Posts Tagged ‘security’

OSCP diary – week 02

Tuesday, August 9th, 2022

Or is it week 3 already? Haha, looks like I lost track already.

Finished that Perl script to get nameservers from a domain. Finally.
Not that Perl might be a particular scripting language, but…. not chomping an input breaks a loop because of an empty variable? Although the same variable holds a value as evidenced in the loop?
Can’t really say I understand this so far.

Got through the scanning basics but I’m undecided on the inclusion of Nessus in the ‘textbook’. Not checked yet whether you’re allowed to use Nessus during the exam, but I guess no. It was good to do some hands-on exercises with Nessus but if the basis of the coure is the open-source Kali Linux, then including tools like VMware Fusion and Nessus in the course materials feels somewhat …. off.

Anyway, moving on web application security now.

CISM me

Monday, February 21st, 2022

CISM done

After passing the ISACA CISM exam in January 2020 (more than 2 years ago :o), I was finally certified this month.

In other news, I’m also gathering the required work experience for CISA certification.

CISM test passed

Thursday, January 16th, 2020

Yes, I did it again. New year, new test, same result (apart from the unfortunate CKAD exam but it’s not quite over there yet because I have a free re-take)

Apparently I will receive an email confirmation with the definite result in about 10 days but I don’t think they will change the result *fingerscrossedthough*

The hurdle work experience in order to get actually certified is a different story though….

Anyway, next up are take 2 on the CKAD exam followed by CISA….

Update:
In case you are wondering: I used to CISM All-in-one guide by Peter H. Gregory and an app called ISACA CISM by pocket prep to crunch practice questions.

The series continues…. CompTIA CASP+

Friday, October 11th, 2019

I started work extra early, left early and gave it all.

It was worth it: I passed the CompTIA CASP+ (003) exam today. First try, like all the other IT exams so far.

Again, CompTIA exam. Vague on purpose so I felt terrible during the exam. Out of 80 questions I had almost half marked for review but after two out of three hours and two review rounds I handed the exam in… et foilà.

This particular exam does not give you a score, just a pass / fail result.

The beloved (dreaded) Red Hat 5 server simulation was there as well as the download simulation.

The range of difficulty of the questions is so wide…. some questions are really simple (or at least seem to be as I don’t know if I got them right or not), other questions… no clue at all about the correct answer.

Tonight it’s time to celebrate… next week Thursday I’ll take on the CKAD exam, the last one for this year. Keep your fingers crossed for me.

An awesome series continues…. CISSP exam passed

Friday, September 13th, 2019

On 20190912, I took and passed the CISSP exam after several months of preparation. Yay for me!

What about that series I mentioned? It’s becoming scary but I haven’t failed any IT exam / certification so far… MCP, LPIC, federal tests, CompTIA and now the CISSP exam. Of course I’m glad about this, but it’s getting spooky.

What was the test experience like? The checks until the actual exam starts is the most annoying part… identification, NDA, vene scan, everything twice. To some degree I can understand that, but the vene scan in top of passport checks? Hm…

One thing on the actual exam I was quite worried about is that you cannot go back to previous questions… click Next, no way to go back. So many times I did not feel particularly confident about the selected reply… but you can’t go back, so worrying about it is useless.

The other thing I was not prepared for was the questions that asked for best something / most appropriate something… practice questions were more fact-based and if anything they asked “what is the first thing to do when…” or “the last thing to do when…” – which is a different dimension from “what is the best thing to do when…” as that implies the listed possibilites could all be correct but one is ‘more’ correct and the deciding factor is not necessarily a technical factor.

Anyway, I felt quite burned out after 80 questions and was hoping that I would not have go higher than a 100 questions. Which is exactly what happened… the result is not even shown on the screen, only on the printout. I did not feel confident regarding the result so imagine my surprise.

