Tools and the Tetris Effect
 I recently downloaded Parrot 1.9  to test out.  It's an alternative to Kali.  It could be interesting.

Instead of using EasyIDS, I'm looking into SmoothSec 3.4.1 in the virtual lab.  Also, the virtual lab's license key is about to expire.  I need to either crack it, find a key online, or roll back the install.

Web2Py was also downloaded this morning.  I have some limited experience ripping it apart and looking at source, but I haven't built anything with it.  My boss and one of my co-workers don't like it.  I don't have a reason not to like it yet so I'll hold off on juding it.


Using the failed authentication notifier I built last summer, I'm going to put together an automated daily training program that will randomly generate daily objectives to promote continuous learning.  The daily emails will be fired off at 6am and will include the following:

  • Something to read

  • Something to watch

  • A tool to learn, play with

  • A recon/enumeration assignment

  • A coding assignment

All of this came about when I was driving in this morning listening to the audio of a youtube video.  I became frustrated because what I was listening to is not what I'm interesting in learning and expanding upon right now.  That's when it hit me, you listen to and watch videos to either A) improve understanding of concept(s) you're unfamiliar with or B) introduce yourself to new areas you haven't explored.

There's so much media and content readily available, it comes back to the individual, and what they want to focus on.  For example, I know that I could brush up on my crypto knowledge, so I should listening to more Crypto talks and vids.  Saturation is a good thing -- to an extent.

Repetition Training
Before I head out, I'm tossing around ideas of implemetning this in SL4A, or whatever the hell it's called now.  I'd like voice rec, but starting off, I don' think it'll need it.  It'll be interesting to test, however.

#Module contains Stimulus and Syntax (S&S), lists, and procedures

[List] List 10 reliable sources for OSINT data recon when researching an individual.
[List] List 10 reliable sources for OSINT data recon when researching an organization.

[S&S] Syntax for ping sweep
[S&S] Syntax for TCP scan, & when and why to use it
[S&S] Syntax for SCTP scan & when and why to use it
[S&S] Syntax for UDP scan & when and why to use it
[S&S] Syntax for Maimon scan & when and why to use it
[S&S] Syntax for Idle scan & when and why to use it
[S&S] Syntax for ACK scan & when and why to use it
[S&S] Syntax for SYN scan & when and why to use it
[S&S] Syntax for Window scan & when and why to use it
[S&S] Syntax for FIN scan & when and why to use it
[S&S] Syntax for NULL scan & when and why to use it
[S&S] Syntax for XMAS scan & when and why to use it
[List] List 12 services to immediately scan for when assessing a new network

[Proc] Detail the steps for pivoting from a compromised machine
[List] Name 3 common vulnerabilities with exploits for OpenSSH
[List] Name 3 common vulnerabilities with exploits for Apache
[List] Name 3 common vulnerabilities with exploits for IE
[List] Name 3 common vulnerabilities with exploits for Mozilla Firefox
[List] Name 3 common vulnerabilities with exploits for Chrome
[List] Name 3 common vulnerabilities with exploits for Windows
[List] Name 3 common vulnerabilities with exploits for UbuntuServer
[List] Name 3 common vulnerabilities with exploits for any FTP package
[List] Name 3 common vulnerabilities with exploits for IIS

[S&S] Syntax for adding a user on windows
[S&S] Syntax for adding a user on linux
[S&S] Syntax for natively cycling through a file on windows (FOR loop)
[S&S] Syntax for natively cycling through a file on linux (FOR loop)

Adversarial Informatics (Revisiting the Program)
#Adversarial Informatics
I want to find the quickest, easiest way of performing these actions.  Wrap them up in something I call operationalization
and practice the hell out of them so they become second nature.

