Son Of Sun Tzu

To content | To menu | To search

Tag - dc4420

Entries feed - Comments feed

Monday 2 July 2018

Lessons from the Legion - references from my presentations at Snoopcon and DC4420

Further to my presentations at Snoopcon and DC4420, please find a list of the most relevant references.

I'm flattered by the interest I've received, if my ideas had coalesced sooner, and I'd have expected such a response, I would have done this in advance. Thank you for your patience.

I've categorised references by type, kind of, I figure that's the easiest way for people to navigate this. Constructive feedback always welcome.


"Bullshit Jobs" is by David Graeber, there's a description here

"It's Football, Not Soccer" is by Stefan Szymanski and Silke-Maria Weineck. I haven't read it, I just spotted a tweet. The book is here:

The Numbers Game by Chris Anderson covers Strong Link and Weak Link games, and well, actually, I should buy this and read it, but this article covers all you need to know:

Blog posts:

Log Blog - Tim Brown's blog on incident response issues can be found here:

Rapid 7 on the number of CVEs is here:


Blinky Boxes - Frasier Scott's presentation on threat modelling has slides here: I think this is part of his current repetroire, so best caught live of course; or seeing as he's in DevOps, it'll have iterated several times already.

CTFs - The Last CTF Talk You'll Ever Need from DEFCON 25, is here:

CTRL+Break The OODA Loop by Abel Toro of Forcepoint from BSides London 2018 isn't up yet on their channel ; it was on Track 3, I'm hoping that was recorded... or that Abel will be giving the presentation again.

The Cuckoo's Egg reference was inspired by Paul Midian's BSides Glasgow 2018 keynote "Everything You Know Is Wrong" -

Hacker's being needed on the Blue Team comes from Harron Meer's Nullcon Goa 2018 keynote:

Ian Fish - Crisis Management - from CrestCON 2018 - is here:

Incident Response in Your Pyjamas - Paco Hope - Securi-Tay 2018 - is here:

Intruder's Dilemma - is mentioned in this from BSides Munch 2018:

Penetration Testing Must Die - Rory McCune at BSides London 2011 - is here:

Playbooks - Common Traps & Pitfalls in Red-teaming by Andrew Davies and Jon Medvenics from CRESTCon is here:

Pratchett - Circle City Con - The Network Night Watch, by @munin and @hacks4pancakes, is here:

Strategy - John Kindervag's "Win the War With Zero Trust" can be found via BrightTalk here:


The Base of Sand Problem, the RAND report that highlights the problems in military modelling/simulations/wargaming that, for me, resonate with issues we face, can be found here:

The Cyber Resilience Report from KPMG, that really makes the point that preparation is key, can be found here:

The Global Risks Report 2018 from the World Economic Forum can be obtained here:

Outpost24's report on their survey of RSA attendees can be found here:

State of CyberSecurity Report - InfoSecurity Magazine - where they highlight regulation can drive security - can be found here:

Seattle Seahawks and other less cybery references:

The article "Bobby Wagner Can See into the Future" is here:

Bobby Wagner's PFF rating is from this tweet: ( as a side note, check out this video on Luke Kuechly, who's also on that list, that's basically team-mates and rivals saying how smart he is )

Fewest points allowed - this ESPN article summarises it nicely

Introduction - the quick cartoon shoulderpunch is taken from this introduction to the game:

Kam Chancellor - I think this video sums up what he provided in the narrow focus I use, you may recognise part of it: ( as a side note, while I don't think it's relevant to the analogy, Kam Chancellor appears to have retired - update on 3rd July: this is a good video summary of what he provided to the team )

Legion of Boom - there's a nice retrospective that's just a five minute video:

If you want an emphasis on the boom, watch this:

My main source for Pete Carroll's philosophy, in many senses of the word, is here: ; I have a lot of reading to look forward to.

If you want to see just how many players there are on a team then you'll see the Seahawks roster here:

Tackling video - the Seahawks 2015 video summarising their technique is shown here:

Olivia Jeter, Defensive End for Blandensburg High School, is covered in these videos: and Yes, I do realise that those videos are from 2014, but she provides such great soundbites, I must find out what happened to her.

YouGov's survey on British interest in various sports is here:


Grugq being unimpressed by deception technologies is here:

Jeremiah Grossman on the Kenna Security report, highlighting 2% of vulnerabilities are exploited, is here: I've got into interesting discussions on how true or untrue that figure may be, watch this space.

Vincent Yiu on recruiter messages on LinkedIn is here:


Bananas - Chiquita using pharmaceutical packaging is detailed here:

Banks using mobile phone companies ... dammit, I had a single reference, which I think was a line or two in an article I had to use to source, but looking for "banks learning from" online there's many industries and many examples.

Bartle's Taxonomy of player types is taken from this: is, well, here:

The Caffrey Triangle is mentioned here , I've had it explained to me in person, we all need to be talking about this a lot more, in both cyber security and wargaming.

Cyber Resilience - Phil Huggins' Black Swan Security blog is here:

Cyberscape - the amount of tools we have, is taken from Momentum's cyberscape:

Dentistry using space technology is here:

Emergency response - the three element model can be seen is some detail here on the College of Policing website:

Francium - my main inspiration for choosing the element Francium is here:

HorseSenseUK - Equine Assisted Education - can be found here:

Incident Response, the four stages - I detailed that in this blog post:

Incident Response Timelines - this is taken from the Logically Secure website, and can be found here:

Intruder's Dilemma - I think the first reference to it from Richard Bejtlich is here:

MWR - the TechCrunch article I refer to, where F-Secure note the need for offensive capability, is here:

Naval - Paul Raisbeck, who uses his naval experience in what is loosely described as management consultancy, can be found here: , and a relevant piece by him here:

OODA loops are basically described here, but again, please pay me to research these concepts:

Playbooks, Rick Howard, the CSO of Palo Alto, on the small number of opponent's playbooks:

Practice - "any incident response plan is only as strong as the practice that goes into it" is from Mike Peters, Vice President of RIMS, the industry body for Risk Management. Best to search online for that specific quote and use whichever source will look best in your board level presentation.

