Researcher. Builder. Hacker. Traveler.
I wrote Bad Actors this weekend to automatically generate a list of known bad IP addresses. My plan is to use it to do data mining with against my ELK stack but It might also be handy for firewall and IPS rules or any other use you could come up with.
I had a friend recently tell me about how he was using a tool called rPlay to airplay his apple devices through his raspberry pi. As a guy who is always looking to save $67 I decided to give it a try.
After configuring it I couldn’t get it to work and after some investigation I found an error message that rplay couldn’t connect to test.vmlite.com on port 9080. Since I practice egress filtering on my home network I wasn’t surprised that it didn’t work.
After a network reconfiguration I was now rPalying to my office TV. I was actually impressed by how well it worked.
I was also running tcpdump port 9080 -i eth0 -w 9080.pcap at the same time to see what was so important that my raspberry pi had to talk to test.vmlite.com.
Come to find out it was so that it could do this:
According to the Unofficial AirPlay Protocol Specification rPlay is basically forwarding everything you do while using rPlay to a server running off a residential DSL line in California.
I would suggest if you need to airplay you stop using rPlay and do yourself a favor and spend the $67 on an Apple TV.
How Do You Handle Challenges?
We have all been asked that question during a job interview and went on to talk lie about how much we love new challenges and how well equipped we are to handle them.
Most people hate challenges. We strive for easy, stable and guaranteed results. Challenges are hard, unpredictable and always have a chance of failure.
Here is a quote from Muhammad Ali that I have been thinking about recently:
It’s lack of faith that makes people afraid of meeting challenges, and I believe in myself.
-Muhammad Ali
If you want to be successful everyday you have to look for new challenges and accept them.
You also have to be willing to fail and failing hurts.
Are you ready to accept new challenges or are you just going to keep playing it safe until your next interview?
I had the chance this week to speak at the 44CON Cyber Security conference on communication skills.
One of the take aways from my talk is that security professionals should always think CISSP when they are communicating. Not this CISSP (which is great) but they should think this CISSP when the communicate:
Clear
The single biggest problem in communication is the illusion that it has taken place.
– George Bernard Shaw
How many times have you thought you communicated something clearly only to see it blow up in your face because the words you said and the words they heard weren’t the same.
Making sure your communication is clear is on the most valuable communication skills you can work on.
Informative
The more informative your communication is the more persuasive it will be. It is why I am a big fan of the PoC||GTFO concept. You will be amazed at how fast you can get things moving if you can show someone a proof of concept of a bug.
Simple
sim·ple
ˈsimpəl
adjective
easily understood or done; presenting no difficulty.
When you communicate do you make sure you have done all the calculus of the problem and left the easiest problem available?
Succinct
I was talking to a marketing professional a few weeks ago and he average executive reads the first 3 lines of an email. If you are sending the CIO a 3000 word email on a XSS bug you found you have wasted 2900 words.
Passionate
“I have no special talents. I am only passionately curious.” -Albert Einstein
“You have to be burning with an idea, or a problem, or a wrong that you want to right. If you’re not passionate enough from the start, you’ll never stick it out.” ― Steve Jobs
If you make sure your communication is clear, informative, simple, succinct and passionate you will be amazed t home many more doors will be opened for you.
I had lunch with a mentor last week and he closed lunch with this thought and it has been stuck in my head ever since:
There are two choices you are constantly making in your life, you either change things or accept them.
We make that choice hundreds of times a day and most of the time we don’t even realize it.
Do I pick up my sons toys out of the living room or do I accept the mess?
Do I help the lady with a flat tire or do I accept it so I can get to work on time?
Do I say something about a problem at work or do I accept it so I dont make waves?
Do I volunteer in my community or do I accept it as is?
The truth is anytime you notice something that you want to change and don’t you have accepted it. We all have excuses on why we don’t try to change things and I have tried all the mental gymnastics to disprove his quote but I cant.
Ever year on my birthday I always like to take an hour and write down some of the lessons I learned and quotes that have inspired and motived me over the year.
Here are some of my favorite from this year:
The only real things that matter in life are attitude and perspective. The same thing can happen to multiple people but it’s each of their attitude and perspective that changes the impact, effect and aftermath.