Pygame for Linux -> Kali -> PENTRN -> USB Game Controller for Penetration Testing engagements
    Shoulder buttons would allow you to cycle through techniques to map to an attack button.
A lot of experts say that to really learn how to improve your skills you need hands on training, which I agree with.
However, there's a lot to be said about the procedural nature of security work.  Yes, it's important to understand
the fundamentals of the technologies, but when you get to the point where you only want to be better and ultimately faster,
the old addage still applies; repetition is king.

The goal behind Adversarial Informatics is to devise a system that will reprogram the brain of the target to the point
where all techniques, tactics and procedures are firmly ingrained in the operatives' mind.

Adversarial Informatics students will not take the traditional route anymore.  The goal is to program them for war.
    [+] Flash Card Style:  Application to constantly review attacks and TTPs
    [+] Lab Training:  Goal-based, hands-on program
    [+] Recorded Content:  Pre-recorded or self-recorded MP3s that cover attacks, TTPs, and concepts
    [+] Syntax Matching game:  Syntax matching game that solidifies

7 Intelligences:
    Linguistic intelligence - describe the material out loud, or use question and answer format.
    Logical-mathematical intelligence - use a flowchart or diagram for the material.
    Spatial intelligence - make an image of the material.
    Musical intelligence - play background music as you learn.
    Interpersonal intelligence - teach someone else.
    Intrapersonal intelligence - ruminate on the material.
    Bodily-kinesthetic intelligence - use index cards sorted in different ways.

GOAL: "Complete Recall"


In an effort to improve and develop advanced skills quickly I propose the goal oriented approach.

#Fuzzing Engines and Optimization [ GOAL:  To improve the ability to discover new vulnerabilities ]
 [Level 1] Write a remote fuzzer for a remote FTP service.  Fuzzer should enumerate all commands, test them, track crashes, and generate a report.  (30pts)
 [Level 2] Write a fuzzer using ctypes for a local PE.  Use GHP as a guide.  Fuzzer should track data entry points and crashes.                        (75pts)

#Security Visualization [ GOAL:  To ensure security data can be made consumable in a timely fashion ]
 [Level 1] Develop a framework that will take a list of hosts and an additional column of arbitrary data and graph it in an HTML page.                 (30pts)
 [Level 2] Develop a web based UI that is interactive.  Data sources vary.  Ensure the design is scalable and supports extensibility.                  (60pts)

# Pentration Testing Techniques  [ GOAL: To ensure the skills needed to locate and enumerate potential points of entry are memorized and made second nature ]
 [Level 1] Write a script that will take an argument and search all the OSINT sites in the CIDST module by opening a new window with new tabs that show the results
 [Level 1] "Still, the skill most valuable for penetration testing is the ability to locate and enumerate potential points of entry."
 [Level 1a] Operationalize the detection, service identification, and organization of common/vulnerable network services.  Solution should ensure all data is structured and searchable.  (50pts)
 [Level 2b] Develop a solution that can maintain a collection of C&P content for organization, tracking, searchability and reporting.  (60pts)
# Post Exploitation Training  [ GOAL:  To solidify immediate actions to take upon the compromise of an asset
 [Level 1] Pop a Win10.1 box in the lab and walk through the McCray Standard Procedure (in CIDST) (10pts/walkthrough)
 [Level 2] Master the McCray Standard Procedure so the steps can be performed by second nature      (50pts)
 [Level 2] Develop and publish your own PostEx procedures for Windows, WinServer, *nix (15pts/each)
 [Level 2a] Master each specific procedure so the steps can be performed from memory and/or by second nature (50pts)
 [Level 3] Memorize Common Persistence Techniques for Windows / Unix (50pts per OS mastered)
# Exploit Development [ GOAL:  To further develop the skillset to write custom exploit code for new vulnerabilities ]
 [Level 1] Identify an exploit, interpret the code and port it to a different language.  (50pts for ported code that works)
 [Level 4] Download a beginners level Crackme and develop and exploit for one of its vulnerabilities.  (100pts)

  [+]     Components of Defending
        [-] Firewalls/ACLs
        [-] IDS Systems
        [-] WAF Systems
        [-] HIDS
        [-] Open Source Tools
  [+]   Incident Response / Digital Forensics
  [+]     Hunting / IoC Detection

(no subject)
Considering my current and socially limiting situation, I'm going to make it a point to not only blog every day, but to update my CI site every day as well.  And that is all I have to say about that.