Star Wars - security lessons to learn from Hazel Southwell, can be found here:

TRIZ on Wikipedia is here: and the main British consultancy, as far as I can tell, is here:


Sometimes I get the gist of something and use that. If you know any of these ideas better than I do, meaning that I've missed a nuance, or not read an important reference, please do get in touch. I always appreciate constructive corrections.

Saturday 1 October 2016

Technical Notes from my DC4420 presentation in September 2016

On Tuesday 27th September I presented on my home computer setup at the DC4420 meeting. This setup has taken me some time to establish, has been through many iterations, and features a considerable number of monitors and KVMs - and so I hoped I could serve as an example, or as a warning, to others.

The presentation was well received, with the friendly audience showing joy, concern, enthusiasm, and despair.

While I like the practice of writing up blog posts of talks my preferred method of delivery owes more to my very, very shallow knowledge of the PechaKucha style of presenting... and less pretentiously, a lot of watching the PBS Idea Channel, and so doesn't really suit this written medium.

So rather than try and write up the whole thing, below I've listed a summary of the technical advice, and technical issues, that I've discovered along the way. For the full version, maybe you just had to be there.

KVM notes:

Aten CS533: This is the Bluetooth KVM I use, also called the Aten Tap. The IOGear GKMB01 appears to be the same thing. It supports two bluetooth devices. Do note that sending commands to it requires using the Alt key combined with F1 to F6, and that can't be changed, which might clash with other keyboard shortcuts you've got. For unknown reasons this device didn't work for me when I plugged it in front of the Avocent Switchview listed below, but does when I use it in front of the Raritan.

Aten Masterview CS-9138: This is the 8 port KVM I currently use. It has a small choice of HotKeys, and thankfully doesn't have a buzzer. For unknown reasons the keyboard indicator lights don't work when I'm working through this, but bear in mind it's "behind" an Avocent KVM, and at least one USB to PS2 adapter... I think. so that's probably why.

Avocent Switchview 4SVPU20 MM2: This is the 4 port KVM I now use, I have two. It takes USB or PS2 input along with VGA, but doesn't need the VGA port to be used to work. This device has a relatively massive choice of HotKeys, and using the command "<HotKey> <HotKey> <B>" you can completely disable the buzzer... the KVM won't make a sound unless it's powercycled. It has independent KVM, USB hub, and audio allocation - so you can move the audio to a different system without moving the other functionality at the same time. Also the audio ports have no "direction" and are just physical connections, so by putting the audio ports of two of these KVMs in line, and connecting audio inputs to one and audio outputs to the other, I can direct any of four inputs to any of four outputs.

Belkin F5U119-E: Unlike some of the cheaper USB to PS2 adapters I've used, this adapter tends to work with everything I connect it to.

Belkin Omniview F1DS104U: the original 4 port KVM I used. Bear in mind it will beep when you change screens using hotkeys, and doesn't like being chained. Also the firmware upgrade to make it silent is difficult to find, requires a bespoke cable, and doesn't work.

Belkin PRO2 OmniView 8-Port KVM Switch F1DA108T: The original 8 port KVM I used. It will beep when you change to a different device, and removing the speaker ( known as a "speakerectomy" ) appears to cause electrical problems. Also it has male VGA ports, which is quite unusual.

HP ChromeBook 11: this uses a SlimPort connection for video output and for power simultaneously. If a SlimPort to VGA, or SlimPort to HDMI, adaptor is used, this device will drain its battery even if the power supply is plugged in.

Raritan SW4-USB-Combo: This is the other type of 4 port KVM I now use. As well as independent KVM, USB hub, and audio - as per the Avocent above - it has a small choice of HotKeys, and "<HotKey> <HotKey> <S>" turns off the buzzer for most functions, but it'll still beep if you make an error.

Sivitec Black 8 Way SURGE Protected 5m Extension Lead Switched NEON 8 Gang: this is the only 8 socket gangplug I've found with a cable longer than 2 metres.

Other notes:

Monitors: if you have the money, and the time to look up the different options, do buy monitors with the best capability, i.e. VGA input, DVI input, HDMI input, an audio jack, a VESA mount, and with the configuration buttons located somewhere accessible.

Peripheral Sharers: The USB peripheral sharers I found that were "too clever" were the StarTech 4-to-1 USB 2.0 Peripheral Switch, the Kensington ShareCentral5 K33901EU, and the Aten US421A.

Synergy: I'm still suitably suspicious of this software, but at least one person came up after the presentation and explained that they found it reliable and useful. If it looks like what you need do check out .

Window Managers: The Tiling Window Manager I use, with flexible mapping of virtual screens to physical screens, is Xmonad. If you want to look at alternatives then try i3, dwm, or spectrwm.

Xorg: It's a very high level summary of what I've done, but to get X working on four independent screens my configuration was built using the following incantation: run the command "nvidia-xconfig –enable-all-gpus –separate-x-screens", your xorg.conf file should only have a single “screen” section, and use the line Option “BaseMosaic” “on”

Thank you to the audience for getting into the spirit of the presentation, and if you've any questions do ask them in the comments below.