Son Of Sun Tzu

To content | To menu | To search

Tag - dc4420

Entries feed - Comments feed

Monday 2 July 2018

Lessons from the Legion - references from my presentations at Snoopcon and DC4420

Further to my presentations at Snoopcon and DC4420, please find a list of the most relevant references.

I'm flattered by the interest I've received, if my ideas had coalesced sooner, and I'd have expected such a response, I would have done this in advance. Thank you for your patience.

I've categorised references by type, kind of, I figure that's the easiest way for people to navigate this. Constructive feedback always welcome.

Books:

"Bullshit Jobs" is by David Graeber, there's a description here https://www.penguin.co.uk/books/295446/bullshit-jobs/

"It's Football, Not Soccer" is by Stefan Szymanski and Silke-Maria Weineck. I haven't read it, I just spotted a tweet. The book is here: https://www.amazon.co.uk/Its-Football-Soccer-Vice-Versa-ebook/dp/B07C9DJFKD

The Numbers Game by Chris Anderson covers Strong Link and Weak Link games, and well, actually, I should buy this and read it, but this article covers all you need to know: http://www.asalesguy.com/soccer-and-messi-basketball-and-lebron-how-one-is-like-sales-and-the-other-isnt/

Blog posts:

Log Blog - Tim Brown's blog on incident response issues can be found here: https://blogs.cisco.com/security/the-importance-of-logs

Rapid 7 on the number of CVEs is here: https://blog.rapid7.com/2018/04/30/cve-100k-by-the-numbers/

Presentations:

Blinky Boxes - Frasier Scott's presentation on threat modelling has slides here: https://speakerdeck.com/zeroxten/threat-modeling-the-ultimate-devsecops I think this is part of his current repetroire, so best caught live of course; or seeing as he's in DevOps, it'll have iterated several times already.

CTFs - The Last CTF Talk You'll Ever Need from DEFCON 25, is here: https://www.youtube.com/watch?v=MbIDrs-mB20

CTRL+Break The OODA Loop by Abel Toro of Forcepoint from BSides London 2018 isn't up yet on their channel https://www.youtube.com/channel/UCXXNOelGiY_N96a2nfhcaDA ; it was on Track 3, I'm hoping that was recorded... or that Abel will be giving the presentation again.

The Cuckoo's Egg reference was inspired by Paul Midian's BSides Glasgow 2018 keynote "Everything You Know Is Wrong" - https://www.youtube.com/watch?v=KvksyvF6MN4

Hacker's being needed on the Blue Team comes from Harron Meer's Nullcon Goa 2018 keynote: https://www.youtube.com/watch?v=2F3wWWeaNaM

Ian Fish - Crisis Management - from CrestCON 2018 - is here: https://www.youtube.com/watch?v=R1UOW3xGpZE

Incident Response in Your Pyjamas - Paco Hope - Securi-Tay 2018 - is here: https://www.youtube.com/watch?v=k1J1-WyyJs4

Intruder's Dilemma - is mentioned in this from BSides Munch 2018: https://www.youtube.com/watch?v=PQgsEtRcfAA

Penetration Testing Must Die - Rory McCune at BSides London 2011 - is here: https://www.youtube.com/watch?v=MyifS9cQ4X0

Playbooks - Common Traps & Pitfalls in Red-teaming by Andrew Davies and Jon Medvenics from CRESTCon is here: https://www.youtube.com/watch?v=bYTrwzFUSSE

Pratchett - Circle City Con - The Network Night Watch, by @munin and @hacks4pancakes, is here: https://www.youtube.com/watch?v=kjEdaJ6KhOo

Strategy - John Kindervag's "Win the War With Zero Trust" can be found via BrightTalk here: https://www.brighttalk.com/webcast/10903/280059

Reports:

The Base of Sand Problem, the RAND report that highlights the problems in military modelling/simulations/wargaming that, for me, resonate with issues we face, can be found here: https://www.rand.org/pubs/notes/N3148.html

The Cyber Resilience Report from KPMG, that really makes the point that preparation is key, can be found here: https://assets.kpmg.com/content/dam/kpmg/ie/pdf/2017/09/ie-cyber-resilience-2.pdf