I've got some work to do tonight.  I'm sorely behind in a lot of my work and it makes me anxious.

I just downloaded Just-Metadata-1.0.  It's command line driven so it's cool.  I'll write up a review later.


I dug up an old post from 09 detailing the only things I find intersting about security:

  •       Packet Creation

  •       Network Device Testing / Evasion

  •       Socket Programming (Python, C#)

  •       Remote Vulnerabilities

  •       Archiving Shellcode (accessibility, custom exploit libraries, custom exploits)

  •       Interworkings of DNS

  •       DNS Flaws and Vulns

  •       Python for Pentesters

That was 5 years ago.  And I have to admit, I'm rather versed in most of those categories (which justs proves the power of writing things down -- they become almost official).  My new list includes the following:

  • Developing fuzzing engines and optimization

  • Security visualization

  • Penetration testing techniques and efficiency improvement

  • Post exploitation training

  • Security Testing Labs and Environments

  • All things CLI

  • Reverse engineering

  • Malware development / Persistence techniques

The vision outweighs the acquired technical skill.  The vision is to first develop a framework/curriculum to turn offensive security into a practice akin to playing a fighting game.  I'll have to explore more of this later.

(no subject)
So... fuckin Brian K. Fite has been essentially working on my idea with his Simulating Cyber Operations paper that was released last year.  It's got some interesting tidbits in it, but the point is to develop a framework for cyber operations wargames.  Sound familiar?  Yeah, my Combat Informatics program is sorely behind -- especially because entities like Packetwars have already begun to adopt his Simulation Definition Language (SDL).

Anyway, the content that I read and listened to this morning exposed me to a variety of programs, documents, models and frameworks that attempt to define the necessary skills and curricula needed to adequately conduct adversarial operations.  Below are those I feel are worth exploring and expanding upon.

(Adversarial Informatics)  <--- I like that better that Combat Informatics

Kite's approach is to standardize cyber operations training into a language and framework that can be used to describe environments and training exercises.  His SDL consists of 9 primary object types called Primitives:

  • Node:  Any element with OSI connectivity

    • Name:

    • Host/Gateway:

    • Operating System

    • Interface Address(es)

    • Routing Table

    • ARP table

    • Listening ports

    • Optional: (Accounts, applications, artifact and services)

  • Network:  Communication path between nodes (OSI 1-3)

    • Name

    • Layer 1 (Protocol, Address, Domain [Pub/Priv/DMZ])

    • Layer 2 (Protocol, Address, Domain [Pub/Priv/DMZ])

    • Layer 3 (Port, Protocol, Address, Domain[Pub/Priv/DMZ])

    • Optional: (Routing, Capacity, ACL’s, Local/Remote flag)

  • Software:  An operating system, utility, application or service

    • Name

    • Vendor

    • Version

    • Optional:  (Dependencies, Requirements, Files, File Sizes, File Hashes, Config, Comments)

  • Artifact:  A file or credentials

    • Name:

    • Media Type

    • Artifact Type (binary, service element, identity element, informational message)

  • Constraint:  Simulation limiting shape that defines range of motion

    • Name:

    • Constraint Type: (Environmental or Capability)

  • Objective:  The relative goals of a simulation

    • Name

    • Objective Class: (Attacker, Defender, Assessment)

    • Objective Type (Intel, Compromise, Escalate Priv, Exfil, Destroy, Disrupt, Degrade, Deny, Deceive, Exploit, Influence, Protect, Detect, Restore and Respond).

