Category Archives: Life the universe and everything

Captain’s Log: September 2020

The Good

  • 10k Daily Steps Challenge + **New Goal** – Still rumbling along with this nicely. I upped my game to now add a sub task to aim for 22 active minutes a day. That means having the heart rate properly elevated. This is going to take a while to get habitual but I have made a decent start and lowered my resting heart rate a couple of beats at the same time. The month went well until the final 2 days where I had a beast of a cold and sore throat. I managed the 10k but it took a lot of effort. I whinged on twitter about a possible chainbreaker while being sick and @TIA568B reminded me to keep going so voila:
Some days this is what success looks like
  • Blog Posts – I got an actual technical blog post out the door getting re(started) with iOS app testing. I prefer this blog maintaining its technical edge but I was never prolific with that stuff with at most 8 a year. The commitment to track my 2020 with the Captain’s Log series has drowned out the few technical posts.
  • Audio Books – Absolutely still devouring the Rama series of books by Arthur C Clarke. I am on to “Rama Revealed” which is the final book. The first book was a wonderful and relatively short story but the later instalments have been much longer listens with this one being 20 hours. Very much worth watching.
  • Youtube Channel – I have been watching Kurzegesagt with my kids. It is probably a bit beyond them but my eldest is getting all kinds of joy out of the existential and space series. I keep regularly having “mind blown!!” reactions to these videos. Honestly they are amazingly well put together. Delve into the series on ants… Pro tip.
  • Sleep – The youngest has started to sleep through the night! Hopefully this continues. So I relocated myself from sleeping on their floor to an actual bed. Like a real person I have slept on a bed! As I write this on the 7th of September for 4 consecutive nights. Long may this continue. *update.. It continued :D*. This is the real shift as it enabled the new exercise goal. If you don’t get sleep you cannot recover from exercise and so it was of limited value without this.
  • Games – XCOM: Chimera Squad. I had no idea that this had been released! I am a long time lover of the XCOM series. Over the years they have tried multiple different game modes including flight simulator, FPS etc. This is an interesting twist which is close to old school final fantasy game dynamics. Each mission is a series of breach and clear engagements. Upgrade kit to make more breach possibilities occur i.e. a brute force device to defeat doors locked with keypads, or explosives to make entries in walls. It has been interesting and a different direction for the series.
  • Weekends – We managed to get to the park most weekends for outside activities. Getting this done early in the weekend sets us up for a happier time over the weekend. Even ventured out to the forest for a roam about in nature. The kids were mainly asking where the slides were until they discovered a massive pile of rocks to climb.
  • CENSIS Talk – I was asked to speak at an event for CENSIS. Work were all for it, and gave me time in the busy schedule. The talk was around security practices in the IoT ecosystem space. While I tell everyone I am not the expert in this area I do slowly improve my understanding of it. The real positive about this was that we had agreed to do a live hacking demo. No bother when the event was face2face, but I needed to record it. The process of recording and editing was enjoyable and I really get a kick out of making little films.

AWS Snafu Finally Solved!

In April I bought a book called “AWS Pentesting with Kali”. I had decided to fire into some cloud skills as I am increasingly back on customer engagements again and it is always nice to learn new things. Sadly I have not even opened the book yet. But I did develop a tool (still not released) to enable data in and data out of restricted environments.

Data in via typing, and data out via QR codes which are both established techniques already but I like to make my own tools for these things sometimes.

Anywho, I needed a Windows server over an Internet connection and RDP to get the right feel for speed. So I went with opening an AWS account, woohoo! I would spin up a new instance each time I worked on the tool and then crush it as I went to bed using my free-tier allowance like a boss.

Unfortunately ever since May I have been sent an email every month warning my of my free-tier allowance being at 85%. But.. but.. I have nothing running? I log in to the dashboard and see nothing even paused. As the months roll on I eventually tweeted about it:

Enter the heroes I needed: @JGMSoftware, @UK_Daniel_Card, and @joe_jag who all deftly informed me I know nothing about AWS because I had assumed that dashboard showed me everything when it is indeed tied by region. I have honestly no idea why the server was spun up once in Ohio when I seem to default to Virginia on the dashboard.

Lesson very well learned and THAT is why I bothered opening an AWS account in the first place. Now that my test server is properly wiped I can now crack that AWS book open in the dead of winter and not incur costs immediately as I will have my free-tier amount back.