The Global Risks Report 2018 from the World Economic Forum can be obtained here: https://www.weforum.org/reports/the-global-risks-report-2018

Outpost24's report on their survey of RSA attendees can be found here: https://outpost24.com/sites/default/files/2018-05/RSA-2018-Survey-Outpost24.pdf

State of CyberSecurity Report - InfoSecurity Magazine - where they highlight regulation can drive security - can be found here: https://www.infosecurity-magazine.com/white-papers/state-of-cyber-security-report/

Seattle Seahawks and other less cybery references:

The article "Bobby Wagner Can See into the Future" is here: https://www.si.com/mmqb/2017/06/29/nfl-bobby-wagner-seattle-seahawks

Bobby Wagner's PFF rating is from this tweet: https://twitter.com/PFF/status/1005914257563836416 ( as a side note, check out this video on Luke Kuechly, who's also on that list, that's basically team-mates and rivals saying how smart he is https://www.youtube.com/watch?v=umfgvffJ6M0 )

Fewest points allowed - this ESPN article summarises it nicely http://www.espn.co.uk/nfl/story/_/id/17886833/how-seattle-defense-dominated-nfl-five-years-running-nfl-2016

Introduction - the quick cartoon shoulderpunch is taken from this introduction to the game: https://www.youtube.com/watch?v=3t6hM5tRlfA

Kam Chancellor - I think this video sums up what he provided in the narrow focus I use, you may recognise part of it: https://www.youtube.com/watch?v=qgh8HmKVja8 ( as a side note, while I don't think it's relevant to the analogy, Kam Chancellor appears to have retired http://www.espn.com/nfl/story/_/id/23967587/kam-chancellor-seattle-seahawks-safety-appears-announce-retirement-via-twitter - update on 3rd July: this is a good video summary of what he provided to the team https://www.youtube.com/watch?v=8SltNCS4Jg0 )

Legion of Boom - there's a nice retrospective that's just a five minute video: https://www.youtube.com/watch?v=N73r5HemB0M

If you want an emphasis on the boom, watch this: https://www.youtube.com/watch?v=xF6OLtz280Y

My main source for Pete Carroll's philosophy, in many senses of the word, is here: https://www.fieldgulls.com/football-breakdowns/2014/2/3/5374724/super-bowl-48-seahawks-pete-carrolls-richard-sherman-marshawn-lynch ; I have a lot of reading to look forward to.

If you want to see just how many players there are on a team then you'll see the Seahawks roster here: https://www.seahawks.com/team/players-roster/

Tackling video - the Seahawks 2015 video summarising their technique is shown here: https://www.youtube.com/watch?v=6Pb_B0c19xA

Olivia Jeter, Defensive End for Blandensburg High School, is covered in these videos: https://www.youtube.com/watch?v=yAYS2VnfFi8 and https://www.youtube.com/watch?v=5xD8qjihHf8 Yes, I do realise that those videos are from 2014, but she provides such great soundbites, I must find out what happened to her.

YouGov's survey on British interest in various sports is here: https://yougov.co.uk/news/2018/01/10/what-most-boring-sport/

Tweets:

Grugq being unimpressed by deception technologies is here: https://twitter.com/thegrugq/status/1007724361426452480

Jeremiah Grossman on the Kenna Security report, highlighting 2% of vulnerabilities are exploited, is here: https://twitter.com/jeremiahg/status/996469856970027008 I've got into interesting discussions on how true or untrue that figure may be, watch this space.

Vincent Yiu on recruiter messages on LinkedIn is here: https://twitter.com/vysecurity/status/1005071605419118592

Websites:

Bananas - Chiquita using pharmaceutical packaging is detailed here: http://archive.boston.com/business/globe/articles/2007/03/07/yes_we_have_one_banana/

Banks using mobile phone companies ... dammit, I had a single reference, which I think was a line or two in an article I had to use archive.org to source, but looking for "banks learning from" online there's many industries and many examples.

