Adventures in Ethical Hacking

Now that I have finished my Master’s Degree in Cybersecurity, I was pondering the next step for my future and decided that the first thing I needed to do is pick up some of those pesky certs that everybody thinks you have to have. I am not ready to take on the CISSP so I didn’t want to start there. I am still opposed to Microsoft certs as of the moment so I didn’t want to start them. After much pondering, I decided that I would pursue the EC-Council Certified Ethical Hacker (CEH). Thankfully, my current employer has a training program for free that will help me pursue that. It is a little outdated but I feel that the information should be close enough that if I go through the course, I can probably beat it. In fact, my co-worker and friend, Ben, said he attempted the CEH once without studying and only failed by about 3 questions. I might even be able to take the test now but I would rather wait until I train.

Well, for those that are not aware of CEH, it literally teaches you the art of hacking so that you can serve as a penetration tester or network security consultants among other options. In order to complete this exam, I basically have to know how to hack. Sure, I have learned my fair share of this through my MS program but to actually get my hands dirty doing some hacking against my own stuff will offer me exponential benefits. That being said, I decided that I would create a virtual network at home that I can use to carry out my various hacking projects such as getting better at reading SNORT, learning how to use Metasploit more effectively, heck, I even played with Nessus a little but never got too deep. So I created my own virtual network at home to serve as my CEH playground.

For whatever reason, I was feeling rather witty when I created the lab so I used many references from my current (and past) obsession, Doctor Who. First of all, I setup a Windows 2008 R2 Server on my old workstation at home. It only has 5GB of RAM but it will do the work I need. I named this server “Monitor” and it is part of a private domain “Logopolis” (check your Tom Baker Doctor Who).

Now that the main server is setup, I created my virtual environment. This environment consists of a Windows 2008 R2 server that I have named “White Watcher” (see the reference above). Then, I created an Ubuntu server that I have named “Harmony” (which is a much broader reference that you would know if you watch the show). Then, I created a Windows 7 workstation that I named “Polarity” (a reference to the Third Doctor). All of these things are virtual machines.

In order to facilitate communication between the various pieces of my lab, I have all of these devices connected to a single virtual network which I have lovingly named “Castrovalva”. As I type that name, I laugh again because I think that is probably one of the greatest jokes in the whole setup. You see, the first full Doctor Who serial to feature the Fifth Doctor, was called Castrovalva. In this story, the newly-regenerated doctor is trying to find a safe place that he can go to rest while he recovers from the regeneration cycle. He ends up going to Castrovalva which is supposed to be a place of rest. It turns out that Castrovalva is actually a complete virtual reality created by the Master and it exists within his TARDIS which he has conveniently materialized around the Doctor’s TARDIS. Once the Doctor enters the world, it is very hard for him to get out because it isn’t supposed to exist. Are you snickering yet? My entire virtual lab lives only within a single server and it really only works within itself. That’s funny if you are a nerd like me!

But it doesn’t end there… oh no. I took it a step further. The SNORT instance I created on my little Castrovalva network is named “Cloister” and the sound that it makes when it senses an anomaly?? A bell! If you watched Logopolis, you just laughed your head off. If you didn’t, then I will explain. You see, the thing that starts the Logopolis arc in the Fourth Doctor’s final season is that he hears the “Cloister Bell” in the TARDIS. When his companion (Nyssa I think) asked what it means, Baker replies “It means imminent disaster, a catastrophe of epic proportions”. So, if the SNORT instance on my virtual lab ever goes off, it means that someone has actually hacked into my real network, worked their way through my firewalls and IDPS, gotten into my virtual network and triggered something. Imminent Disaster indeed!

As I progress through my training towards my CEH, I will try to post random tidbits of information. The reality is that I mostly made this blog post to make myself laugh at how silly I can be and hopefully make you guys laugh as well.

The Value of a Good Employee

For the first time in my professional life I have had a situation where my employer made it clear that they wanted to keep me around because I am a good employee. If you follow my blog at all, you will know that I work as a contractor for the Defense Information Systems Agency (DISA). This job is one of the best I have had in a long time. I get to wear jeans, a polo, and sneakers to work every day and that is the normal attire. The actual office environment (to me) is very relaxed and the people have fun doing silly things and engaging in silly conversations. However, the job, being a contract only job has no guarantee of permanency and I was concerned that with 2 babies on the way and a total of 5 kids, I would be in majorly bad shape if the contract was suddenly ended. I didn’t actively look at jobs but I did apply to a few internal positions and I entertained a few interviews from my recruitment friends.

