Be Humble

I was lucky enough to get selected again to speak at the local BSides this year. It was a fantastic experience, better than last year. I got a lot of good feedback and discussion from my talk, entitled, “DIY Hacker Training, a Walkthrough”. I just went through the things that I use for learning resources and keeping track of news around the infosec community.

The second keynote of the day was … unexpected. Chris Nickerson is typically the first person people point to when the topic of “rockstar” in the community is raised. He tells funny stories, he’s often seen with a drink in hand, and he’s always talking about this time he got into some shit. Saturday Chris got up and put his story out there for everyone to see, as a lesson, almost a confession, and a pledge to get better. He talked about the highs of leading in the infosec community for 20 years, attaining that “rockstar” status; TV shows, board positions, leading companies, owning companies, pwning companies. He also talked about the hard parts, the rough patches, the terrorizing that he and his loved ones are enduring every day. It’s a hard lesson to learn and I’m sure an even harder one to teach. I am grateful for the lesson and for Chris’ sacrifice. He has taught me more than a few things over the last few years as I have grown up into this field. The message I got from him awhile ago, that he underscored again on Saturday, is universal. No one can claim to live a full life without it and absolutely no one can have a decent career without it. Be humble. Don’t be cocky. Everyone, no matter how smart, no matter how dumb, no matter where they’re coming from, everyone knows something you don’t, and can teach you things.

It’s often said that the key to succeeding in Information Security is mindset. You have to think like an attacker, think about what it can do, rather than what it should do. Since the first time I heard Chris say this in a talk, I’ve watched him and others in the community live it at cons, on twitter, in their blogs. Everyone can help you get better. As they can help you, so can you help them. Share your insights, share your experience, share your knowledge. There’s not a better message to take home.

Be Humble.

Headless Kali

Since I am space and RAM limited on my laptop I decided to make a headless Kali virtual machine to keep around for playing with. Since I couldn’t find a reliable tutorial for removing all the GUI stuff from a normal Kali install, I decided to create a Debian-turned-Kali machine. Currently the goal is to only use this for command line tools.

First step, install and update a minimal Debian Wheezy(7.0) machine. Mine has only SSH installed from the start.

Next, add the Kali software repositories, and update. This is where i hit my first snag, as well as my first triumph. I’m doing this to learn, after all.

  • begin by adding the following lines to the /etc/apt/sources.list file

  • deb kali main non-free contrib
    deb kali/updates main contrib non-free

  • run # apt-get update to pull the latest info. Here is where I hit my snag. I got the following warningPubKeyError copy
  • This is a missing public key for the Kali Repos. I can still pull down and install software, but it will be doing so unauthenticated. Thanks to the public-ness of PKI, this is an easy fix, once I learned a little about what I was doing.

  • Pulling this key is simple enough, # gpg --recv-keys ED444FF07D8D0BF6PubKeyFix1 copy
  • Simply getting the key is not enough, you must tell apt to use it. # gpg -a --export ED444F07D8D0BF6 | apt-key add - this will return OK, and allow apt-get update to run without any further warnings.

Now I can install any Kali tool I’d like, and run them remotely through a headless VM. How can I run something headless? EASY, both my favorite Virtual Machine managers, Virtualbox and VMWare Fusion provide LOTS of command line tools for interacting with their software.

  • for VMWare its simply $ /Applications/VMware\ -T fusion start "/path/to/vm.vmx" nogui
  • and for VirtualBox its $ vboxheadless -startvm VMNAME

    Next time I visit this topic it’s likely to be “how to run remote GUI tools from a headless Kali VM”, when I find a need for a GUI tool on this machine.

  • PS to remember Part 2

    Building Directories with PowerShell

    I needed to create a script that will build out directories following a pattern. In this case, Microsoft Security Updates. Perfect opportunity to practice a little coding. The script needs to be functioning in an all Windows environment, and easy to maintain. Sadly, this eliminated Python, which is more interesting to me, but PowerShell is a very close second. And despite my desire to not be a Windows guy, the almighty paycheck comes from a company that builds a product that runs exclusively on Windows. So away we go(sanitized where appropriate).

    # get current year from system and format for directories
    $year = get-date -format yyyy
    $year_short = get-date -f yy
    $month = get-date -format MMMM
    $month_short = get-date -format MM

    # constants; current month name and prefix
    $parent_dir = "$month_short - $month"
    $prefix = "\MS$year_short-"

    # actual, live working directory
    $checkifdir = "\\servername.domain\software\patches\$year\$parent_dir"
    # testing/debugging directory
    #$checkifdir = "C:\Users\wkopp\Desktop\temp\sandbox\$year\$parent_dir"

    # check if current month directory exists, if not, create (w/loop)
    # this happens without user input

    if ($checkifdir -eq $false){
    md $checkifdir

    # ask user for range of this month's bulletins(user input)
    # create the names for directories needed.
    # create directories

    $st = Read-Host "Please enter the number of the first bulletin: "
    $end = Read-Host "Please enter the number of the last bulletin: "

    $bulletin_range = $st..$end

    for ($i = 0; $i -lt $bulletin_range.length; $i++){
    $string_name = $prefix + $bulletin_range[$i].ToString("000")
    $folder = $checkifdir + $string_name

    Write-Host $folder

    if ($folder -ne $false){
    md $folder

    PS to remember Part 1

    Reading through this link Raphael Mudge talks about using rogue applications called notepad.exe to call back out, and then drops this tidbit(emphasis mine):

    netstat -nab is a tool to help you discover rogue notepad.exe instances connecting to the internet

    the output of which looks something like this:

    I think to myself, this is a fantastic tool to use for troubleshooting, however, the default output is huge. I need to pare it down a bit. In Bash, I would just pipe to grep and be done. I’m very new at PowerShell, but it seems overly optimistic to thing it has grep.

    After a bit of searching, no, there’s no grep. However, somewhere in the StackExchange network there was a more appropriate solution. “Out-String” and “Select-String”. Mixing all that together gave me the following:

    netstat -nab | Out-String -Stream | Select-String -pattern “ESTABLISHED” -context 1

    So what does all that mean, exactly?

    netstat: “Displays protocol statistics and current TCP/IP network connections

      -n : shows addresses and ports as numerical infomation
      -a : all connections and ports
      -b : show executable involved

    Out-String: Sends objects as strings (pipes the output of netstat as strings instead of data)

      -stream : sends each string individually rather than concatenating to a single string

    Select-String: …You can use it like Grep in UNIX…

      -Pattern “” : inside the quotes goes what you’re looking to filter with
      -context # : this is the number of lines after your match that you want to return.

    So, as a baby step into PowerShell and learning how it is not Bash, this was fun. More of these to come as I get better at it.