-
Goals for Training
Martial arts are wonderful things, but they can’t be all things to all people simultaneously. There’s simply no way that someone could train elite level athletes, military personnel, law-enforcement, and civilians in self-protection effectively at the same time with the same curriculum – the goals and requirements are just too different. The goals for the […]
-
Curriculum Layout
Connected Response (CoRe) Kenpo is a system of Kenpo developed by Master Casey Clayton based on his training under SGM Ed Parker and his accumulated experience and advanced research in Human Bio-Mechanics/Kinesiology. Overview Please Note: Master Clayton and I have been going back and forth on how things will be laid out in terms of […]
-
Understanding Your Environment
Walking into an existing environment is always *ahem* fun – especially when you’re trying to make it more manageable/secure and the previous person in charge of the environment knew just enough to get things running. Combine that fun with downtime costing the company hundreds/thousands of dollars a minute or more.
-
Role Based Access Control
Hyper-granular control of user rights is a nightmare to manage and typically results in nasty things like rights/privilege creep and makes for a lot of unknown in your environments. So what’s to be done? One thought is audit hell – track specific access by user to all resources and review very regularly – I don’t […]
-
Prevention and Detection
The basic rule of Network Security is “prevention is ideal, detection is a must” – stopping something from getting into your network is ideal, but not realistic all the time. If a nation-state level actor or another entity with a lot of resources wants to find a way into your network – it’s only a matter of time before they find a way in. Once someone finds a way in, detection comes into play.
-
Try Hack Me
I find myself debating on going after the CEH after watching some further podcasts about it – apparently it’s only good if you need a specific DoD requirement met for employment – either that or you’re really just getting started on the red team side and don’t know where to go. I recently discovered tryhackme.com […]
-
Enumeration
What types of connection does an attacker initiate during the Enumeration phase of an attack? What kinds of information are attackers looking for during this phase? How would you enumerate and prevent enumeration with: Email IDs Default Passwords SNMP Brute Forcing Active Directory DNS Zone Transfer What are protocol types and ports for for: DNS […]
-
Job Interview Tips
I had the chance to participate in a panel to help students at the local tech college get an IT job by providing the perspective of an employer – I thought I’d try to impart all of the pieces I remembered from all of the panel members (including myself).
-
BurpSuite – DC435 June ’21
Presented by Santiago Special Note: First live meetup in over a year! Setup Ubuntu 20.04 – https://ubuntu.com/download/desktop BurpSuite CE – https://portswigger.net/burp/communitydownload Docker – https://docs.docker.com/engine/install/ubuntu/ Damn Vulnerable Web App – https://dvwa.co.uk/ BurpSuite Designed for web app security assessments Default Tools: Proxy Repeater Decoder Comparer Sequencer Intruder Extender CE vs Professional – Professional has a couple of […]