Finally, about a month ago, I was contacted by a recruitment firm about a permanent position doing the exact same work that I did at Chesapeake. I did the phone interview and found that I would easily be able to fit in that role and it seemed like a pretty good deal. The following week, I did an in-person interview and made quite an impression on the team based off what I was told. I was starting to get anxious about a job change since I really didn’t think that I could get much better than my current role but I wanted that sense of permanency and I felt like it would be wise to take the position. Not long after that event, I was told that the company was so pleased with me that they were going to skip one of their screening stages (candidate interviewed by management). They moved me right up to the front and I let them begin doing my background check but I held out putting my notice in until an offer letter came.

On the very next Monday after I had went through the background check stuff, I received an offer letter for the new position and I created and delivered my 2weeks notice. I had gone out on a limb and risked a job I liked for a position that seemed more permanent and even prepared to give up some of my favorite coworkers whom I had begun to consider friends beyond work. Shortly after laying the letter on the manager’s desk (he was gone at the time), the second in command came by my desk and advised that he was very impressed with my letter style and professionalism. Only a short while later, the manager came by and said he wanted to talk to me about my letter tomorrow morning which I happily agreed to. I learned later that the second in command spoke to one of my friends here as they were leaving and he expressed that he was genuinely concerned about my desire to leave and my friend talked up my ability quite a bit.

The next day, I waited patiently for the meeting to come with the manager. He finally came by and brought me into the conference room with the second in command. Much to my amazement, they talked at great length about the quality of work I performed, how professional I was on a team that has not always been known for professionalism and countless other compliments. I had no idea how highly they regarded me as an employee. They made it very clear that my work was appreciated and they were willing to fight for me to stay. I told them the salary that I was going to make and they said they would try to match it. The meeting ended and I waited until my manager was ready for the next meeting.

By the end of the day, I was back in the room and offered a salary that matched my offer from the other company as well as the promise for opening up training in project management for my current company when the projects were closer to being viable. In essence, I got a raise and the potential for management stripes. Needless to say, it didn’t take me much thought to rescind my notice and go back to work.

The moral of the story is that you never know how much you are worth to your company until you ask. I wouldn’t suggest that people randomly put in notices in hopes of a raise but rather that you should not be afraid to ask your management what they think of you. I also think it speaks volumes to me that my employer cared enough about me to fight to keep me here. A company that is willing to do that is worth paying attention to!

My Roku2 Review

It has been a while since I last posted a review of any technology. Part of this is because I didn’t have the time to but the other part was that I simply didn’t have many new tech toys that I felt worthy of mention other than my new iMac which I discussed earlier. I wanted to change that because I finally got a Roku2 for my house and I don’t know why it took me so long.

For any of you that are not aware, my wife is pregnant with our first (and only?) biological children – yes, that is plural, we are having a girl and a boy. Because of her health and the fact that these are multiples, the doctor recently placed her on modified bed rest which means that she has to cut her daily activities by over 1/2. Since she was going to be spending more time laying in our bed, she asked if I could add some entertainment to our master suite. I first moved our old TV in there (the one I had used as my studio monitor before the iMac) and added a new HDTV cable box. However, one day while I was at work she told me that she really wanted Netflix in our room because she was getting bored with the daytime TV shows. I needed to get something in there but using the Wii would be needlessly complex and make it that much more difficult when the kids wanted to play. I didn’t want to move the Logitech Revue in there because I still use it when I am in there and it is one of the primary Netflix sources when the kids want to watch TV. So, after listening to the suggestion of one of my co-workers and doing some research, I ended up picking the Roku2.

When I first opened the thing, my impression was “this thing is tiny!” because it really is not much bigger than about 4 inches squared. The only connectors on this thing were an HDMI connector, what appeared to be RCA connectors (maybe RGB), and a port for the AC Adapter. It also came with a slightly unusual cloth tag with the word ‘Roku’ on it. The other piece of equipment this came with was the patented Roku remote with its built-in headphone jack and cleanly packaged earbuds. This thing is even smaller than my Logitech and it looks like the system casing is even more refined. I have not even hooked it up yet and I am already intrigued. With very little effort, I plugged it into the second HDMI slot on my bedroom HDTV and started the setup.