To the helpers. I salute thee. Keep being beautiful.

The Bad

  • Stress – I had a very stressful couple of weeks over the end of August and start of September. Some times are tough but this one was pretty up there. On being positive about it something good should come of it mid October unless there are delays or catastrophe. Fortunately the uptick in weekends being relaxing and sleep came just as it ended. Nicely timed.
    • I would like to caveat this with the fact that, after the initial rocky start, the increase in sleep quality and duration by sleeping on an actual bed made it vanish.

Highlight of the month

Work took me to places where I needed to record multiple videos for different audiences. Some for internal training, and then this one which I can share with you.

This is notable because it was made for a non-security audience. That meant doing some background theory in risk analysis and threat modelling before going into a live hacking demo to help contextualise what was happening.

Research it is not. But a reasonable demo against a vulnerable spoofed IoT ecosystem which was fun to put together.

Captain’s Log: August 2020

The good

  • Little bit of charity – The #BoycottYourBed charity was raising money for Action for Kids. The idea was simple; go sleep someplace other than beds in your home. I could not get the kids to focus on the live stream. Because they were too excited about a massive den that was being built to sleep in. It came to a sticky conclusion when a kid prodigiously vomited over much of the den… So.. I scrubbed, cleaned, and then relocated to the kids room on the floor in a snuggly pile. Until that point it was probably the most fun the kids have had in months.
  • Back to School – The return to school has been amazing. They were so bored at home for such a long time that no amount of amusement seemed to do. Now we are having a much happier kid and much better weekends together since everyone isn’t knackered.
  • Adventures Outside – We made it to the park together at weekends because, as I said, everyone wasn’t totally knackered by my days off. It has been a long lock down and a struggle to get everyone outside at the same time. This was very good. More of this.. oh. whoops its winter. The leaves are falling πŸ˜€
  • 10k steps rolling on every single day – All the way back to Christmas Eve 2019. Some seriously… Seriously tough days in August. Early in the month Kid A succumbed to food poisoning and I basically didn’t sleep for 7 days while sitting up with them. But here I am another month more into this stupid goal!
  • TV – Ashes to Ashes – What a show. It has taken quite a while to re watch but it is such an excellent programme. That ending is absolutely sublime and you should not read the rest of this blog post if you have not watched Life on Mars and Ashes to Ashes. Drop whatever you are doing and start watching them. They really pay out.
  • Audiobook #1Rama II by Arthur C Clarke – Listening to the first one has really lit up my brain for thinking about the cosmos again. Getting the second one the moment the first one ended to continue the story was *obvious*. This time we are given characters and tension based on them interacting which is interesting. The first one now seems like some idyllic jaunt now by comparison. Very entertaining.
  • Audiobook #2The Garden of Rama – In for a penny eh? Straight into the 3rd part. Anything at this point is probably spoilers.
  • Gaming Rise of the Tomb Raider was this months PS Plus title. I devoured that. I like single player titles with a story. It basically was like “tomb raider does Arkham Asylum”. The mechanics are all giving off super batman vibes. That is a good thing because it is possible to play stealthily. The game says I have approximately 97% completed it. Given that is based on collectables that are not on the map I am considering is it really worth walking every area to go further? After completing games they should just mark things on maps in vague areas with circles to search in.

The bad

Had a bit of a panic attack over the last weekend of August. As before the triggers seem clear. Not sleeping well again and having rather a lot of things going on at the moment. Even when the things are awesome and well worth it. It is still a reminder to get more sleep.

Highlight of the month

Work highlight: I delivered a job and got some amazing feedback from the customer. Never underestimate the value of feedback (positive, and negative). Be kind, stay constructive. Other than that tell everyone all of the things all of the time!

Life highlight: I said I couldn’t sleep right? I made a stupid short film because I was asked to make a single monstrous slice of toast. I mostly wanted to document the horrible slice of toast existed.

