This will be a multiple part post outlining my opinions of homelabs and what you should consider when building your lab. I will also include a few resources I can vouch for and have used. Furthermore, I do not claim to have all the answers and your setup/needs will be different from mine. That being said, I will start off in a general sense and narrow done as these posts go on.
If you have been to this site recently, you will have noticed that it doesn’t look the same. I have migrated from Pelican, a static site generator written in Python to Hugo, a static site generator written in Go (golang). Why? My old blog just wasn’t cutting it. The Pelican project updated and when I tried to migrate my local project from one computer to another with different versions I broke the site, which in turn went nuclear on my github repo for the project.
Many of my bigger projects have been placed on the back-burner as I have been focusing more on work, classes and spending time with my family. Although, I am not grokking down into the weeds on new technologies, I have stumbled across some nuggets worth sharing, even at the risk of sounding like a “lifestyle” blog. Infosec Think-Piece This essay has been making it’s rounds on infosec twitter however, I think it is worth reading to all those who are in infosec or are even curious about infosec/”cyber security”.
ComboSex.py is a simple Python Tool that uses a scraped word list to combine random word combinations in an effort to spark creativity. The tool was inspired by a blog post from James Altucher called “How to Make Millions with Idea Sex”. The principle is simple, combine two seemingly non-related objects to get the new hotness. Dolls + Action = G.I. Joe Space + Buddhism = Star Wars Plus, millions of other examples you could come up with.
Recently, there has been an overwhelming amount of discussion over WhatApp’s non-existent “Government backdoor”, which can easily be debunked with the following statement: If Facebook wanted to allow any government to have a back door, they own the code base, they could just code one in. You wouldn’t know it. Additionally, the end points are still soft, you have to de-crypt the message to read it, which provides a much easier attack vector.
At the end of the year, I like to do a good, bad and ugly audit to really prepare my focus for the following year. As I don’t get bent out of shape over celebrities and reality stars dying, the best way for me to see how 2016 was is to reflect by writing it all out. Once my ideas are down on paper, they come together. Furthermore, In the spirit of showing my work, here’s a breakdown of how it went for me in 2016.
Ransomware, malicious software designed to encrypt a victim’s hard drive and charge a ransom for the recovered files, has been reigning terror or organizations and users for a number of years now. The business model has always been simple, infect the user through spam e-mail or other vectors of infection (i.e. online droppers), encrypt the hard drive and hold it hostage until the user pays the ransom in Bitcoin. Rinse and repeat.
Information Security, cybersecurity or any flavor of security plus technology interest has skyrocketed and expected to grow exponentially. The reason is justified, criminals have moved into this section and been successful in exploiting victims for money then cycling those funds into developing more profitable ways to exploit targets. Furthermore, the domain of information technology provides a great return on their investment just by the scale at which these criminals can attack.