Tuesday, May 3, 2016


As an aspiring security expert, there are many blogs, podcasts, articles, and tutorials for learning anything and everything from a technical perspective on security.

There are also many professional development resources that might be ignored by the security community or simply not relevant to our field.

I am going to combine our desire for highly technical learning and help us conquer one of our biggest problems: professional development. In my experience this is also phrased as, "helping management understand", "convincing C-level execs to spend money on security", "Ugh, my boss is such an idiot he doesn't understand how security works."

So for my first post, I'm going to give you three professional development tips and three technical bits of information.

Professional Development:
  1. 95% of the time it's better to hold your tongue and say nothing. The other 5% of the time it's best to hold your tongue, sleep on your response, and form your response in a constructive, supportive, problem-solving manner. If you want to convince managers to like you, support you, and provide you with what you need then you need to help them to help you. You don't have to be best friends with your management but, having a positive working relationship will make every one's life easier.
  2. Invest in yourself. Whether this means training on a new technology, a vacation to reduce stress, or going back to school to advance your current skills and/or gain new ones. Most companies offer opportunities to do this. Go for it! Take advantage of these opportunities to become the best incident handler, technical manager, penetration tester, security engineer, etc that your company has. Professional development is not all about improving your soft skills.
  3. I know I just said it's not all about improving your soft skills but, it is ALWAYS beneficial to work on your soft skills. Always. Better writing, better speaking, better conflict resolution, better change management, etc. Any highly respected individual has a great aptitude in these areas and knows how to use them to solve problems. Business is all about solving problems and if you can't communicate your solutions, no matter how great they are, they will never be implemented. 
Technical Bits:
  1. If you're sick of seeing tons of errors while typing commands on the linux command line redirect STDERR to a file or my favorite, /dev/null. So after you type your command: ping -c 3 777.777.777.777, append 2> /dev/null if you never want to see or recover your errors. Otherwise, write 2>error.txt. It will look like this: ping -c 3 777.777.777.777 2>/dev/null or ping -c 3 777.777.777.777 2>errors.txt. If you chose to redirect STDERR to errors.txt, you can cat errors.txt and you will see the following error message, ping: unknown host 777.777.777.777. I often use this to eliminate errors while I am grep-ing for a file in a file system so I only see my findings and not all the errors about directories I cannot access. 
  2. In my opinion, there is one best way of listing files in a directory on linux: ls -halt <directory> (If no directory is specified then it will list the current directory you are in. If you don't know where you are run pwd). Each of these flags has an important use but it's also very easy to remember 'halt'. -h renders the sizes of the files in a human readable format, such as 23KB or 4GB instead of 2342523 Bytes. -a lists all the files including the current directory . and the next level up directory .. (you can use -A to not show those but I never remember that when i'm actually running the command). -l prints the results in the 'long listing' format. The difference is quite dramatic so I recommend the reader run both ls -hat and ls -halt to see the differences but in short, one shows you all the files and one shows you all the files with all of their metadata. Lastly, the -t command orders the files by modification time with newest first. This can be really helpful from an incident handling perspective to see which files have been modified recently by malware, a malicious user, or a guilty employee trying to cover their tracks. 
  3. The most simple way to make a backdoor in any system is using netcat! This tool is invaluable for security experts and whether you believe you know it well or not, go read about it again. In fact, I am as soon as I finish writing this post. nc -nvlp <port> . That is how you make a backdoor in any system. -n removes dns lookups so you just need the ip address to reconnect. -v is verbose, depending on the security posture and what your intentions are for setting up the back door use this flag to fit your needs. -l is to listen (which is why you don't specificy an IP address in this command). -p is for the port. Now, the downside is that anyone who finds this port can simply connect and will have a shell as whatever user ran the 'nc' command. On the upside, this tool is very versatile and you will use it for the rest of your security career so you might as well get really, really comfortable with it. 
I hope you guys enjoyed my first post, I will be making them as often as I can and feel free to reach out to me with suggestions or comments on my blog. I make no guarantees to anything but, I consider myself a reasonable person. I also should mention that my thoughts, comments, opinions are my own and do not represent any companies I work for, associate with, or are certified by. We are starting a new era of highly professional, highly technical security experts. 

No comments:

Post a Comment