What are You Working on Wednesday
from shellsharks@infosec.pub to cybersecurity@infosec.pub on 24 Apr 19:41
https://infosec.pub/post/11453496
from shellsharks@infosec.pub to cybersecurity@infosec.pub on 24 Apr 19:41
https://infosec.pub/post/11453496
Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.
#cybersecurity
threaded - newest
Firewall migration for a customer from PFSense to FortiGates.
I cleaned up my room, which took a total of five hours. I’m proud of that one. I just need to vacuum and call it a day. Also been doing a lot of research and coding again. Hoping some of these interview line up so I can start making money to waste all on new hardware toys.
Can I ask what kind of position you’re looking for?
Well, currently I’m open to anything, but I go back to school in the fall and should get workstudy so was thinking of checking the IT Helpdesk first at the school, but think I have enough personal experience that I could in theory do something like Junior Sysadmin or Junior Pentester. The main issue is that I live in a dead end state right now, and any job would have to be remote for the most part, which most companies won’t do. Another problem is that I don’t exactly have a great reputation because of assholes that I’ve had the displeasure of dealing with since I was a teenager. There is also the dumb case of my record with an online article that basically defames me and doxxes me. Also, a lot of misinfo. That article shows up when you google my name and also the stupid case, so idiots in HR get weird about it which ruined several job opportunities, and also I was harassed for months online which cost me my last job along with that dumb article… So think I’m going to just look for something outside the tech industry because so far the way I’ve been treated has been foul.
I’m sorry to hear that. It’s a shame to experience this kind of judgement in tech because many engineers I’ve met are some of the most open-minded people you’ll meet. Yet, there still remains the corporate structures that exploit us all. I’ve always been proud of my organization for not judging people based on paper qualifications. If not for that, I wouldn’t have my current job because I just don’t qualify for it.
I was curious because I wondered if you were more IT, security oriented, software development etc. I managed to get into a very weird tech job because I got recruited even though most of my background is more like test engineering. But, someone with an eye for such things felt I had a lot of potential. What’s your interest in penetration testing? Have you had an interest in offensive work?
I wanted to do red teaming when I was 18/19, but it is so niche that I don’t think I can get my foot in the door. I’m a hardware nerd and the past several months I have also started looking at overlooked protocols. I do plan on getting into more embedded and designing my own boards. Thing is, hardware is very overlooked which I feel like nobody is taking it serious enough. I still have an interest in the tech industry, but kind of just letting life do its thing and wherever I end up, I end up there.
If you would like to get a foot in the door, let me know and we can see if it makes sense. I might be able to help you get an interview. It’s kind of late for our internships this summer, but we do have openings periodically, and I think you’d benefit from our engineering-focused interviews. Do you like reverse engineering hardware? Rather, the opposite of design. Discovery.
You mean taking hardware apart or reverse engineering the software/firmware? Been planning on getting into reverse engineering firmware, but I take hardware apart a lot to figure out how they work because most of the time I can build something better and cheaper.
Both. As I’m sure you know, firmware and hardware are intimately related. We tend to do more software, but it depends on the project. I work for a small company, so we have to make do—I don’t think we have any purely software or hardware people. Understanding is the first step to exploitation.
Yeah. Life keeps getting in the way, but I’ve been having plans to at least start emulating firmware with QEMU and poke around a bunch of publicly available firmware. The biggest problem I do see with the learning curve is the machine language, but I don’t see it being too much of trouble once I grasp the basics enough to get a better idea what is going on. Finally got around to getting qemu up and running, so will try to get started with firmware once I get other more important things taken care of first.
I’m a QEMU developer also. Let me know if you have any questions!
Little, personal wins are still wins! Glad to hear you’ve accomplished what you set out to do <3
Whats your go to language?
I’m a huge fan of Golang, but I’ve started looking at writing in Java because a lot of APIs have Java SDK. Before, I have coded a lot more in C/C++. I also love shell scripting and have written a lot of scripts in bash and sh. I’m planning on coding more stuff in various different languages and for Windows I’ve started dabbling in C# because it is specifically built for Windows, so I tolerate it.
Have you fucked around with Rust yet? Supposedly its ‘better’ C/C++ - whatever that means lol. Tried it a bit myself but find it hard to stick with a lot of the heavy-hitter languages. I usually just use scripting languages like python or ruby to get what I need accomplished or just to solve a quick problem. Pretty rare that I need a whole ass Object-Oriented lang but definitely see the value in the career world. I sorta wonder if Java will be the new Fortran
I have. I hate Rust. I think it is overhyped. I have heard good things about Zig, and it looks more promising. Crystal and Dart also look promising, but unfortunately the hype is fucking Rust, which I think is a garbage language.
How come? What didn’t you like about it?
The syntax reminds me of what python, javascript, c# would look like combined if they somehow mated and had a child in their threeway relationship. The community also has very stupid people that think it is great making everything twenty times harder because of some hypothetical insecurity introduced by the user or something dumb like that when Rust is supposed to be a memory safe language and the hand holding has allowed some very dumb but arrogant asshats get it to their head.
It just seems over all like a cobbled up, overhyped mess that is driven a lot by pseudo-intellects and ego. A lot of the articles I’ve read have the author throwing around a bunch of fancy words that don’t really make sense and just make them look dumb, also a lot of times it seems unneededsly complicated with how someone does x and explain it overcomplicated. This is especially with when I tried to look at the state of encryption and cryptography in rust. The issue is that crypto is easy to get wrong even by very, very smart people, so what I saw just from glancing and trying to figure out tf I’m looking at with the libraries and also the focus on more of “X is faster than other much better audited crypto library or whatever” and made me unable to trust the libraries to use in my programs since I did not want to introduce possibly vulnerabilities that could be catastrophic.
Also, ironically not long after idiots touted C/C++ being dead or something after the federal gov here decided to make the announcement of moving to memory safe languages, there was some silly cve that allowed rce via some weird batch script. I think it is just better for me to be cautious right now with the language since right now I’m very, very skeptical and from experience if I have doubts about something in tech, I’m probably right.
Well I know today is Thursday but I spent a lot of time doing a custom compile of mainline Linux only to discover that my Nvidia graphics drivers are locking me into disabling several security features, and I can’t build them to support it because they’re proprietary.