This Isn't a Lifestyle Blog but These are Awesome

I've been busy with life but here are some morsels I've discovered
thoughts infosec

Many of my bigger projects have been placed on the back-burner as I have been focusing more on work, classes and spending time with my family. Although, I am not grokking down into the weeds on new technologies, I have stumbled across some nuggets worth sharing, even at the risk of sounding like a “lifestyle” blog.

Infosec Think-Piece

This essay has been making it’s rounds on infosec twitter however, I think it is worth reading to all those who are in infosec or are even curious about infosec/”cyber security”. Personally, I see both sides of the argument but lean more to the Author’s same conclusion. We need terms like “kill-chain” to speak to those who control the money but doesn’t understand the security part of it. Plus it sounds scary and people will pay to feel protected. On the other hand, the author is absolutely right, in that the real process is more like a tangled mess. Also, how does one stop the attacker from weaponizing an exploit? Sounds like a job for Cyber-Jesus!

Tools - Programming

Visual Studio Code - open source, cross-platform text editor from Microsoft that is lightweight and has plugins for every language I use.

Visual Studio Community - IDE from Microsoft that is used for the .NET stack.

Backstory: Usually I am a unix fanboy, however, I will publicly say I am sorry Microsoft for bashing you all these years and thanks for these awesome tools. Code has replaced Atom, which replaced Sublime Text as my default code editor. I am old school and usually don’t like to use IDE’s at all. For python, I like IDLE and a solid text editor. Go (Golang) is just a text editor and the terminal window. I know Pycharm and Gogland are great, I just like the simplicity. With that being said, I have been assigned some C# workload and the Visual Studio Community 2017 IDE has made me change my stance on IDE’s for .NET. It’s easy to use and extremely helpful. I see why it is the gold standard for IDEs.

Tools - Infosec

Log-MD - As a some-what normal listener of the Brakeing Down Security podcast, I hear Mr. Boettcher talk about Log-MD as he helped develop it and uses it for his own Malware research. One day, while messing around, trying to do a quick triage/analysis of some suspected malware, I noticed Log-MD free edition was installed on the sand-box machine. So after I detonated the malware, I fired up Log-MD, after reading the help page of course, and was surprised at how fast it is to gather IOC’s to further hunt on the domain. The large registry key option with .csv files is an extremely useful feature I haven’t seen in other tools.

NOTE - I have not messed with the professional version of this product, however with the features added, I would say if you look at malware quite often, I would consider dropping the cash for this amazing tool

Life Pro Tip - Free Lynda Training ….maybe at your public library. I understand everywhere does not have the same luxury of a great public library system as I do, so take this with a grain of salt. However, as a regular patron of my public library system, I was always aware of the great books you can borrow for free, like most libraries, but what I didn’t know was online training has a library subscription plan that most larger library systems take advantage of. So should you.

Life Pro Tip - Finding Programming Projects to Contribute

One complaint people often state when trying to learn to code or check the imaginary “contribute to open source” box on resumes is they don’t know where to look. The common answer is usually a mixture of “Github, Noob!” or “contribute to something you use often”. I know, useless advice. To really find an open source project to contribute to, type this in your Google search bar:

Github Awesome <insert programming language here> 

And press enter.

Almost every major programming language has a repo for a curated list of projects using that language. So check that out and/or this subreddit and get to coding.

I have some projects planned in which I will be updating soon, along with finishing the kivy portion of but for now, these are on hold.

As always, thanks for reading, don’t worry, be hacky.

Josh Stepp

ICS Primer

My attempt to give an executive view of the ICS environment
ICS infosec thoughts

Malicious Document Crash Course Part 2: Macros, APTs and OLE!

Dumping and Understanding Macros from an APT OLE2 Document
tutorial infosec malware analysis

Reverse Engineering Resources for 2019

Some RE resources for beginners
malware analysis infosec thoughts