Captain’s Log: July 2020

The Good

  • 10k steps rolling on every single day – I have worked in a few jogs a week this month to get the heart rate elevated more regularly. It comes with the obvious benefits for doing so. My resting heart rate has gone down around 6 BPM which isn’t to be sniffed at.
  • Calorie Calculator – I know what helps me to lose weight. My level of activity has been fine but really the key is to stop ingress of breaded or cakey items. In lockdown my cupboards suddenly got flooded with tonnes of food because the uncertainty of delivery slots made us guess what was needed for a week+ at a time. In the general meh mod alcohol went up, food went in, and the natural impact was weight gain. For the last week of July I went back to tracking calories. A process I find so dull it unilaterally stops me snacking.
  • Bid on houses – I have always wanted a house with a garden. I was not fortunate enough to grow up with that and it is something I clearly aspire to. Lockdown certainly made me not want to wait anymore so co-incidentally when the market opened in Scotland again I went to view a property. I bid on it but it went for silly money beyond the valuation (50k or so more). The positives are that we got familiar with the process, someone came and valued our place, and I spent a long weekend cleaning and now love my flat more.
  • DIY in the flat – With a house move unlikely it means I get to focus on the flat some more. I hung some blinds in the kitchen which stops the massive stream of sunlight in the morning taking the sting of the sun out. We have also sought some quotes to finally tackle the horrible part of our flat – the central heating plumbing. Since we will be here for a few more years most likely I don’t want to go into another winter with the kids bedroom being cold. Also finally being able to decorate after this would be amazing.
  • Reading/Audiobooks #1 – I completed White Fragility by Robin DiAngelo over many morning walks in June and early July. The biggest revelation to me was how we allow “racist” to be so narrowly defined. It is conflated to mean “is a bad person” and to mean discrete individual acts of hatred which are both intentional and overt. Really we can deal with those incidents as being perpetrated by assholes. We pat ourselves our backs for not being those guys. While remaining oblivious to the underlying societal problems. Thought provoking read. Well worth an audible credit.
  • Reading/Audiobooks #2 – Several people have recommended the subtle art of not giving a fuck by Mark Manson. It is entertainingly written. It however feels like “bro” science and thus far seems pretty obvious to me. Don’t care about the things you cannot change. Pick your battles. Rather than saying anything new it appears to be a love note to tell you to not bother with any self improvement techniques at all. But look at me. Accusing something of merely being snide by being snide. It has helped more people than I could ever hope to. There has been some bits encouraging me to think about some of my choices. Not an absolute train wreck, but I was not bowled over.
  • Reading/Audiobooks #3Randevous with Rama by Arthur C Clarke. A legend of a friend of mine recommended it. I have been entirely captivated by this and it represents a triumphant first fiction book of 2020.
  • Gaming – I completed the Last of Us Part II. It is hard to say you “enjoyed” it unequivocally. Because I think if you are doing it right this game is toying with you the player. The narrative arc has a few fixed set points where you MUST behave in a certain way. In an otherwise open world you simply MUST do some questionable things to proceed. They are not glorified though they are horrific. To survive the post apocalypse you have to develop emotional calluses which first means taking a few bruises. THIS IS AMAZING. Any thrill for vengeance was totally and absolutely wrung out of me before the final act.
  • Gaming #2 – I fired up the original XCOM game from way back in 1994. This game has captivated me most summers since 1994 and I give it a play through in a couple of evenings. It is an absolute classic.
  • Work – A customer project saw me do an architecture review. I really enjoyed it. It has been a while but I was just in love with the full adoption of Devops/Secops/Psyclopses/Containers etc. So many of the tools and technologies required to make something which starts secure are free and relatively easy to use. What a time to be alive?
  • Music – I ordered a new practice amp from Positive Grid before lockdown. It took 4 months to arrive. The product has been fun and I have not had more than an hour to play with it. I can easily see how this would help me improve my playing by giving me automatic backing tracks to learn to solo over. I have put the day back but now it may be the time to learn scales instead of the “by feel” approach I have. Humans implicitly hear the bum notes. So you can cobble together what sounds right without formality. Just eventually I guess I should grow up and learn the instrument!
  • Music #2 – as a satire on the need to run Doom on any device or it hasn’t been “hacked” I did this moments after getting it out the box :D. The tone is a default one on the amp I don’t think I used the app to get that. It makes some gorgeous tones.

The Bad

End of July blues. While the month was running along very positively it hit Thursday 30th and suddenly I was just completely “meh” about life. I didn’t get to sleep on time on Wednesday finally getting about 4h30m sleep according to my tracker. Add into the mix that I was calorie counting and it is probably just a huge energy dip.