    • Objective and Attestation Method (key, flag, file, shared secret, hash file, moderator observation or, demonstrate capability

  • Actor:  Human participant in an active simulation

    • Name

    • Alignment: (Attacker, Defender, Both or Neutral)

    • Actor Class

    • Role

    • Capabilities

    • Handicap

  • Process:  The workflow associated with a pre-defined simulation element

    • Name

    • Function Description

    • Function Flowchart

  • Message:  Information, data or instructions between elements

    • Name

    • Media Type (live, written/proposal, email, sms/text, file, audio or video)

Kite's paper and model uses the above layout to standardize language so scenarios can be defined for training exercises.  The example in the paper is as follows:

“Your mission is to identify your adversary’s security posture by enumerating the attack surface represented by their external network address You must submit your findings by 17:00 ET today (1 hour from now). “

This is an interesting approach.  I developed something simular in 2011 as recgnized the need for objective/goal based exercises to develop skill.  I can borrow Kite's framework to expand upon my work to design a repeatable approach to practicing in my newly built out virtual environment.


In 2006, the US Chairman of the Joint Cheifs of Staff identified 11 core capabilities that need to be developed and perfected in order for the US to "gain and maintain information superiority."  As I looked at this, I realized it was close to my DST model (minus the Surveillance and Theft aspects).  The US Joint Forces doctrine defines the following skill-based categories as areas that need to be mastered in the adversarial informatics space in order to maintain cyber operations superiority:

  • Destroy

  • Disrupt

  • Degrade

  • Deny

  • Deceive

  • Exploit

  • Influence

  • Protect

  • Detect

  • Restore

  • Respond

Finally the paper provides a list of well-known simulations that i'll be exploring in the coming days.  They are as follows:


Professional hacking is becoming a sport -- as I knew it always would.  And with that, there's an added incentive to learn... competition and employability.  IMHO, viewing hacking, and thus learning about hacking/security, as a game is the best motivation to practice and learn.  Having an interest in computer security doesn't mean you're a criminal anymore.  And striving to improve your skillset can be as appealing as sitting down to session in Tekken.

Future Blog/Topic:  Adversarial Informatics:  Exploring The Fighting Game Model

Home Lab Configuration Goals
My new virtual pentest lab is up, running, and not quiet fully configured.  At this point, policy needs to be established for all of the access control components.

The border router needs ACL's to allow traffic to the firewall (

The border router needs an Any Any egress policy (as of right now).

The firewall needs to allow TCP/80,443, and SSH from the perimeter VLAN to the into the DMZ network segment (
The only open services available to the "public" in my private network are *=(80,443,22).  Everything else is just uncivilized.

Internal network hosts need access to the web an only the web.  Internal hosts should not be able to communicate with DMZ hosts -- only vice versa.

More on this later.  Gotta run.

SSH Lulz
Transferring Binary Files via SCP (Syntax):  Using WinSCP is easy.  Memorize SCP syntax for *nix transfer.

Nmap Scanning Scripts by Profile:  Develop a series of nmap NSE scripts to perform on common services for quick enumeration and vulnerability assessment.  These blocks should be performed to identify any low hanging fruit.  As always, the quick identification of LHF and/or stupid misconfigurations should be top priority in the early stages of an engagement.

Exploit Analysis:  Perform LBL (line-by-line) analysis of the following exploits:

IIS 5.0 FTP Server (Remote System Exploit):  /home/oscp/resouce/
Seagate Central (Remote Root Exploit): /home/oscp/resources/
Sendmail (Remote Root Exploit) /platforms/linux/remote/24.c

Research: Risky IIS httpd 5.1 methods

Generic Group Attacks:  i.e.  Common attacks you can run on a variety of systems with the same services.  For example, brute forcing all discoverd SSH services with defaul credentials.  Just indexed some default creds for common services:  WinRM, VNC, Telnet, SSH, SNMP, SMB, PostgreSQL, MySQL, MSSQL, HTP, FTP, DB2.  Infact, these services should become the standard for common port enumeration and attack practice.