Bartle's Taxonomy of player types is taken from this: https://en.wikipedia.org/wiki/Bartle_taxonomy_of_player_types

BreachLevelIndex.com is, well, here: https://breachlevelindex.com/

The Caffrey Triangle is mentioned here https://paxsims.wordpress.com/2016/08/19/connections-2016-conference-report/ , I've had it explained to me in person, we all need to be talking about this a lot more, in both cyber security and wargaming.

Cyber Resilience - Phil Huggins' Black Swan Security blog is here: http://blog.blackswansecurity.com/2016/02/cyber-resilience-part-one-introduction/

Cyberscape - the amount of tools we have, is taken from Momentum's cyberscape: https://momentumcyber.com/docs/CYBERscape.pdf

Dentistry using space technology is here: https://phys.org/news/2010-10-benefits-space-technology-dentists.html

Emergency response - the three element model can be seen is some detail here on the College of Policing website: https://www.app.college.police.uk/app-content/operations/command-and-control/command-structures/

Francium - my main inspiration for choosing the element Francium is here: http://www.sparknotes.com/mindhut/2013/09/06/the-worlds-most-dangerous-elements

HorseSenseUK - Equine Assisted Education - can be found here: http://horsesenseuk.com/

Incident Response, the four stages - I detailed that in this blog post: http://blog.sonofsuntzu.org.uk/post/2017/03/26/Notes-on-Incident-Response-from-the-SC-Congress

Incident Response Timelines - this is taken from the Logically Secure website, and can be found here: https://www.logicallysecure.com/blog/ir-metrics-part-1/

Intruder's Dilemma - I think the first reference to it from Richard Bejtlich is here: https://taosecurity.blogspot.com/2009/05/defenders-dilemma-and-intruders-dilemma.html

MWR - the TechCrunch article I refer to, where F-Secure note the need for offensive capability, is here: https://techcrunch.com/2018/06/18/f-secure-to-buy-mwr-infosecurity-for-106m-to-offer-better-threat-hunting/

Naval - Paul Raisbeck, who uses his naval experience in what is loosely described as management consultancy, can be found here: https://www.linkedin.com/in/paulraisbeck/ , and a relevant piece by him here: https://www.linkedin.com/pulse/what-could-your-business-learn-from-royal-navy-people-paul-raisbeck/

OODA loops are basically described here, but again, please pay me to research these concepts: https://en.wikipedia.org/wiki/OODA_loop

Playbooks, Rick Howard, the CSO of Palo Alto, on the small number of opponent's playbooks: https://www.csoonline.com/article/3207692/leadership-management/exploit-attacker-playbooks-to-improve-security.html

Practice - "any incident response plan is only as strong as the practice that goes into it" is from Mike Peters, Vice President of RIMS, the industry body for Risk Management. Best to search online for that specific quote and use whichever source will look best in your board level presentation.

Star Wars - security lessons to learn from Hazel Southwell, can be found here: https://www.linkedin.com/pulse/how-blow-up-your-death-star-genuine-data-security-from-southwell/

TRIZ on Wikipedia is here: https://en.wikipedia.org/wiki/TRIZ and the main British consultancy, as far as I can tell, is here: https://www.triz.co.uk/

Overall

Sometimes I get the gist of something and use that. If you know any of these ideas better than I do, meaning that I've missed a nuance, or not read an important reference, please do get in touch. I always appreciate constructive corrections.

Saturday 1 October 2016

Technical Notes from my DC4420 presentation in September 2016

On Tuesday 27th September I presented on my home computer setup at the DC4420 meeting. This setup has taken me some time to establish, has been through many iterations, and features a considerable number of monitors and KVMs - and so I hoped I could serve as an example, or as a warning, to others.

The presentation was well received, with the friendly audience showing joy, concern, enthusiasm, and despair.

While I like the practice of writing up blog posts of talks my preferred method of delivery owes more to my very, very shallow knowledge of the PechaKucha style of presenting... and less pretentiously, a lot of watching the PBS Idea Channel, and so doesn't really suit this written medium.