I am not overly concerned since a day of being depressed when you are better at recognising why is probably a sign of progress.

Highlight of the month

Whatever THIS is!

https://www.youtube.com/watch?v=qVtWENXnar8

Did you know that Dr Who has no officially been back in production longer than it was taken off air? The tipping point was July 2020. The Glasgow Dr Who meetup group were looking to celebrate that fact socially distanced so I knocked that monster out in a wonderful 30 minutes or so. Fun but it was way pasta my bedtime to do it.

Overall July was a blast.

Captain’s Log: June 2020

The Good

  • Moving about – 10k steps achieved again! Every day since Christmas eve 2019. Some days it has been exceptionally difficult. Still.. Clinging on to this one achievement belligerently. I did do a few mornings of light jogging to improve the heart rate zoning so probably better than last month. Otherwise the quality of the movement is pretty low.
  • ContentA blog post! – Like an actual one about technical stuff that is hopefully useful. Mainly about development but shows some of the impact of a pentest report landing and making wild claims about how simple it is to just patch things. I like to try and replicate responding to a report. It helps me make better recommendations which have a dash of empathy when I know it is going to be an absolute pain to implement.
  • Decorating – bought a new TV stand, threw out a tonne of things and made the living room look infinity nicer. Much better for the psyche looking at nice clean walls. Lockdown seems to have prevented me buying accessories for trunking I am looking at. So I will have to wait to finish the basic human level of decoration I want. But as I said infinitely better. Following a philosophy of doing one thing a weekend at the moment.
  • Gaming – Completed Uncharted 4 – Obviously an excellent title. Discovered that there was Uncharted: The Lost Legacy for extra stories which I am working on now. Also a great game. Last of us Part II came in and I am absolutely loving it so far. 5 hours in I realised the last 5 games I have played have all been NaughtyDog. They seem to be cornering the single player story genre.
  • Security Research – I worked for several days on my tools RDPUpload and RDPDownload with the blessing of my employer. Both came out of projects I have worked on but I took the time to formalise them and put them in a blog post. If you see the highlight of the month you can also see I pushed myself to publish it perhaps a bit earlier than they were ready. The official work blog and tool release hasn’t happened yet though.

The Bad

Panic attack. First one since early February. Despite everything that has been going on in the world I have remained amazingly unfazed. It goes on to prove that my particular problem is a lack of sleep. After the kids stopped going to bed before 10pm for a solid couple of weeks I had a sudden panic attack at 2am and couldn’t get to sleep. It had less of an impact than previous bouts, but I was still knackered for a day or two after.

Result: Going to bed for a few nights in a row when the kids did instead of sitting up to get some adult media content time. Not the wholesale changes to lifestyle I was managing at the start of the year. But I have definitely let all the things I was doing go during lockdown.

Highlight of the month

Talking to the beautiful people at Abertay Hacksoc. I had been doing research and making tools to release a blog post for work. When asked to speak to the students on the Monday I said “lets do it!”. It led to a panicked two days trying to make some content and a practical demo. Here is part of the talk via a tweet:

It is so weird presenting via Zoom being unable to gauge reactions. I do hope that this bit raised some smiles though. The full talk went out here:

This is the end of the captain’s log for June 2020.

Captain’s Log: May 2020

The Good

  • Activity – 10k steps… every day.. Going all the way back to Christmas Eve 2019. I have brought an old treadmill back into service during lockdown. I go outside for a decent walk a couple of times a week.
  • Uncharted Games – the remastered 1-3 and 4 have all been given out for “free” with PS Plus over the last few months. I have waded my way through 1-3 and am onto 4. They tell really fun stories even if I find the shooting a bit repetitive at times. The puzzles are often worth it.
  • Life on Mars/Ashes to Ashes – if you have not seen LOM/A2A before then I envy you because you have a hell of a ride to go on. I encourage you to do so.
  • Security Research #1 – Work gave my team an opportunity to take on security research against some open source projects. We had a lot of fun and found a tonne of vulns that we are in the process of disclosing.
  • Security Research #2 – I had time to implement a process for data exfiltration using QR codes (RDPDownload). This is the opposite of my RDPUpload tool that I made a few years ago. While not a brand new technique I enjoy building exfiltration tools to see the trade offs involved and yes this worked on a genuine project. I am working on releasing that tool this month.
  • Decoration – Given lockdown makes me stare at my walls I realised I am not in-love with my flat anymore. I have gone on a programme of doing a minor bit of decorating every night for two weeks. Filling holes here. Sanding and painting there. While I am no expert at this the results are sufficient to mean my eye isn’t drawn to various defects that were driving me mental. The benefits of this for mental health has been huge.
  • Audiobooks – I was unable to get through any in May 😦