End of the Day Brainstorm/Rant:

The CI_Index_UI is coming along quite nicely.  It's evolution is steady although I don't use it as much as I should (or could, considering...).  I'm sure I'll be putting far more work into it in the future, if all goes well next week.  (heh).  It definitely needs to be searchable, although its structure and organization is an incredible improvement over the alpha PENTRN module I created back in 2013.  I want to make it more usable.  Cleaner and more of a one-stop-shop for all things penetration testing related.  I would be nice to have a Vulnerability/Exploit RSS ticker scrolling across the top.  It also needs a Write mode where quick additions can be added to its data repository.  I also like the idea of integrating into the console and keeping it small but subtle and tucked away at the bottom of the UI.

I'm still bouncing around in my head the ways in which I can optimize the identification of LHF and the more I think about it, the more I realize those procedures and script requirements come out of practicing and actual engagements.

The CI_Index also works well as a study guide as a lot of the content has yet to be filled in.  Having those gaps promotes research and updates to the CI resource repository.  I'll be putting in more work on the lab this weekend as well as furthering my progress into the OSCP lab environment.  As I expand upon my virtual test environment, I'll delve further into the remaining areas of the CI curriculum that have yet to be published.

Yes, more pentest theory
The act of performing a pentest is akin to developing a mind map to illustrate the relationship of items.  Only with pentesting it's to organically grow an attack path based on findings.  Pentests are not research assignments.  They are to be fast, efficient and and thorough.  In order to be fast, efficient and thorough, one has to have systems setup that encourage, if not enforce, the practice of operationalization.

OIAS (Organized, Indexed, Available, and Searchable)
To operationalize is make a task to perform a specific action asefficient and as extensible as possible while ensuring its execution can be performed in one step.  For example, maintaining a collection of exploits that work for common services and their coresponding versions can be operationalized by developing a local application that ensures all content is organized, indexed, available and searchable.  Operationalized software is never cloud based as it has to exist without the existence of a network connection.

Pentesters should always be looking for new and more efficient ways to perform essentially the same actions.  The CI-Index breaks down these essential pentest actions into these following sub-sections:

Delivery Methods:   The initial exploit.  The way in which a target is forced to perform an action (usually download a dropper from an external data store.
Secure Data Stores:  A data storage repository that can be publicly accessed.
Post-Exploitation Procedures:  Immediate actions to memorize once a system has been compromised.
      System Download Methods:   Techniques for downloading content after compromise (via shell)
      Password / Credential Acquisition:  Credential harvesting, acquisition, and cracking techniques.
      Persistence Techniques:  Techniques to add backdoors and persistence access to a system
      Removing Tracks:  Cover Your Ass (CYA) techniques to remove evidence of presence
Situational Awareness: Tools techniques and procedures for enumerating the accessed network
Lateral Movement:  Fundamental techniques for further compromising systems on the network
Sensitive Data Searching: Techniques and strategies for finding sensitive/valuable content
Exfiltration Techniques: Tools and techniques for extracting data from a network or system

Attackers and pentesters alike will always perform a variation of the above actions.  Their techniques may change but the overall actions will always remain the same.  This is why it's important to organize not only the tasks at hand, but the variety of ways each task can be performed.  Pentesting is 80% what (needs to be done) and only 20% of the how (it's performed).  The key is to understand the process enough to be able to shift between the techniques as needed.