I try to think about this everyday and make sure I have proper perspective on things going on around me.
Expectations kill gratitude.
This is a humbling thought when you apply it to your interactions with people you deal with every day.
Everyone won’t like me.
It took me a long time to be comfortable with this. It doesn’t however mean that I shouldn’t try to like love everyone.
I’ll do whatever it takes to win games, whether it’s sitting on a bench waving a towel, handing a cup of water to a teammate, or hitting the game-winning shot. – Kobe Bryant
Everyone wants to hit the game-winning shot but how many of us can be content sitting on the bench if that is what is best for the team?
Younger people tend to see things in black and white. Experience lets you see the grey.
<Insert ‘50 Shades of Grey’ Joke Here>
Not everyone will appreciate or notice all your efforts.
If it needs to be done you should just do it anyway.
If you can’t explain your position clearly in simple language, you probably don’t understand it yourself.
but…um…you know…security….cyber…hacking…trust me.
“Nobody ever planned to be broke, fat, lazy, or stupid. Those things are what happen when you don’t have a plan.” -Larry Winget
Planning has been a big part of this year for me.
Don’t ever make someone feel insignificant or inadequate.
This is a lot harder than it sounds.
Find something you’re passionate about and become really, really good at it.
I found what I am passionate about…. I am working on the second part.
Life throws curve balls. If you never learn how to hit one you will end up looking foolish.
“Sometimes life hits you in the head with a brick. Don’t lose faith.” – Steve Jobs
I <3 Steve Jobs.
After reading a few stories like this “Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists” that didnt include instructions on how to remove them yourself I wrote a quick and ugly bash script that automatically removes the CNNIC and the China Internet Network Information Center EV Certificates Root certificates from OSX.
Use it at your own risk. I am a terrible script writer and this may install Windows 98.
(Inserting code snippets on to my blog is ridiculously complex. I have to fix that.)
I heard an amazing TED Talk on the way to work today and information was too good to not share.
Here are 5 guaranteed ways to kill your dreams:
Believe in overnight success.
No one becomes successful over night. We have been trained as a society to devalue work ethic and think that all success is instant.
Believe someone else has the answers for you.
Your family, your friends and your business partners all have opinions on what you should do but their opinions are always tainted with their own self interest.
Believe that when growth is guaranteed, you should settle down.
Great dreams don’t have endings they just have chapter breaks.
Believe the fault is someone else’s.
If you have dreams it is your responsibility to make them happen.
Believe that only the goals themselves matter.
Life is never about the goals themselves. Life is about the journey. The only way to really achieve all of your dreams is to fully enjoy every step of your journey.
What is your time worth?
That is the question that started my lunch with a mentor last week. I thought for a second and did some quick math and then pulled $300 an hour number out of the air. He laughed and gave me these two quotes:
The price of anything is the amount of life you exchange for it.
– Henry David Thoreau
“My favorite things in life don’t cost any money. It’s really clear that the most precious resource we all have is time.”
– Steve Jobs
He went on to explain “If You Can’t Measure It, You Can’t Improve It“ (a running topic in our conversations). So I sat down this weekend to figure out what my time is worth.
With the help of this life expectancy calculator I found out that I have 47 years of life left. Using a date duration calculator that is 17,176 days (or 412,244 hours). That makes every hour 0.0002% of my life.
So here are some basic break downs:
Work:
A 40 hour work week is .008% of my life.
A work year is .416% of my life.
A 5 day business trip is .024% of my life.
20 more years of work is 8.320% of my life.
Sleep:
9 hours of sleep is 0.001% of my life.
A year of sleep is 0.655% of my life.
Sleep will take up 30.790% of the rest of my life.
Miscellaneous:
Watching a season of a TV show would be 0.005% of my life.
Watching 10 football games a year would 0.006% of my life.
Hitting the gym 5 hours a week would be 0.047% of my life.
Taking my son to swim lessons would be 0.020% of my life.
The numbers are interesting but the more important lesson for me is to realize and treat my time like a valuable non-renewable commodity. I need to give it freely to my family and friends while using it wisely for professional purposes and guarding it from time sinks.
What is your time worth?