After a little learning curve getting to know the on-screen keyboard which you must navigate using it’s game-like D-Pad, I was able to get it on my wireless with no hiccups. I paused temporarily to activate a Roku account from my iPad and then link the device here in my home to that account and now it was time to customize my box. I added all the free channels I could find and went through the activation with some of the special channels (Disney, History Channel, etc.) to prove that I had a cable provider. Soon it was done and BOOM! What a machine!

After very minor setup I was able to link up Netflix, Amazon Prime, YouTube and Pandora. Not only was the setup more simplistic than the Logitech revue but also the speed is remarkable when you compare it to my Revue. The Netflix viewing environment is virtually identical to the one on my Revue though it is a little more snappy but the search features are massively better. The Amazon Prime video is massively improved over my Revue because it actually has its own app interface whereas the Revue literally opens a Chrome browser which is highly inefficient on a big screen TV. I think the Pandora interface is pretty much identical to the one on the Revue but it does seem to run slightly faster. I also like the way that YouTube works on the Roku. The Revue’s interface is similar to the Amazon video player, it is basically a Chrome browser which is still too annoying to try on an HDTV. But the Roku’s interface is clearly streamlined to work with your TV and provides crystal clear HD viewing for YouTube videos. Further success!

Going beyond the standard things I looked for on the Roku2, it offers other features that caught my eye. First of all, the News channel was very interesting. I don’t tend to be too much of a newshound but I certainly watch certain technology stories and big world-impact things like the Malaysian plane story. I have the News Channel on my Wii but as far as I can tell, this has never worked. I tried the News Channel on my Roku and was instantly able to watch news stories including the weird news channel which I thought was pretty cool. A large portion of the news articles came from a website called “Newsie” which I was unaware of prior to owning the Roku but that doesn’t make me dislike the channel. Overall, I found the interface fun and interesting. Another interesting thing about the Roku2 is that it has a few skins that you can apply to give the device different appearances. I stuck with a metallic gray theme but the defaults include a space age looking interface, a silly cartoon interface, a blue-sky interface and a few others. It is possible that additional skins may be available but I am not sure how one might apply them other than a ‘push’ from the Roku site. It seems like a silly thing but the fact that Roku actually had the foresight to include different skins shows that they were paying attention to the tiny details. I have yet to test the ‘private mode’ which allows me to listen to the Roku with only headphones and not disturb other people. If that function works, especially with different headphones, buying a second one of these boxes is in my very near future.

Overall, I am very pleased with this device. I can’t believe that I just now acquired one and evidently my friends agree. I am known by my friends as a techie guy who likes to play with new stuff and who also likes his movies and TV. When I mention to friends that I purchased the Roku2, they all seem to say the same thing “You JUST got one? Wow, I have had mine for a while”. Yeah, I am behind the times but now I see why these things are so popular. I am not regretting the money that was spent on it. Even if my wife does not use the one she has very much, it will get used.

Ratings:

  1. Performance – ✮✮✮✮ – This thing is cool and snappy in its performance. The setup is very easy and the thing runs extremely well. I can’t ask for a better performance out of my device.
  2. Features – ✮✮✮ – This thing is packed with features for the buck. The only thing I wish it did was allow the HDMI pass-thru like my Logitech Revue.
  3. Price – ✮✮✮✮ – Given the amount of features that this little thing packs, the price of approximately $75 is a good deal. My Revue cost over $100 when I got it and has nowhere near the features.

All this is to say, if you have yet to pick up a Roku2 and need a streaming media box, go get this one!

 

My Masters Degree is Complete!

This is a very exciting update! As of Monday April 28, 2014, I have completed all of the requirements for my Master of Science in Cybersecurity from the University of Maryland University College (UMUC). This may seem kind of silly to be bragging about this, you have to understand that this is the culmination of many years of work. My wife and I have been together for about 15 years. If you count high school as well, I have been in school (of some kind) for over 12 of the 15 years we have been together! I finished my AAS in 2003, took a brief break and then went after my BS in 2005. I got that one in 2007 and took another break. I started in my M.Div and completed about 15 hours towards it before I realized it was not going to be easy to recoup the expense. Finally I chose the MS in Cybersecurity and now I am done with it!

