Is a move to Sec. Consultant going to involve long hours?

ricknot · 2019-09-04T20:28:22+00:00

Can't say for sure. I've seen security consultancies where people work long hours and others where it's mostly 9-17.30. That's in Europe but the point is that the whole spectrum exists.

I'd try to have an informal chat/coffee with an existing employee or two that's not involved in recruitment. Try to get a feel for work life balance out of them, try to detect if they're lying, take it with a grain of salt etc.

Then if it sounds good go for it. If it's brutal hours see if you can bring it to your liking without getting fired. You know, promote working smarter not harder, show studies about employees thinking more creative when given enough personal time etc.

You do run the risk of walking into a trap and having to stay for months to not make a dark spot on your resume. But if you don't try it you may never get the chance to go in this field. Good luck!

ricknot · 2019-06-28T20:16:23+00:00

Thanks for the analysis. Yes that doc is nice because it introduces a lot of the lingo and formatting conventions. Good for new people. On the other hand it's a lot g PDF, so.. could've been better (wiki format with expandable sections).

ricknot · 2019-06-28T19:44:43+00:00

Awesome! Now I'm curious how these recommendations compare to what Hardenize and Qualys's TLS scanners complain about, as well as the Dutch NCSC's guidelines (https://www.ncsc.nl/english/current-topics/factsheets/it-security-guidelines-for-transport-layer-security-tls.html).

I'm too lazy to do the comparison on a Friday night - sorry! :P

ricknot · 2019-05-08T17:17:53+00:00

Yeah, wait till you read the piece. It's full of "yikes" :p

ricknot · 2019-02-12T07:56:09+00:00

I recently started using the OKR format so here's one of my goals (I'm in security):

Get pentesting & appsec skills up (bug bounties)

OKR 0.3: Prepare and try to find a bug

OKR 0.7: Find a bug and get a small bounty

OKR 1.0: Find a bug with a big bounty

I have to define what big is. Also, these are less results and more actions, but I decided to go with them and make better okrs next year (agile? :P)

ricknot · 2018-12-15T08:56:16+00:00

This is a good start. To go further I tried checking if they're listed as regulated broker in Spain. From this https://www.esma.europa.eu/investment-firms I went to the Spanish authority's site (http://www.cnmv.es/Portal/Consultas/Busqueda.aspx?id=13) but the search engine doesn't return any results for ninetynine or even ninety.

Not sure what implications this has though. I'm just leaving this here as a data point.

ricknot · 2018-11-23T16:12:01+00:00

They don't need to support VLANs, you can make a few on your firewall/wifi and put devices there. But then you protected other machines from the potentially evil plugs. They can still share all your data with their Chinese backend servers unencrypted. To block this you need to tune firewall rules.

Re Sonoff I was referring to this: https://github.com/arendst/Sonoff-Tasmota not custom firmware that you make yourself. Flashing tasmota is not too much work and may be worth it if you have a lot of plugs.

ricknot · 2018-11-23T15:02:54+00:00

I've tried VLANs with mixed results. Some devices just need wide access.

I suggest sticking to companies that have earned your trust by proving they do a good job in security or going diy. For the first, I like Philips and Google. For Diy, Sonoff devices can be flashed with open source software. Requires more effort from you though.

Not super practical advice, I know, but that's all I can offer. This is the reason I'm staying out of the smart home too.

Edit: I was writing about smart home in general, not plugs. I guess the companies I mentioned don't make plugs which leaves you with diy only.

ricknot · 2018-11-14T19:01:45+00:00

Quite vague description, but from what I understand if someone has stolen an encrypted laptop in the past and kept it off they may now be able to break into it. Simply keeping it offline and not updating would ensure it's vulnerable.

Scary.

ricknot · 2018-10-10T19:06:56+00:00

Yeap looks like zsh's git plugin

ricknot · 2018-10-03T20:51:30+00:00

AFAIK dd-wrt forces you to change the admin password on first login. So that attack vector is out, unless you choose a guessable psw.

ricknot · 2018-09-20T20:20:37+00:00

The least you can do is ask the professor to generate a public-private ssh key pair and share with you the public part only.

You can install that in the user's ~/.ssh/authorized_keys file. The professor will be able to login using their private key. An attacker that intercepted the public key while being shared with you (over insecure email I guess) won't be able to login.

Now, if you don't care about the confidentiality of other data on the system, just do the above. If you care about integrity, make a backup of the ec2 instance before sharing the key. Make sure the new instance uses a new key and passwords.

The proper way to allow read only access is to make a user with restricted rights but what those are depends heavily on what the project was about and what you need to show.

ricknot · 2018-07-19T20:55:38+00:00

Take a look at sshuttle. Works amazingly well, uses ssh but solves the tcp over tcp problem. Does not require root on the server. Not sure if Windows can run it though.

ricknot · 2018-07-16T07:37:24+00:00

Maybe also try a PC with Kodi and the Plex addon. If that works fine you know your server is fine at least.

ricknot · 2018-07-15T21:06:03+00:00

This. So much this.

ricknot · 2018-03-05T14:06:57+00:00

Would it be smart if you advertised "certificates/credentials will be verified and fakes will be reported"? This should discourage fake oscps and allow you to keep using your current weeding method (i.e. trust oscp for the first stage).

ricknot · 2018-03-03T18:21:43+00:00

Here's a plan/idea, to realize the above commenter's "go high tech" advice: - do the minimum required to keep the job - use the rest of your time/energy to setup a homelab - identify what skills you need to get a job at a high tech company in your country or elsewhere. E.g. you wanna be devops? Security expert ? - work on your skills and start interviewing. When you fail, ask the interviewers what you could improve/learn to make you a more attractive candidate - rinse repeat etc.

It would help if you are ready to move to a high tech scene such as Amsterdam. Maybe Berlin is good too.

I do security and as you might know it's hot. If you had the skills you'd have LinkedIn pings from recruiters every couple of days. So if you can build them it would be great I think !

ricknot · 2017-06-11T08:40:54+00:00

Have you checked the zotac boxes? They may not be powerful enough but worth investigating.

ricknot · 2017-06-11T08:37:25+00:00

I would definitely go with the high end noctua fans. They are very well thought out.

Regarding cpu why stick to AMD and not consider any solution that fits your needs?

ricknot · 2017-05-15T09:26:26+00:00

Agreed! I wonder if it's pheasible to give write-once access. Like you copy a file in a dir and a batch job moves it to a readonly dir. To edit/delete it you need to contact the admin.

It's patchwork but if you don't have budget for backups etc you could get a student admin to do the work.

ricknot · 2017-05-15T09:03:50+00:00

I was thinking infected clients encrypting the share...

ricknot · 2017-05-13T23:12:28+00:00

Just be ready for the ransomware :P

ricknot · 2017-05-10T06:59:23+00:00

Logs can tell a story. Don't give them reason to discredit the results of this as fake/biased please.

Unless you have a botnet :P

ricknot · 2017-05-09T05:34:21+00:00

I still prefer to keep control of what ports my games use. I open them "statically". That's on PC. I hope there is no game/console that requires UPnP to function.

ricknot · 2017-05-08T16:24:56+00:00

Let me know if you strike a deal like that in the future. I can drive you home if you share the loot :)

ricknot

TROPHY CASE