Captain’s Log: September 2020

The Good

  • 10k Daily Steps Challenge + **New Goal** – Still rumbling along with this nicely. I upped my game to now add a sub task to aim for 22 active minutes a day. That means having the heart rate properly elevated. This is going to take a while to get habitual but I have made a decent start and lowered my resting heart rate a couple of beats at the same time. The month went well until the final 2 days where I had a beast of a cold and sore throat. I managed the 10k but it took a lot of effort. I whinged on twitter about a possible chainbreaker while being sick and @TIA568B reminded me to keep going so voila:
Some days this is what success looks like
  • Blog Posts – I got an actual technical blog post out the door getting re(started) with iOS app testing. I prefer this blog maintaining its technical edge but I was never prolific with that stuff with at most 8 a year. The commitment to track my 2020 with the Captain’s Log series has drowned out the few technical posts.
  • Audio Books – Absolutely still devouring the Rama series of books by Arthur C Clarke. I am on to “Rama Revealed” which is the final book. The first book was a wonderful and relatively short story but the later instalments have been much longer listens with this one being 20 hours. Very much worth watching.
  • Youtube Channel – I have been watching Kurzegesagt with my kids. It is probably a bit beyond them but my eldest is getting all kinds of joy out of the existential and space series. I keep regularly having “mind blown!!” reactions to these videos. Honestly they are amazingly well put together. Delve into the series on ants… Pro tip.
  • Sleep – The youngest has started to sleep through the night! Hopefully this continues. So I relocated myself from sleeping on their floor to an actual bed. Like a real person I have slept on a bed! As I write this on the 7th of September for 4 consecutive nights. Long may this continue. *update.. It continued :D*. This is the real shift as it enabled the new exercise goal. If you don’t get sleep you cannot recover from exercise and so it was of limited value without this.
  • Games – XCOM: Chimera Squad. I had no idea that this had been released! I am a long time lover of the XCOM series. Over the years they have tried multiple different game modes including flight simulator, FPS etc. This is an interesting twist which is close to old school final fantasy game dynamics. Each mission is a series of breach and clear engagements. Upgrade kit to make more breach possibilities occur i.e. a brute force device to defeat doors locked with keypads, or explosives to make entries in walls. It has been interesting and a different direction for the series.
  • Weekends – We managed to get to the park most weekends for outside activities. Getting this done early in the weekend sets us up for a happier time over the weekend. Even ventured out to the forest for a roam about in nature. The kids were mainly asking where the slides were until they discovered a massive pile of rocks to climb.
  • CENSIS Talk – I was asked to speak at an event for CENSIS. Work were all for it, and gave me time in the busy schedule. The talk was around security practices in the IoT ecosystem space. While I tell everyone I am not the expert in this area I do slowly improve my understanding of it. The real positive about this was that we had agreed to do a live hacking demo. No bother when the event was face2face, but I needed to record it. The process of recording and editing was enjoyable and I really get a kick out of making little films.

AWS Snafu Finally Solved!

In April I bought a book called “AWS Pentesting with Kali”. I had decided to fire into some cloud skills as I am increasingly back on customer engagements again and it is always nice to learn new things. Sadly I have not even opened the book yet. But I did develop a tool (still not released) to enable data in and data out of restricted environments.

Data in via typing, and data out via QR codes which are both established techniques already but I like to make my own tools for these things sometimes.

Anywho, I needed a Windows server over an Internet connection and RDP to get the right feel for speed. So I went with opening an AWS account, woohoo! I would spin up a new instance each time I worked on the tool and then crush it as I went to bed using my free-tier allowance like a boss.

Unfortunately ever since May I have been sent an email every month warning my of my free-tier allowance being at 85%. But.. but.. I have nothing running? I log in to the dashboard and see nothing even paused. As the months roll on I eventually tweeted about it:

Enter the heroes I needed: @JGMSoftware, @UK_Daniel_Card, and @joe_jag who all deftly informed me I know nothing about AWS because I had assumed that dashboard showed me everything when it is indeed tied by region. I have honestly no idea why the server was spun up once in Ohio when I seem to default to Virginia on the dashboard.

Lesson very well learned and THAT is why I bothered opening an AWS account in the first place. Now that my test server is properly wiped I can now crack that AWS book open in the dead of winter and not incur costs immediately as I will have my free-tier amount back.

To the helpers. I salute thee. Keep being beautiful.

The Bad

  • Stress – I had a very stressful couple of weeks over the end of August and start of September. Some times are tough but this one was pretty up there. On being positive about it something good should come of it mid October unless there are delays or catastrophe. Fortunately the uptick in weekends being relaxing and sleep came just as it ended. Nicely timed.
    • I would like to caveat this with the fact that, after the initial rocky start, the increase in sleep quality and duration by sleeping on an actual bed made it vanish.

Highlight of the month

Work took me to places where I needed to record multiple videos for different audiences. Some for internal training, and then this one which I can share with you.

This is notable because it was made for a non-security audience. That meant doing some background theory in risk analysis and threat modelling before going into a live hacking demo to help contextualise what was happening.

Research it is not. But a reasonable demo against a vulnerable spoofed IoT ecosystem which was fun to put together.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.