Here’s what I used for preparation:
Linux Academy CISSP preparation course
Official CISSP Guide 3rd edition 2016
Some lectures on pluralsight.com and many practice questions on kaplan.com (linked to pluralsight)
Some lectures provided by thorteaches.com
An app called CISSP Professional with practice questions

IT Security for home users – keep your applications up to date

Friday, March 1st, 2019

Windows

ninite

My personal suggestion is ninite, to be found at https://ninite.com/

Select the applications you want to use, download the installer and run it only a daily basis – it will keep you up to date and safe(r)

MacOS

AppStore

Love it or hate it, but minor applications can easily be installed via the AppStore e.g. Line or Slack

Advantage: You will get an update notification from the AppStore if an update is available

Brew

Follow the instructions on the brew HP: https://brew.sh/

Once this is done, you can install, update or uninstall applications from the command line

Installs

brew install wget

brew cask install macvim

brew cask install gimp

brew cask install libreoffice

brew cask install quodlibet

brew cask install virtualbox

brew cask install chromium

brew cask install projectlibre

brew cask install vlc

brew cask install skype

brew cask install minikube

brew cask install firefox

brew cask install keepassx

brew cask install box-sync

Uninstall

brew cask uninstall <cask_name>

Upgrade

brew update && brew outdated && brew upgrade && brew cleanup

Which is more practical to keep safe – Windows or Ubuntu?

Thursday, February 25th, 2010

Please note: As all my other blog entries, this is just my personal opinion. It’s based on experience at work or at home. The conclusions drawn may be wrong or biased but as I said, it’s personal.

I’ve come a long way with Windows, starting with the inevitable Windows 3.11, going through 95, 98, ME, 2000, XP, a short spin with Vista and finally Windows 7. Well, who hasn’t… As soon as internet connections became more common, Window’s shortcomings in security gained immediate attention and Microsoft responded (e.g. had to respond) with Windows Updates.

IMHO, Windows Updates has also come a long way. In a certain way, it is a reflection of the increasing complexity of Windows.

In XP, Updates could be installed from the Windows Updates website. Some installed without a restart, some updates required a restart but most of the updates installed fine and the following restart didn’t take very long.

In Vista and 7 though, Updates requiring a restart execute post-installation when shutting down AND they they execute post-installation configuration when starting the OS again. The effect on the user? Bewilderment and waiting time…

Not only for a common user, also for full-time IT personnels like me it’s impossible to foretell whether an update requires a reboot or not. Often, not even the description of the update is very helpful: “This update may require a reboot” mostly means it will require a reboot. Legalese phrases were never intended for humanity, only for non-humans… The reboot requirement sometimes differ depending on the server configuration – one particular update from January 2010 required not reboot on a WSUS server but required one a DC. I’m sure there’s technical reasons for that but still….

Oh, and this is just Windows and MS Office updates! Recommended updates for 3rd software such as .pdf readers (a particular bloatware comes to mind) also cries for reboots very often.

At least there is an alternative even on Windows… Foxit Reader. And there are others: OpenOffice, Firefox, VLC, Gimp and many more. They also need to be patched but uninstallation and installation can be completed with without a reboot.

My experience with Linux and in particular Ubuntu is not that old yet but has been growing deeper ever since. I’ve toyed with Linux distros since 1996 (SuSE at that time) but often I just installed a distro, played around with it and had to revert to Windows because specific 3rd party software was not available or some devices did not work or because it was just too impractical etc. (remember, it’s my personal opinion, I’m not trying to start a flame war).

However, for two years I’ve been using Debian at work and Ubuntu at home and I’m quite happy. At work, I don’t have to worry about updates as this is take care of by somebody else. At home, I can rely on apt-get to provide the latest updates quickly. The only updates that require a reboot are kernel upgrades (and very few others but I don’t remember what type they are – SSL-related?) and even 3rd party software upgrades are included. Not all but quite some.

Based on this experience I would rather recommend installing Ubuntu if I was asked by a novice computer user. The package is more complete, the installation of updates is easier, maintenance for the average user is easier. There is still the stigma of complexity to Linux but Ubuntu has made strides in that direction – even to the level where an average user can install and use it.

My conclusion should be quite clear: Ubuntu is easier to maintain safe than any Windows version.

I would like to add the following though: Regardless of what operating system you use, if you have a internet connection it had better be a broadband connection or a lousy dial-up connection. Broadband means you can regularly install updates without waiting 3 hours for the update to download and lousy dial up means your connection is slow that you are not a target worth hacking. Nonetheless, you should install updates whenever you can to keep your PC safe.