The Bad

In 2019 I was immobilised for months and was unable to get out of the house. I gained a lot of weight as a result and felt like crap. Indeed the whole point behind this “Captain’s Log” series was to show the positive steps I was taking to avoid a repeat of that period of my life and to get physically and mentally fitter.

Under lockdown my mental health has remained robust. By the end of May I decided to weigh in to discover indeed I had put on all the weight I had lost pre-lockdown. Not shocked but it is also a little annoying.

Kids out of their routine == Cranky days, late nights, and early waking.

When you are not sleeping right then weight gain is basically inevitable. Fortunately, the kids have started to sleep more regularly in the last week. So light at the end of the tunnel.

Highlight of the month

I think the decorating has really been the highlight. While there is still absolutely tonnes to do. It feels positive like I have stopped treading water and gone on to exert control over my domain. Plus I guess it provides a bunch of exercise to get it done which helps generally with everything.

Captain’s Log: April 2020

The Good

  • I managed to continue to walk 10k steps every single day in April. It is hard going given the lockdown and most days I do them entirely indoors. It is like the last feature of my exceedingly healthy start to 2020 that I am maintaining.
  • I got a security related blog post out the door: https://cornerpirate.com/2020/04/14/uploading-file-when-all-else-fails/
    • I needed to use RDPUpload in April and took an evening to patch it for Python3 and introduce some new functions. An equivalent tool to exfil through locked down remote environments was also made but not public facing yet. It felt great to get a bit of on message content out again πŸ˜€
  • My work runs a regular Hackathon event where we share skills and do some collaborative research. It went great and let me help out with a bunch of potential CVEs that could take sometime to get disclosed. I do love this stuff as it is things I never really did elsewhere.
  • Music has been the saving grace of my lockdown. It lifts the spirit like nothing else.
    • Keyboard – I bought one before Christmas 2019 and struggled to get time on it until the lockdown. I was able to practice chord shapes and play a bunch of songs out of a chord song book in early April. Even getting as far as coordinating left and right hands together to sort of double up the chords for a richer sound. To be clear; I have no idea what I am doing but it is fun to try!
    • Guitar – I taught myself to play around 20 years ago but finding time to keep up has been a struggle since having kids. In 2018-2019 I started to get into home recording and I have seen myself practising those skills in the lockdown.
    • MPD218 & Ableton – This cheeky wee bit of kit lets you assign sounds to buttons and manipulate them. I had given Ableton software a brief go in 2019 but it didn’t make a whole lot of sense. With the arrival of the MPD I sat through a bunch of Ableton tutorials and made a simple dancy track. My intention is to figure out how to make drum tracks on this setup which I have never done before.
  • My friend was making a video to demonstrate CVE-2020-7055 (an RCE in the WordPress Elementor plugin). It was a bit stark at 3 minutes of silence so I battered out something that felt appropriate over lunch. In the end I gave it to someone else in my team to make something more professional sounding which went on the final video. But I have been listening to what I made on loop for a bit and it isn’t as shit as I initially thought!
  • Glasgow Defcon (DC44141) went online for the first time via Twitch. With talks from @ZephyrFish (an intro to Red Teaming) and @InfoSec_Paul_M (on blue team phishing detection techniques). While on the stream someone said “toss a coin to sysadmin” so that inspired this πŸ˜€
  • The DC44141 meetup had the pub vibe via an open Discord chat room after the talks. Featuring lots of lovely people.
  • Brooklyn 99 season 6 on Netflix arrived and was consumed to much joy.
  • A feature length Red Dwarf episode arrived and was absolutely a joy to behold. I truly appreciate having spent so long of my life in the company of those characters.
  • I played counter strike: GO more often with great people and had a good time. I feel like I suck a lot less than last month. The game is free on Steam if you want to get hold of it. I have a dedicated server and share the details if you DM on Twitter to @cornerpirate.
  • I started Half Life 2 Updated which I think is free on Steam. I loved HL2 obviously. This updated version seems to have different or more immersive music and I was in absolute tears of joy about how amazing the feat of engineering that is. They introduced GRAVITY for the first real time into games and had an absolute blast making puzzles. It is inconceivable now that games were not like this before. Truly brilliant and if you haven’t played it in over a decade like me, if not now when?

