I’ve setup pi-hole recently, twice. The first time was on a first gen Raspberry Pi that stopped booting. I think the SD card got corrupt somehow. The second time was on a new Raspberry Pi 3 B+ that I just bought. If you haven’t setup a pi-hole before, at the end of the setup it prints out the password for the web UI. I noticed during the first install that it was just 8 characters and a mix of uppercase and lowercase letters. I thought maybe it was just RNG luck that I didn’t get any numbers, but the same thing happened during the second install! But then again, the risk is pretty low as it’s only reachable inside my network and the insider threat level (my wife and young kids) just isn’t that high.

Somewhere along the way my blog stopped displaying correctly. I think it had something to do with Github updating soemthing on the Pages backend. All my pages would just show the text with no formatting.

So here’s the setup I have right now:

• GitHub Pages - Obviously.
• Jekyll - The tech powering this whole bloggy thing.
• Jekyll theme: Hyde - I like the simple display of the posts + the simple side menu.

Inspired by Scott Roberts’ blog, I decided to checkout GitHub Pages and Jekyll. I’ve had a blog at Wordpress.com for awhile, but I haven’t blogged anything in a long time. I’ve been thinking about blogging more (again) lately and thinking about moving away from Wordpress, but just wasn’t sure what to do. The idea of having GitHub host it though gives me the opportunity to finally learn git and GitHub better though!

So there’s been a debate going on for awhile (2 years??) over at the Social-Engineer.com podcast over whether or not social engineering always involves some sort of deception.  The latest podcast featured guest Dr. Paul Ekman, pioneer of microexpressions.  After the interview with Dr. Ekman ended, the topic of deception in SE’ing came up again.  This time they have another host, more input,  and I decided I needed to think about this some more and do some reading.  Here are my thoughts on the topic.

I’ve finally picked this high security Brinks padlock I’ve been working at for a few days now!

Working at a remote branch, waiting for some downloads to finish, I spent the time lockpicking!  Lockpicking is something I’ve been interested in for awhile, but just recently started picking more.

In planning for an Active Directory network,  I need to figure out how many Windows Home versions there are on our network so I can calculate the costs of upgrades.  From what I’ve gathered in using Nmap’s “-O” option, it will only tell give me results such as “Windows XP” or “Windows 7”; it won’t detail specifically if it’s Home or Pro.  I posted a new thread on EthicalHacker.net (highly recommend this site/forum, by the way) and posted on Twitter to see if there was a way to figure this out remotely so that I didn’t have to visit each machine (if you haven’t also gathered, this process will be helping create an updated database of machines on the network as well).

I’m currently making my way through “Metasploit: The Penetration Tester’s Guide” (along with a couple other books that’ll be in future posts).  Chapter 3 is about information gathering - the process of gathering intelligence on your target so that you can then devise a method of attack.  In the active information gathering section, it brings up TCP idle scanning using Metasploit and Nmap.  Now I read a blog post on the PaulDotCom website awhile back on TCP idle scanning, but not knowing about this type of scan before reading the blog post, I was a little lost.  Here’s the link to the blog post on the PaulDotCom website:

Hello World! Sooo here’s my blog. Here I will be blogging things pertaining to IT (I’m currently a system/network admin) and infosec (I’m working on getting into an infosec position). Normally it’ll be things I come across during my studying that I find interesting and worth sharing, a lot will have to do with topics I needed to do more research into. There will also be posts about solutions I’ve found that were either a pain in the ass to gather all the info for so I’m putting it all in one place, or clever fixes (IMO) I’ve come up with for certain issues I see in my job or study lab at home. Along with sharing, typing it out in a way that I’m trying to explain/teach the reader, it’ll help embed the info into my brain better and ensure that I understand it thoroughly as well.