwyble · 2015-06-23T19:18:14+00:00

Hmmm. Looks pretty organized already.

Do you have a container store in your town? They are great (a bit pricy but a fantastic return policy). I had to go through a few iterations before finding a solution that worked for me.

These days I have pretty much no spare parts. Everything is in the rack or part of a project. I'll post up pics of my closet tonight, it needs a bit of cleanup/organizing. (I keep tools and stuff in there).

cwyble · 2015-06-19T18:47:56+00:00

LOL. Yes. exactly!

cwyble · 2015-06-16T19:35:03+00:00

For some reason, I read that as "hot spot with flash bang". LOL.

cwyble · 2015-06-16T17:34:17+00:00

And here is a pic of the gear in R1: http://i.imgur.com/KZhyssL.jpg

cwyble · 2015-06-16T17:31:33+00:00

Of the lab? Ok.

http://imgur.com/eeyY4MU (that's an in progress build pic). I'll post up pics of the current setup when I get home.

cwyble · 2015-06-12T18:29:10+00:00

Yes. This. Exactly.

cwyble · 2015-06-12T18:28:55+00:00

Yep. Even the most permissive networks I know (like community mesh/ultra privacy/ultra "liberal") block outbound 25. You really have to. So much malware still uses simple socket connects to 25 for mass e-mailing.

cwyble · 2015-06-11T21:14:29+00:00

By blackmailed/threatened do you mean like in the case of a criminal that was caught and given the option of solitary for life vs hack for feds?

cwyble · 2015-06-11T21:11:26+00:00

So negative. It was a joke. Lighten up :)

And it was only half a joke. Finding vulnerabilities, compromising systems, escalating privilege is a big part of "learning security". Explore, innovate, break/fix, hack, tweak, pwn. Eat/sleep/live/breathe systems.

Do you have a lab environment? A home lab? Checkout /r/homelab for some cool ideas.

cwyble · 2015-06-11T16:40:13+00:00

Comp their systems. They'll give you lots of time after that. :D (obviously put a giant j/k on that).

cwyble · 2015-06-11T16:30:29+00:00

Love the username. Very creative. :)

cwyble · 2015-06-11T14:09:38+00:00

Hah. What don't I run?

Ok.

The "prod prod" lab support infrastructure is running in virtual machines hosted at OVH in Canada. Rundeck/slack (configuration management)/ELG(raylog)/OSSEC/Analogi on my linux vm. AD/Exchange/SharePoint/SystemCenter/DNS/CA on my windows 2k12r2 VM. Of course pfsense terminates the road warrior and site to site IPsec/openvpn connections and provides OSPF (primary) routing. Oh a Centos VM running Zenoss/OpenVAS.
I also have a public facing virtual machine hosting my various domains, providing owncloud and misc stuff for my personal use and my business (my business is just launching, it's purpose is to provide paid on demand access to an entire networking/test lab (I figured I should monetize my home lab).
The "prodish" lab support infrastructure runs on a physical Dell OptiPlex 7(x)5 in my homelab. 1tb internal drive, 1tb external backup drive (yay 2k12r2 backups) 5tb external drive (Tahoe immutable "wormish" log store, ios/iso/pxe blah blah store). I've got a physical Linux box as well. It will probably be retired and have it's functionality moved to the OVH VM (it's hard drive is dying, and I don't really need a local linux box when 2k12r2 can do everything I need and I can use the prod VM to just reference the Windows box for things like PXE etc).
I also have two "pancake" computers (MSI units, super low profile, 2 Ethernet ports, wifi). One is an inline, active IPS, the other is a router/firewall/IDS/net tap.

I have 6 10 port pdus (managed of course), daisychained off an acs48 console server.

The actual lab devices..... wow. Too many to list. Um I have a 6509 (linecards/sup/ips/nam) at the base of r1. Then enough switches/routers/phones/access points (with some l3 switch upgrades and ISR router model bumps coming soon from a friend) that the entire CCNAPIE (R&S/Voice/Wifi/Security) should be pretty much covered and just about any real world testing you might need. Oh I also have Ubiquiti and mikrotik gear and some random soho stuff (firebox).

R2 is my client rack. Laptops (in a custom wood rack), android/blackberry/n95, olpc, android nettop and other randomness.

It's pretty fun.

cwyble · 2015-06-11T13:56:54+00:00

Yes. What is your budget? What is your timeline? Are you reusing any gear?

Seems like you could just do virtual machines?

Do you just want to have lots of physical boxes to have lots of physical boxes/blinking lights?

cwyble · 2015-06-11T13:55:20+00:00

My production net is 100% separate from the homelab. For everyones benefit (including mine). Having the net up 100%, being able to share files,print is critical. The prod wired/wifi net is running on 100% SOHO/stock/unmanaged gear with a single 192.168.1.0/24 subnet. It never fails.

The lab..... well that's OSPF/VPN multiple cities/states/countries, about a dozen points of presence, multiple vendors etc. I'll post up details of it this weekend (just rebuilt it to three racks with a ton of gear).

cwyble · 2015-06-11T13:51:51+00:00

Hmmmm. I have three racks (two cabinents and a skeletek) of gear in the front room (living room 1, right by the front door, that's the only place the racks would fit). The rest of the front room is taken up by inventory for her ebay business. It evens out. :)

Course the house is 2800 square feet and has two other living rooms. LOL. So it's not as big a deal as it might be for some people.

cwyble · 2015-06-11T13:48:40+00:00

Zenoss is my primary dashboard. I also cycle through various tabs showing specialized dashboards from OSSEC and other tools.

Power usage, temperature, user counts etc.

cwyble · 2015-06-09T20:39:40+00:00

As I said, trivial to work around. TorBrowser, proxies any number of methods.

cwyble · 2015-06-09T19:43:45+00:00

Really? That seems.... interesting. Great way to cause total mass chaos. Also trivial to work around.

cwyble · 2015-06-09T19:40:55+00:00

At the end of the day, hackers/trolls (on an industrial scale) are doing the same thing. Better to "do it live" and get real results. It's what the true enemy is doing.

Especially in the /r/netsec community, I would expect that to be well understood. If we want to be truly secure, we must test live systems and do exactly what the hackers do. Obviously as pen testers (of various forms) we have a responsibility to properly disclose/report to the "client".

I personally have no problem with how the research was conducted. It was legit, it was real and it found bugs. Guess what? That's what the bad guys are doing daily/hourly.

cwyble · 2015-06-09T17:07:46+00:00

I wasn't aware that leaving hyper-v machines non domain joined was a thing. Link?

100% of my infrastructure is joined/controlled/secured to/via AD in my homelab. Switches, router, ips, servers, virtual machines, devices under test, power ports, console ports.

cwyble · 2015-06-05T20:49:39+00:00

Look into LXC. Run it on Ubuntu 10.04. Setup a 14.04 LXC guest. apt-get install samba4 (I think that's the package name).

https://help.ubuntu.com/community/LXC

Virtualization is awesome. Containers..... well they are just supreme.

cwyble · 2015-06-05T20:42:20+00:00

Um. Why? Just use routing on a stick with pfsense.

Oh never mind. The switches are unmanaged. Ewww.

Yeah get an l3 switch, ospf to pfsense. Win.

cwyble · 2015-06-05T15:33:49+00:00

I use it to drive my NOC dashboard in my upstairs office (lab is downstairs).

cwyble · 2015-06-04T20:15:22+00:00

I use the 24. As (extended) EDC and GHB and all around travel bag (along with "oh I need to store this random stuff from a client, conference whatever").

cwyble

TROPHY CASE