So rather than try and write up the whole thing, below I've listed a summary of the technical advice, and technical issues, that I've discovered along the way. For the full version, maybe you just had to be there.

KVM notes:

Aten CS533: This is the Bluetooth KVM I use, also called the Aten Tap. The IOGear GKMB01 appears to be the same thing. It supports two bluetooth devices. Do note that sending commands to it requires using the Alt key combined with F1 to F6, and that can't be changed, which might clash with other keyboard shortcuts you've got. For unknown reasons this device didn't work for me when I plugged it in front of the Avocent Switchview listed below, but does when I use it in front of the Raritan.

Aten Masterview CS-9138: This is the 8 port KVM I currently use. It has a small choice of HotKeys, and thankfully doesn't have a buzzer. For unknown reasons the keyboard indicator lights don't work when I'm working through this, but bear in mind it's "behind" an Avocent KVM, and at least one USB to PS2 adapter... I think. so that's probably why.

Avocent Switchview 4SVPU20 MM2: This is the 4 port KVM I now use, I have two. It takes USB or PS2 input along with VGA, but doesn't need the VGA port to be used to work. This device has a relatively massive choice of HotKeys, and using the command "<HotKey> <HotKey> <B>" you can completely disable the buzzer... the KVM won't make a sound unless it's powercycled. It has independent KVM, USB hub, and audio allocation - so you can move the audio to a different system without moving the other functionality at the same time. Also the audio ports have no "direction" and are just physical connections, so by putting the audio ports of two of these KVMs in line, and connecting audio inputs to one and audio outputs to the other, I can direct any of four inputs to any of four outputs.

Belkin F5U119-E: Unlike some of the cheaper USB to PS2 adapters I've used, this adapter tends to work with everything I connect it to.

Belkin Omniview F1DS104U: the original 4 port KVM I used. Bear in mind it will beep when you change screens using hotkeys, and doesn't like being chained. Also the firmware upgrade to make it silent is difficult to find, requires a bespoke cable, and doesn't work.

Belkin PRO2 OmniView 8-Port KVM Switch F1DA108T: The original 8 port KVM I used. It will beep when you change to a different device, and removing the speaker ( known as a "speakerectomy" ) appears to cause electrical problems. Also it has male VGA ports, which is quite unusual.

HP ChromeBook 11: this uses a SlimPort connection for video output and for power simultaneously. If a SlimPort to VGA, or SlimPort to HDMI, adaptor is used, this device will drain its battery even if the power supply is plugged in.

Raritan SW4-USB-Combo: This is the other type of 4 port KVM I now use. As well as independent KVM, USB hub, and audio - as per the Avocent above - it has a small choice of HotKeys, and "<HotKey> <HotKey> <S>" turns off the buzzer for most functions, but it'll still beep if you make an error.

Sivitec Black 8 Way SURGE Protected 5m Extension Lead Switched NEON 8 Gang: this is the only 8 socket gangplug I've found with a cable longer than 2 metres.

Other notes:

Monitors: if you have the money, and the time to look up the different options, do buy monitors with the best capability, i.e. VGA input, DVI input, HDMI input, an audio jack, a VESA mount, and with the configuration buttons located somewhere accessible.

Peripheral Sharers: The USB peripheral sharers I found that were "too clever" were the StarTech 4-to-1 USB 2.0 Peripheral Switch, the Kensington ShareCentral5 K33901EU, and the Aten US421A.

Synergy: I'm still suitably suspicious of this software, but at least one person came up after the presentation and explained that they found it reliable and useful. If it looks like what you need do check out http://symless.com/synergy/ .

Window Managers: The Tiling Window Manager I use, with flexible mapping of virtual screens to physical screens, is Xmonad. If you want to look at alternatives then try i3, dwm, or spectrwm.

Xorg: It's a very high level summary of what I've done, but to get X working on four independent screens my configuration was built using the following incantation: run the command "nvidia-xconfig –enable-all-gpus –separate-x-screens", your xorg.conf file should only have a single “screen” section, and use the line Option “BaseMosaic” “on”

Thank you to the audience for getting into the spirit of the presentation, and if you've any questions do ask them in the comments below.