I don't usually write much about Security and Hacking, but I will need to do a little bit of that because that is what I have been working on lately.
I went to the RSA show a couple years ago and that bootstrapped my involvement in security. The Dispersive DVN, after all, is all about Security. We have had a number of people come in and Pen Test the networks, and I have read those reports. Recently, as part of Research, once I finished Orchestration, they asked me if I would bolster my skills in this area and do some internal pen testing of our network. This is a big undertaking, to say the least.
I started with a book called Hacking (2nd Edition), The Art of Exploitation, by Jon Erickson. This book is not for the script kiddies. It uses practical Assembler and C examples on a (dated) version of Ubuntu that you compile and run as part of going through the book. I have gone through the entire book, page by page. I've learned some very interesting things from this book. Where I kind of got lost was in the ShellCode sections - which is essentially the one key point that separates the port scanners and tire kickers from the guys who know how to actually exploit and break into networks and systems. I will need to go through this book, and these sections, probably iteratively to actually master the skills presented in this book.
I've built a "Pen Testing" station - on an Ubuntu VM and this VM is essentially my "attack plane" for the OpenStack network. It sits outside the OpenStack networks but can route to all of the networks inside OpenStack via the OpenStack router.
So far, I have run a series of half-open port scans and documented all of the ports I've been finding open on various network elements.
It appears that someone in a Load Testing group is trying to lasso me out of research and "make" me join this load testing team, which will make this an extracurricular effort if they succeed in doing this.
Intelligence = Applied Curiosity with a coefficient of how fast that curiosity is applied and satisfied.
Subscribe to:
Post Comments (Atom)
Zabbix to BigPanda Webhook Integration
Background BigPanda has made its way into the organization. I wasn't sure at first why, given that there's no shortage of Network Mo...
-
After finishing up my last project, I was asked to reverse engineer a bunch of work a departing developer had done on Kubernetes. Immediat...
-
Initially, I started to follow some instructions on installing Kubernetes that someone sent to me in an email. I had trouble with those, s...
-
On this post, I wanted to remark about a package called etcd. In most installation documents for Kubernetes, these documents tend to abstr...
No comments:
Post a Comment