Pentesting also includes the heavy task of maintaining not only a record of what techniques and attacks you perform, but also keeping track of ALL of the results.  During an engagement, the attack vectors, exploit potential, and tool results of the target you're assessing grow organically like a conceptual mind map.  To keep track of results and potential attack vectors I use a combination of two tools.  The first is an open source application called FreeMind that makes creating mind maps incredibly easy.  It has a nice set of keyboard shortcuts to make things fast and efficient.  Once you learn the basics of building maps, this application becomes an invaluable tool during a live engagement.  The second tool is a custom built tool called Penzoil that allows you to copy and past the raw test results of CLI tools and keep moving.  The tool categorizes the Pasting of the text and allows you to dump a C&P or search everything that's indexed.  Currently it needs to be able to export everything to a text file.  I'd also like the ability to dump useful items and artifacts using common regular expressions (i.e. Extract all IP addresses, email addresses, URI's, etc.).

I'm in the process of operationalizing the PTES framework.  I think it's a nice collection of standard practices that should at least be considered during a live engagement.  I'l be integrating the tool into the CI_Index_UI application as I continue to promote local security application development and a single pane of glass philosophy.

I'm also bouncing around some loose ideas of integrating a Vuln/Exploit aggregator into the UI as well.  It would contain:

  • RSS Feed information from the following sites:


  • A collection of common and vulnerable service variants per service and the known (and tested) exploits of those services  (because low hanging fruit should be picked!)

        FTP (TrueFTP, VSFTPd,
            HTTPd (Apache, IIS,
            SSH (OpenSSH
            VPN (Cisco,
The goal of this PENTRN component is to have a local resource that has an organized index of known (and reliable) attacks that can you execute quickly.

Finally (because I need to get to work), I'd like to mention that May 20 saw the revealing of the Beareau of Industry and Security's proposed Wassenaar rule updates.  In essence, the new rules make security research, exploit development and the sale of exploits (export) illegal.  This is a problem.  --or is it? The new report attempts to define intrusion software as software specifically designed or modified or avoid detection by monitoring tools.  It goes further and attempts to basically outlaw the practice of defeating protective counter measures of a compuer or network-capable device  --as well as identifying the modification of the "standard execution path of a program or process in order to allow the execution of externally provided instructions" as something punishable by law.

In layman's terms, the Wassenaar Arrangement proposal makes exploit code and hacking completely illegal.  I think this is fascinating as I knew this was coming.  I doubt the Wassenaar Arrangement will get passsed unless it undergoes numerous revisions, but I recognize its significance in the growing and alarming space that is global information security.

CIDST End Goal Establishments
Individual Sabotage:

  1. Identify the target's primary email address

  2. Locate  online accounts they own

  3. Perform recon on their personal lifestyle

  • Spouse, children, workplace

  • Boss, peers, partners

  • College, Uni, Military

  • Car, Address, City/Location

  1. Crack their email account

  2. Identify who they bank with

  3. Pull their tax records

  4. Identify their children's school, grade and homeroom teacher

  5. Identify their spouses parents, address, and thier email addresses respectively

HHM Model ( Hassles | Headaches | Misery )
The following end-goals can be classified as hassles, headaches or misery when targeting an individual.  Remember, we don't do anything in the physical world.  No vandalism, no TPing, no tire slashing... unless...well... yeah, that shit's kinda fun.

  • Phone Sabotage

  • Child Porn on PC/Phone

  • Social media account compromise

  • Infidelity Sabotage

  • Traffic Tickets

  • Taxes

  • Financial / Economic Assults

  • Reputation Assualts

  • Rape Allegations

Common Post-Ex List Collection (CPLC)
The following are post-exploitation goals: or what to do with a compromised machine:

