Key projects and personal growth experiences
When-I'm-Gone protocol is related to navigating the death of a loved one who happens to specialize in Information Security. I don't know if it will ever see the light of day, but think the topic is worth some thought.
Lab Network 2.0
WaryLab is under construction. Expect a blog posting or two of the trials and triumphs of lab-crafting.
Twitter vs. SMS (On-going)
I've recently been researching the merits of SMS alerts vs. online based alert service. Twitter has been a good test bed so far for honing my Python skills writing API calls for various events, however there is a lot of overhead that goes into creating the developer account and maintaining the social media account when compared to something like a SMS message. SMS is rather expensive today however since most plans require some kind of data service and are highly regulated.
Learned about: 2G, Tweepy, Python, REST APIs, Twitter account internals
COVID and a RubberDucky
Funny thing about running IT infrastructure, it takes a lot of hands-on activity in the datacenter to keep it running... even when there is a pandemic going on. I decided it was a more efficient use of my time to finally get into DuckyScript instead of hand-loading server configs for hours on dozens of new servers. I got REALLY familiar with my Ardunio IDE while flashing DuckyCode on some cheap Atmega chipset HID devices to make sure I really understood what was going on under the hood before biting the bullet and buying some nice hardware.
Learned about: USB, HID injection, DuckyScript, Embedded programming
Project Link: https://github.com/warybyte/HID-Configs
Related Link(s): https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript
I started Warybyte LLC to begin learning the business side of IT, particularly in the realm of consultants. I (again) rebranded my site but also myself somewhat, complete with an overhaul of social media, email, and platform. I'm learning how easy ideas are, but how hard it is to turn them into reality. I'm also learning the merits of small victories and focus.
"Most people overestimate what they can do in one year and underestimate what they can do in ten years" - Bill Gates
In 2019 I reached a career milestone by obtaining the ECCouncil Certified Ethical Hacker certification. It might not mean much to some in the industry today, but when I began my career the CEH was something I saw to help me along my path to becoming a REAL pentester, so it meant a lot to finally get it. If you don't set goals, you'll never achieve them.
Learned about: Tenacity, struggle, and how to set/keep goals
There are a plethora of professional associations to be apart of in the world. This is no more true than in the IT field. Most of these associations are run solely by volunteers who coordinate everything from membership to presentations. I committed to assist my local InfraGard chapter between 2018 and 2020 by serving on the membership team. From that experience I not only developed my social skills a bit but gained an inside look at the complexity of running one of these types of groups. Donations and membership dues are great, but there also need to be hands for the work.
XiphosTech was reborn as ITandME.org. I even set up my own email server, but quickly learned why so many are abandoning rolling their own email services when there are so many other options available. Blogging and work continued.
Learned about: Email...SMTP, Dovecot, Postfix, Sendmail, SPF, DMARC, the whole bit.
Portable Health Record System
Built a portable EHR/EMR system for an over-seas medical team. It consisted of a full-disk encrypted SBC with battery pack and WiFi radio and served patient forms via PHP webpages which could be accessed via the web portal by pre-configured mobile devices.
Learned about: DHCP...so much DHCP. Also WiFi and some of it's weirdness.
I wrote 'tourniquet' as a simple exercise for securing a booted laptop from a snatch-n-grab. By programming the system to routinely expect a particular USB device (a thumbdrive for example) to be in place, one could easily program a sequence of events to occur should said device be removed. My example is a thumbdrive being plugged in the laptop with a lanyard likewise attached to the users wrist. In the event the laptop was snatched away by a thief, the USB thumbdrive would dislodge, causing the computer to automatically shutdown or perform whatever other fail-safe functions the user programmed.
Learned about: cron, UUIDs, full-disk encryption
Project Link: https://github.com/warybyte/tourniquet
I managed to recertify my Security+. In addition I tried harder but did NOT achieve the OSCP. These certifactions and the training required to achieve them are so vastly different it's laughable. I did survive the OFFSEC training and labs and learned the most important lesson of all: I have SO MUCH to learn about IT.
Learned about: Kali, nc, tcpdump, theharvester, wireshark, dorking, various enumerations and exploits, fuzzing, debuggers
XiphosTech Web blog
XiphosTech was born out of a desire to really learn how the Internet works along with the content it contains. I was always facinated with web sites from a systems perspective; how files stored on one system could be displayed in a browser on a different system. I made a crude HTML page for posts, but was focused on the guts in between as well as developing the habit of sharing what I learned.
Learned about: Linux, DNS, SSL/TLS protocols, PHP, CAs, basic cloud concepts
Mineral oil Machine
Due to budget constraints I begin pushing the bounds of my hardware. This included antics like running a mini-ATX board in a fishbowl full of mineral oil to facilitate more efficent cooling and lower dust. I also learned how to refurbish and repurpose every hand-me-down computer I could salvage for free...like the girl-friends laptop which I had to bake in the oven to resolder the overheated on-board graphics card for example.
Learned about: Where the breaker box is...