This month’s audiobooks

  • How to talk so little kids will listen by Joanna Faber & Julie King. I had not completely finished this in March and eventually got through this by mid April. It was a great book with tonnes of advice for communicating with kids clearly. Sadly the lockdown has regressed most peoples behaviour because we are trapped in pretty tight quarters. Still several of the techniques have reduced the impact of that.
  • Amazon Web Service by Paul B Richie. I am looking to learn more about AWS and Azure to have more rounded knowledge in those fields. I know bits and pieces but am seeking a few more jigsaw pieces. I am going to be honest. I haven’t gotten far into this and the initial chapter was like listening to someone reading a dictionary rather than inspiring the listener. Ok ok.. I also selected this book in particular because the author is almost my name sake. It might not be fit for the purpose I had in mind.

The Bad

The amount of crud I am eating is essentially putting on the weight I lost at the start of the year. Now that I am getting towards adjusted to the new lockdown reality I have been able to start reigning that in.

Highlight of the month

This has put a smile on my face. I needed to go and collect medicine. When I wrote in to say I was going AFK. An amazing colleague said “A QUEST!” just before I went out the door I recorded a few bits of the walk.

When I got home I strung them together and threw some music on it. There is now a channel in youtube “Fun with cornerpirate” which maintains a list of two quests so far:

The audio of me speaking is particularly bad because of the wind. When I filtered it out in Audacity using noise reduction it left my voice sounding shrill.. Lesson learned even if it is spur of the moment take out the better microphone which has the fuzzy stuff on it.

I now have the right mic but the wrong app was the lesson from episode two.

Captain's Log: March 2020

The good

  • I did a talk at Glasgow Defcon (@dc44141) called “Intro(ish) to SQL Injection”. Following on from the actual intro in February this recapped a bit, but went into demos for Blind SQL Injection and then getting a webshell. It went well and as always there is a noticeable bounce in happiness having survived a public speaking gig. You should definitely do it the positives massively outweigh the ph34r. Video of the content captured after the event here:
  • After my talk I spoke to lots of people at the end but didn’t quite catch all the Twitter handles. Seems the kids these days communicate via Instantgrams which I thought was how they ordered weed? Lovely conversations with: @zenrhe, @TIA568B, @ScottMcGready, and @ddsgerard.
  • Delivered my first project to a customer in months (having been involved in various non-front line projects). It is natural to see a bit of ring-rustiness in these situations. When the account manager called up our brand new customer they took the time to say “It is honestly the best penetration testing report I have ever seen”. I blushed very hard but am trying to remember that is more of an indictment of the industry average skill at writing down what they did than anything.
  • I needed to Google something to remember how to do it. The page I found named me in the article. This is good because someone found the drivel I shared valuable enough to pass it on. Shout out to every reader; write your thoughts and share them on a blog. You help yourself and others and your contribution is welcome!
  • Making music and things again. I bought a piano chord song book and am learning chords. I might get out of the lockdown able to play a brand new instrument!
  • As well as getting a guitar out more regularly for things like a warning about default passwords :
  • And ofcourse a covid-19 smells like teen spirit arrangement made in a lunchtime:

Getting Going again!

  • Counter Strike:GO – I have procured a dedicated server protected by a password. If you want to come and play on a clean server where people are told to play the objectives and say “gg” (or gtfo) then I can hook you up with the details. DM me on twitter @cornerpirate.