Web Server

    • Phishing Site

    • Malware Download Sie

    • Piracy / Warez Server

    • Child Porn Server

    • Spam Site

    Email Attacks

    • WebMail Spam Server

    • Standard Abroad Spam Server

    • Harvesting Email Contacts

    • Access to Corporate Email

    Virtual Goods

    • Online Gaming Characters

    • Online Gaming Goods

    • Game Licence Keys

    • OS License Keys

    Reputation Hijacking

    • Facebook

    • Twitter

    • LinkedIn

    • Google+

    Bot Activity

    • Spam Zombie

    • DDoS Extortion Zombie

    • ClickFraud Zombie

    • AnonProxy

    • CAPTCHA Solver


    • Ebay / Paypal Fake Auctions

    • Online Gaming Creds

    • FTP Credentials

    • Skype/Voip Creds

    • Client Side Encryption Creds

    Finac Credentials

    • Bank Account Data

    • Credit Card Data

    • Stock Trading Account

    • Mutual Fund / 401k Account

    Hostage Attacks

    • Fake AV

    • Ransomeware

    • Email Account Ransom

    • Webcam Image Extortion

    The purpose of the categories and the lists above is to supply a collection of end-goals that drive the motivation of CI engagements and activities.  Using the DST (Destruction | Surveillance | Theft) model, the Common Postex List can be used to define an end-goal for active engagements.  Combat Informatics is not specifically focused on the technical aspects of security or pentesting.  It is to define a mind map and mental model for performing offensive techniques in order to achieve a specifical goal.  Without goals, what's the point of continuously expanding upon your skillset?

    (no subject)
    Optimizing Python (may be worth the read)

    I've been working on something big for the last couple of months.  When everything changed back in January, I had to shake things up a bit in order to come out unscathed.  March 6th brought what would become a saving grace as well as a slight disappointment.  Truth be told, I was never that excited about that soggy opportunity, I just wanted out -- or something drastically different.  I found it interesting that only one person at my previous place of work asked me why I was leaving for my current state of slavery if I was looking to migrate to the land of wet emeralds anyway.  I deflected that question as I naturally do when an answer isn't necessary and looked around suspiciously.  I'm on a sentimental journey; chasing an ideal, not a job or a new city to reside.

    What's coming is an opportunity to live like I want to live.  It's a chance to dedicate myself to my tradecraft and improve my skillset beyond anything I might be able to achieve without having the chance to do it all the time.  I've been working torward this since I got my first degree in 2006.  It's what I've always wanted as it speaks to the sporatic, seemingly random lifestyle that I naturally lead.

    I'm not compatible with the 9-5 model.  My creative juices and ability to perform and produce good work does not happen on a schedule.  I'm practically braindead in the mornings, which is why I either read blogs and news stories or just contribute to my own.  I'm not a morning person and I think it's ridiculous to think that creative minds like myself can come into an office at 9am (heaven forbid anytime earlier) and actually get right to work.  One of the guys I now work with is like that, but he's a fucking robot.  I asked him what he works on in his spare time or if he's got side projects going and he looks at me like I'm crazy.  It was then that I deduced that he's simply a programmer.  He comes into work, gets as much done as he can and goes home to his wife.  I respect that, but I realize that I'm the exact opposite.

    As I told one of my friends the other day, it's not a job I'm chasing, it's a lifestyle.  It's the free reign to hack as I please, when I please, where I please and shed the shackles of modern workforce 9-5 slavery.  When everyone I know is just trying to get a good job so they can keep their head above water, I'm over here playing legos with potential employers in the valley.  I feel privileged to have developed the skillset I have that grants me the ability to find work within a week.  And with that, I've bounced around until something great came along.

    So as I forray into the world of becoming a bonofide professional pentester, I realize that there are a few things I need to do:

    1. Finish setting up my new lab in my office.  I need to find some Server 2012 ISO's so I can set up the AD environment.

    2. Upgrade the fan in my T41 and reinstall BT5.  I miss that stupid machine.  It's either that or just buy a new one, which is what I should have done in the first place instead of trying to go all hardware tinkerer on my shit.  (I never understood how dudes are fascinated with hardware.  It seems so limited).

    3. Enumerate, download and stand up a variety of vulnerable systems for testing and practice.  I should also be designing the CIDST framework around those vulnerable targets and finishing the core TTPs for the program.

    4. Continue refining common attacks and attack vectors as well as postex procedures.

    More on this later. 


    Log in