So what will I do now? Well, I still have to make the trip out to Maryland in mid-May with my mother and my daughter so that I can attend my commencement. I was accepted as a member of Upsilon Pi Epsilon which came with a snazzy certificate, pin and honor cords to wear at the commencement ceremony. I have already received my cap, gown and academic hood to wear and my card to present to the commencement announcer. Basically, all that is left is to hop on the plane and go!

Once I get back from the graduation what will I do? That is where things get a little cloudy. The sole purpose of attaining my degree (other than personal growth) was so that I could become a teacher. The academic rules in the USA state that an instructor must hold at least one degree higher than the degree level of the students being taught. That is to say that since I have my Masters, I am permitted to teach Associate and Bachelor’s courses. I could also serve as a TA for professor who holds a doctorate and help co-teach Master’s classes but generally a TA can only TA for a Master’s if they, too, are attempting to attain a Doctorate which I am not.

Sure, I would love to be called “Doctor Dave” but my Masters was grueling enough with 3 kids and I will soon have 5. My wife has already threatened to disown me if I take on my PhD. Happy wife – happy life – that is my philosophy. Plus, I have already missed out so much on the lives of my 3 current children and I don’t want to miss out on any more of there lives or on the lives of my new twins due in August. So… this is as far as I go.

My hope now is that I will get picked up by a university to teach online classes for Bachelors or even associates level classes part time. If I get a position such as this, I can start to pay back the over $90k in student loans that I have racked up with the proceeds from teaching and still work my full time job. As it stands, I don’t think my current employer really considers my Masters degree as grounds for promotion but it is nice to have on my resume anyway.

For now, I am going to tie up the loose ends on my dad’s estate and I have been busily working on adding lots of new stuff to my RetroGamerBoy site. That’s all for now.

 

Apple Supercomputer

The first Apple product I purchased was an iPod Nano back when they were relatively new but I eventually ran out of space on it to store my massive MP3 library. Then, I purchased an iPod classic which I never fully filled up but lasted me for some time. By this point I had already invested quite a bit of money in iTunes, something that was uniquely Apple.

I purchased an iPad2 (Wi-Fi only) for my wife to use as she was zooming about town taking our kids to doctors. When I started my music career, it became apparent that the MacBook Pro and Apple’s Logic Studio would be the best items for me to use for production so I bought a used (and heavily modified) MacBook Pro from a college student. I used the laptop only for my music production and a few other basic operations because I felt that “Mac could not do what Windows does.” However, I was impressed enough by my wife’s iPad that I purchased an iPad3 with LTE…wow… how did I live without this? In fact, when I dropped the iPad and busted the screen I was so distraught at how much time and work I had invested in my apps and notes on this device that I purchased a NEW one that day.

By now, I have a substantial music library with a large part of the songs being iTunes only. I discovered the wealth of movies that you simply can’t get on NetFlix and noticed a markedly higher-quality video from the iTunes rentals over NetFlix. I started using my MacBook for daily operations that I normally thought were only Windows-capable things (i.e. writing documents, printing resumes, etc.) . I even figured out how to make the thing play WoW and The Sims 3. There are very few things that I CAN’T do with a Mac so now you will understand the title of this post. I have purchased a BRAND NEW iMac.

This ain’t your momma’s iMac! It has a beastly 7 core processor, 32GB of RAM, a video card that smokes almost any video card I have used before, 3TB of hard drive space, even a 27″ monitor. Yes, it cost a lot more than a basic PC would cost with a similar hardware base but after seeing the punishment I could put my modded MacBook through with it’s 8 year old hardware (you read that right) I am certain this thing will blow my PC’s away. I almost jumped for the new Mac Pro (aka the trashcan computer) but considering it is totally new and therefore may have bugs combined with the fact that it won’t even ship until at least March, the iMac was the best choice.

My plan now is to transfer all of my old data from my MacBook pro to the new computer once it arrives. I will then wipe the MacBook and reload it so that my wife can use it. Why? Because she is already a rabid iPhone user (I have still kept my trusty Android phones), wants a computer that doesn’t need to be fooled around with to make it work, and something that is as easy to use as her iPhone. Ding ding ding! The MacBook makes perfect sense. I have already seen her delight in amazement at how quickly she could edit photos on the Mac and upload them directly from iPhoto to our Flickr account (something that no Windows computer even comes close to) and how quickly she figured out how to use the Command+menu keys while working on the MacBook.