Audiobooks

  • This months audio books were:
    • What you need to know about business by Roger Trapp. Part of being a penetration tester means I periodically refresh my understanding of businesses and how they operate. I want to ensure that I am using the right language for that audience, and to stick my finger on the right wound to stem the blood when prioritising fixes. You will find a lot of good entry level things in this audio book. Not the best book on the topic I have read but I am really bad at book titles and names so I am no use to tell you what those were :D.
    • How to talk so little kids will listen by Joanna Faber & Julie King. Part of being a parent is needing to get things done in the face of resistance. With the impending home schooling requirement (I wrote this before #Lockdown) I felt it was useful to delve into this book deeper than I had managed with the real physical book. The essential message is absolutely applicable to everyone you want to speak to. Going to scream the key learning so far:
      • LISTEN TO AND ACKNOWLEDGE THE FEELING OF THE OTHER PERSON.
      • DO NOT TRY AND IMMEDIATELY OFFER SOLUTIONS, LET THEM EXPRESS THEMSELVES.
      • MODEL HOW BY EXPRESSING YOURSELF.
      • AVOID GIVING DIRECTIVES. TRY GIVING FACTS AND STATING WHAT YOU ARE FEELING.
      • … there are many more. I have been mixing things from this and the CBT knowledge from last month in talking to my wilful eldest child. While they are not perfect in any way they are now getting far more responsibilities which they are thriving on. Having previously been unable to listen to any instructions, it is now much more harmonious between us. We can genuinely get the time lost on tampers and turn that into playful fun time. A revolution in our relationship while not entirely down to this book it is a definite place to look and start your journey.

The bad

Panic Attack – (written pre #lockdown). The flying duck is a local nightclub. It is fantastic and serves a lot of Vegan food too if you like that sort of thing. It is also apparently a nightmare in box with my name on the card. Who knew? I have been there three times before and it has not been a problem. But those times were before all the sleep deprivation and onset of panic attacks. I would still recommend the place to others because it is a fine establishment. In saying that lets delve into my experience:

  • Before going to DC44141 to talk I took a taxi in to have something to eat. This was not planned. Maybe my brain did not have time to prepare for this to be happening so it decided to remind me.
  • I had not had much sleep over the previous 48 hours and had been working pretty hard on a customer engagement too. Basically my stress was probably a lot higher than it had been in Jan-Feb for those reasons.
  • As I walked down the 20 ish steps to the basement bar I was overwhelmed. It was a sensory overload. Sudden suffocating air of deep fat frying. The smell triggering flashbacks to a trauma. Many moons ago I had such a vigorous bout of heartburn it felt like I was about to die.
  • The lack of natural light bringing on a touch of claustrophobia perhaps didn’t help.
  • The clincher was the music. It was.. and how to be polite.. utter pish. It was the worst excesses of trying to be laid back jazz while actually being discordant. Purposefully off any sense of rhythm. With some bastard seemingly playing a trumpet with an air horn at any moment when you might have found solace.
  • In my mind I equate what I experienced with footage of people being tortured with white-noise.
  • I stuck it out and we ate a meal. I couldn’t really eat but needed a little something.

I am laughing about it now because of how utterly ridiculous the whole thing was. I have been doing the correct things in 2020 to reduce the occurrences and diminish the impact of these. But here I am freely admitting to the sort of party that goes on inside my mind sometimes.

The positives from this situation are: nothing bad happened, my ability to sit in it and stew instead of running away are showing tolerance going up, and I was able to perform after it instead of literally losing a days work after like previous incidents.

Oh and it gave me a fun opening to the talk where I just ranted about the experience. It felt like rocking an open mic night. The folks who usually leave the GCU union when you start your talk all hung around for the 3 minutes of ad-libbing. A possible future career in observational comedy about panic attacks is worth exploring!

Coronavirus Panic #1: so that is all going nuts outside yeah? I am writing this bit in the middle of March (Monday 16th). As yet the UK has done the square total of nothing to prepare it seems. Panic buying has hit home, and yet the schools are all open on the most part.

While I can freak out about going into a basement it turns out I am not overly concerned by a pandemic which is actually a dreadful thing which is entirely outside of my control. I am focusing on my goals and ensuring I have entertainment and a little food in hand in case of a lockdown.

Coronavirus Panic #2: having lived the homeschooling life for a week and a half I think we will be ok. My partner has stepped up to the plate and is doing wonderful things. I love them beyond words.

Highlight of the month

I think the highlight is somehow miraculously managing 10k steps a day despite being locked in doors with motivation waning. Keeping this up is like a little note to trying to remain positive.

