What are You Working on Wednesday
from shellsharks@infosec.pub to cybersecurity@infosec.pub on 24 Apr 19:41

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.


threaded - newest

slazer2au@lemmy.world on 24 Apr 21:55 next collapse

Firewall migration for a customer from PFSense to FortiGates.

alex_02@infosec.pub on 25 Apr 05:16 next collapse

I cleaned up my room, which took a total of five hours. I’m proud of that one. I just need to vacuum and call it a day. Also been doing a lot of research and coding again. Hoping some of these interview line up so I can start making money to waste all on new hardware toys.

henfredemars@infosec.pub on 26 Apr 02:39 next collapse

Can I ask what kind of position you’re looking for?

alex_02@infosec.pub on 26 Apr 20:45 collapse

Well, currently I’m open to anything, but I go back to school in the fall and should get workstudy so was thinking of checking the IT Helpdesk first at the school, but think I have enough personal experience that I could in theory do something like Junior Sysadmin or Junior Pentester. The main issue is that I live in a dead end state right now, and any job would have to be remote for the most part, which most companies won’t do. Another problem is that I don’t exactly have a great reputation because of assholes that I’ve had the displeasure of dealing with since I was a teenager. There is also the dumb case of my record with an online article that basically defames me and doxxes me. Also, a lot of misinfo. That article shows up when you google my name and also the stupid case, so idiots in HR get weird about it which ruined several job opportunities, and also I was harassed for months online which cost me my last job along with that dumb article… So think I’m going to just look for something outside the tech industry because so far the way I’ve been treated has been foul.

henfredemars@infosec.pub on 26 Apr 21:14 collapse

I’m sorry to hear that. It’s a shame to experience this kind of judgement in tech because many engineers I’ve met are some of the most open-minded people you’ll meet. Yet, there still remains the corporate structures that exploit us all. I’ve always been proud of my organization for not judging people based on paper qualifications. If not for that, I wouldn’t have my current job because I just don’t qualify for it.

I was curious because I wondered if you were more IT, security oriented, software development etc. I managed to get into a very weird tech job because I got recruited even though most of my background is more like test engineering. But, someone with an eye for such things felt I had a lot of potential. What’s your interest in penetration testing? Have you had an interest in offensive work?

alex_02@infosec.pub on 26 Apr 21:36 collapse

I wanted to do red teaming when I was 18/19, but it is so niche that I don’t think I can get my foot in the door. I’m a hardware nerd and the past several months I have also started looking at overlooked protocols. I do plan on getting into more embedded and designing my own boards. Thing is, hardware is very overlooked which I feel like nobody is taking it serious enough. I still have an interest in the tech industry, but kind of just letting life do its thing and wherever I end up, I end up there.

henfredemars@infosec.pub on 26 Apr 22:17 collapse

If you would like to get a foot in the door, let me know and we can see if it makes sense. I might be able to help you get an interview. It’s kind of late for our internships this summer, but we do have openings periodically, and I think you’d benefit from our engineering-focused interviews. Do you like reverse engineering hardware? Rather, the opposite of design. Discovery.

alex_02@infosec.pub on 26 Apr 22:22 collapse

You mean taking hardware apart or reverse engineering the software/firmware? Been planning on getting into reverse engineering firmware, but I take hardware apart a lot to figure out how they work because most of the time I can build something better and cheaper.

henfredemars@infosec.pub on 26 Apr 23:11 collapse

Both. As I’m sure you know, firmware and hardware are intimately related. We tend to do more software, but it depends on the project. I work for a small company, so we have to make do—I don’t think we have any purely software or hardware people. Understanding is the first step to exploitation.

alex_02@infosec.pub on 27 Apr 12:03 collapse

Yeah. Life keeps getting in the way, but I’ve been having plans to at least start emulating firmware with QEMU and poke around a bunch of publicly available firmware. The biggest problem I do see with the learning curve is the machine language, but I don’t see it being too much of trouble once I grasp the basics enough to get a better idea what is going on. Finally got around to getting qemu up and running, so will try to get started with firmware once I get other more important things taken care of first.

henfredemars@infosec.pub on 27 Apr 14:34 collapse

I’m a QEMU developer also. Let me know if you have any questions!

stevedidwhat_infosec@infosec.pub on 26 Apr 20:14 collapse

Little, personal wins are still wins! Glad to hear you’ve accomplished what you set out to do <3

Whats your go to language?

alex_02@infosec.pub on 26 Apr 20:48 collapse

I’m a huge fan of Golang, but I’ve started looking at writing in Java because a lot of APIs have Java SDK. Before, I have coded a lot more in C/C++. I also love shell scripting and have written a lot of scripts in bash and sh. I’m planning on coding more stuff in various different languages and for Windows I’ve started dabbling in C# because it is specifically built for Windows, so I tolerate it.

stevedidwhat_infosec@infosec.pub on 26 Apr 22:42 collapse

Have you fucked around with Rust yet? Supposedly its ‘better’ C/C++ - whatever that means lol. Tried it a bit myself but find it hard to stick with a lot of the heavy-hitter languages. I usually just use scripting languages like python or ruby to get what I need accomplished or just to solve a quick problem. Pretty rare that I need a whole ass Object-Oriented lang but definitely see the value in the career world. I sorta wonder if Java will be the new Fortran

alex_02@infosec.pub on 26 Apr 23:38 collapse

I have. I hate Rust. I think it is overhyped. I have heard good things about Zig, and it looks more promising. Crystal and Dart also look promising, but unfortunately the hype is fucking Rust, which I think is a garbage language.

stevedidwhat_infosec@infosec.pub on 26 Apr 23:45 collapse

How come? What didn’t you like about it?

alex_02@infosec.pub on 27 Apr 12:18 collapse

The syntax reminds me of what python, javascript, c# would look like combined if they somehow mated and had a child in their threeway relationship. The community also has very stupid people that think it is great making everything twenty times harder because of some hypothetical insecurity introduced by the user or something dumb like that when Rust is supposed to be a memory safe language and the hand holding has allowed some very dumb but arrogant asshats get it to their head.

It just seems over all like a cobbled up, overhyped mess that is driven a lot by pseudo-intellects and ego. A lot of the articles I’ve read have the author throwing around a bunch of fancy words that don’t really make sense and just make them look dumb, also a lot of times it seems unneededsly complicated with how someone does x and explain it overcomplicated. This is especially with when I tried to look at the state of encryption and cryptography in rust. The issue is that crypto is easy to get wrong even by very, very smart people, so what I saw just from glancing and trying to figure out tf I’m looking at with the libraries and also the focus on more of “X is faster than other much better audited crypto library or whatever” and made me unable to trust the libraries to use in my programs since I did not want to introduce possibly vulnerabilities that could be catastrophic.

Also, ironically not long after idiots touted C/C++ being dead or something after the federal gov here decided to make the announcement of moving to memory safe languages, there was some silly cve that allowed rce via some weird batch script. I think it is just better for me to be cautious right now with the language since right now I’m very, very skeptical and from experience if I have doubts about something in tech, I’m probably right.

henfredemars@infosec.pub on 26 Apr 02:40 collapse

Well I know today is Thursday but I spent a lot of time doing a custom compile of mainline Linux only to discover that my Nvidia graphics drivers are locking me into disabling several security features, and I can’t build them to support it because they’re proprietary.