October 20, 2022
Three common methods to connect to a private network include
VPN Third-party services that proxy connections. Bastion hosts Bastion hosts offer simplicity and a small attack surface.
The purpose of the bastion host is to have a jump host into your home lab and personal networks. Many developer tools have capabilities that work with bastion hosts to limit the inefficiency of having to actually jump from one host to another.
...
September 7, 2022
In the last week of August 2015 I drove my KTM 990 Adventure from San Francisco, California to Yukon and Alaska solo. I stopped in Stewart British Columbia, Haines Alaska, continued to Whitehorse and Dalton Yukon, and crossed the border at Poker Creek. I detoured, backtracked, and discovered. Adding to the adventure, I sustained some minor front suspension system damage, froze my tail off, and met some incredible people. On part of the return trip, I opted for the Alaska Marine Highway.
...
August 30, 2022
Hiring # Hire for Curiosity # Expand your candidate list from experienced researchers to experienced engineers that have strong curiosity. Software engineers often have a background that the most experienced researchers do not; how are applications deployed at scale and how systems communicate.
These engineers know that critical credentials are stored in terraform state files and nuances, like instances in your private subnet may be able to communicate externally with a c2 over IPv6 without a NAT gateway.
...
August 25, 2022
This post continues from “Threat intel databases, part one”. For simplicity, mentions of threat intel can be considered to include geolocation data.
Threat Intel Acquisition # Day 0
Flat files versus the world. Day 0, your focus should be flat files. Streaming and API-based feeds can wait. Flat files provide the most lift for the effort applied. This assumes that well-known sources such as abuse.ch, PAAS mappings1, and customer submitted threat intel / trusted entities are important.
...
August 22, 2022
Intro # Three types of content I manage are threat intel, geolocation, and honeypot observations.
Threat Intel is an opinion on an entity. Often that entity is a file hash, IP address, or domain that is associated with malware.
Geolocation is location information associated with an IP address. For example, an IP associated with cloud providers like AWS and Alibaba, ASN’s, or countries, states and cities. The main data differentiator of geolocation data from threat intel is how the data is queried.
...
August 17, 2022
Tuesday, I was walking on the beach with a friend. We were watching surfers, having a fun conversation and just a great time. A gentleman in board shorts and a rash guard approached and politely interrupted. He asked, “Hey - you guys want to learn to surf?”.
The question made sense for the area not only from the existence of the surfers but also the numerous surfing schools. There was a bit of a language barrier, but I was able to inquire which school was his.
...
August 11, 2022
My cell phone receives what I consider to be an excessive amount of unsolicited text messages. Between January 1 and August 10, 2022, it received 76 unsolicited messages or 1 message every 2.9 days.
Number of unsolicited text messages per day since Jan 1, 2022
Types of messages and how I respond # Banking fraud # When I receive a text message with a URL that is likely banking fraud, I do the following
...
July 7, 2022
Honeypot Configuration # Honeypot observations are from five AWS regions. The observations cover ~one week within June 2022.
Region Code Region Name sa-east-1 South America (São Paulo) ap-northeast-2 Asia Pacific (Seoul) ap-south-1 Asia Pacific (Mumbai) eu-west-3 Europe (Paris) us-east-2 US East (Ohio) Honeypot hosts have two observation components
the service listener feedback mechanism for port activity with no defined listener Service listener configurations cover IPv4, IPv6 and TCP, UDP.
...
March 12, 2022
Image created using midjourney.
You can reach me on LinkedIn
My main goals for writing are
improving my writing self rubber ducky debugging work to flesh out ideas Personal accomplishments
Been to the northernmost and southernmost Waffle House’s in the United States Rode my motorcycle from San Francisco to Alaska and back Restoring and refitting a 40-year-old sailboat Sailed to the Bahamas Mastered a French roast Currently
...