The computer I will soon have is unlike anything I have ever used before. It may be so good that I completely abandon my Windows computers in the future. No, I am not going to be some snobby hipster who says that I can only use Mac or the world will end. Not at all! There are lots of things that Windows computers can be used for – mostly business applications – and I will still use those at my day job. I will just focus on using this spiffy and super-powered iMac to do my bidding when I am off the clock.

Where Did I go?

So it’s time for another famously long overdue update. I have been busy so I have not been able to post on my blog often. After several interested parties and interviews, I finally picked a new job. On October 18, 2013 I took a position with Consulting Services Incorporated, a Federal Contractor. I am now employed as an IdSS Tier III Engineer with DISA as a contractor. In English? I administer federal email accounts as a Forefront Identity Management (FIM) Engineer. It’s a unique job that mixes a little bit of everything I have used over the years. I am also glad to say that I have made a number of friends on my team and with other auxiliary team members.

What else is new? Well, in February I start my Capstone class for my MS in Cybersecurity. That means that by May, if all goes well, I will have successfully completed my Master’s Degree. Where will I go from there? Who knows? Hopefully into some teaching capacity to enhance income with my other job.

On Fresher Tides

I have another interesting page to add to my life story. For the first time in my career in IT, I have lost my job due to corporate downsizing. I was happily employed for almost 2 years at Chesapeake Energy here in OKC as an IT Security Engineer. On Tuesday Oct. 8, I got up to go to work like any other day and then I ended up sitting in a room with HR and my severance package before lunch. I wasn’t the only one, 640 others in the OKC office alone were released and over 150 across the USA.

Honestly, the fact that I survived as long as I did is a testament to my ability. Chesapeake moves at light speed and those who can’t keep up don’t make the cut. I survived during some of their most turbulent years and was only released due to downsizing. I completed 5 major projects in a 2 years span… most of these projects would take a year each on their own. But I did it and now I am branded in the job market as “Here’s a guy who boarded the rocketship at Chesapeake and lived!” I have already been looked at as a potential candidate for multiple companies with less than than 48 hours unemployed. That’s pretty impressive! I can’t wait to see what the future holds for my career.

But for now, I am a Security Engineer available for work in Oklahoma. Not only do I have massive AD experience including GPO’s, PKI, server tuning, but also  I have piloted, tested and deployed RSA AA Multi-factor Authentication and Office365 Cloud with ADFS. I am coming to learn that these skills are a relatively high demand and not a lot of supply so that may bode well for me also.

Good luck to my other Ex-CHKS… if you need help networking with recruiters, let me know… I got a virtual Rolodex full of them!

The Paradigm Shifts

Well, I wrote on April 20th that my father was in ICU and almost died. Unfortunately, he passed away only a few short days later. He passed away on April 24, 2013 at 9:01 AM. I don’t really want to discuss the details since it is rather painful and personal. Suffice to say, his passing was not painful for him but it was very surprising.

Now that he has passed, I have had to kick into high gear as I am the executor of his estate. If you would like to follow me on those adventures, you can go to my other blog at http://www.davidshields.name.

I busted the screen on the wonderful 4G iPad but I have become so obsessed with my iPad that I had to acquire a second iPad very quickly. I will eventually get the screen fixed on the old iPad and give it to Tiff to replace hers since it was only Wi-Fi.

Dusting off the Blog

I know, I know, it’s been way too long and I am a horrible blogger. The reality is that my work has simply kept me very busy. My iPad is terrific by the way, I can’t imagine life before my 4G iPad. However, it seems like a great deal of it’s purpose is to provide me with a way to play SongPop on Facebook regardless of where I am. LOL.

Life has been nuts. My father went to ICU and almost died but is recovering now. Work keeps me busy and Monday I get to start the implementation of a huge project. 🙂 Life is good and bad and a little in the middle.

Oblivion was a great movie though. I want to fly around in a bubble ship. 🙂 That’s all for now.

Advancing myself technologically

Today I began a new tech endeavor, after years of waiting I finally bought my own iPad. Unlike Tiff’s, this is one with 4g LTE. That means that I can post from anywhere that I have a decent signal. Humorously enough, I have never been a big iPad user so I am learning all kinds of apps and techniques. Seems as though this is one of those things that you start learning one step at a time. Forgive me if I plunge into madness before this is all over.