Honestly this month feels like it took 2 decades didn’t it? The captain’s log is more disjointed than usual. There are bits from clearly different eons.Β The things I was doing to tackle my physical and mental health challenges in 2020 were all paying out and contributing to a happy cornerpirate. I have not burned through the reserves yet. However, when a big part was going OUTSIDE to listen to audiobooks and get exercise/sunlight at three points in the day. You can probably assume something is going to give soon since they basically outlawed my coping strategy.

Time for a new strategy!

Captain’s Log: February 2020

In keeping with noting down the good and the bad briefly each month here is February.

The good

  • Managed the 10k steps a day challenge for another month. Some days it was hard and other days I was way way over the minimum. Energy levels returning. It was particularly challenging given the run of epic storms battering the country limiting outside time but we got that done folks.
  • Integrating a little weight lifting and pushups (standing up vs a wall for now) into the mix which have a major effect for me personally when burning calories. Trying to make that habitual as well. Picked up a kettlebell towards the end of the month and it really kicked my ass. Primo bit of kit that and I would highly recommend.
  • Prepared a talk called “Intro to SQL Injection” for Glasgow Defcon. With January having gone great, I saw that there was no speaker booked and figured why not challenge myself to pull something together over a weekend. Vulnerable LAMP stack created, application and slides pulled together without fuss.
  • Delivered said talk. Despite a few niggles about the venue layout and the microphone it seemed to go down well. Met some new legends (EHBEHCEH, KathrynMcBain, and laughingFalkor), and saw some returning legends for the first time in ages (wintervirus). Nobody seemed offended if I go for more advanced SQLi next month. So committed to doing round2 in March!
  • Went on holiday to a log cabin and had a genuinely relaxing time (despite the best efforts of storm Ciara making it a little leaky).
  • A colleague had a big test and not enough time to fully smash everything so gave me an absolute open goal of an RCE to play with. Not entirely trivial to get working but I managed to get a webshell, then reverse shell out of it at least and get some good onward findings. Felt good πŸ˜€
  • Prepared a talk called “Intro(ish) to SQL Injection” for AbertayHackers after having my presence demanded by Casual_Unknown and akhanhack following what I call my triumphant talk at G3C in 2019. Triumphant because I went for joy, and folks came out smiling. Unfortunately see The Bad section below 😦
  • I have used a FitBit to track my sleeping pattern in 2020. Fortunately or unfortunately I have no data from 2019 when all I can tell you is “living permanently awake and on high alert” which was unhealthy. By now I have a graph showing sleep quality if not duration improving. In a world of incremental gains I am saying this is definitely the most positive change to see. It is very likely the result of appropriate hydration in the daytime, and the moderate exercise.
  • Continuing to utilise childcare to get more time with my partner. As the kids get more independent it is absolutely vital to stop the vicious holding pattern we had established where a parent was always on duty.
  • Finally, over in Audiobook land I listened to almost all of Cognitive Behavioral Therapy: Techniques for Retraining Your Brain. I say book. It is clearly a series of lectures with indicative interviews with patients recorded for you to listen in on. It is helping me have the language and critical thinking required to take 2020 Pirate to a better place.

The bad

  • Cancelling for said “Intro(ish) to SQL Injection” talk the morning off. Woke up. Kid was sick and my partner was sick. It made me feel absolutely awful to cancel something.
    • In raking though the positives at least more of the content for DC44141 in March had been completed earlier than I would have.
    • At least I wasn’t cancelling because I had some mad panic attack or anything.

Highlight of the month

  • My kids are getting a much better version of their dad. While I have always been present and have tried my best. They are getting a more energetic, less sleep deprived version. I am importantly far less shouty than 2019’s immobile and permanently in pain shitshow of a father.

Captain’s log: January 2020

After entirely writing 2019 off as not happening, I resolved to have a better 2020. Turning things around takes planning and effort. Here is the January log.

The good:

  • I walked more than 10,000 steps every day. Establishing a new baseline for my physical health after protracted periods off my feet in 2019. A resting heart rate a few beats per minute lower is not to be sniffed at.
  • I spoke to lots of friends and family on the phone in the evenings to help me through the 10k steps challenge. Reconnecting a bit with good people I had let myself get isolated from was great.
  • I drank water like it was going out of fashion.
  • I kept booze to a few special events when I was out with colleagues or with my wife.
  • I made sure I went outside every day even if it was a walk around the block.
  • I attended my first “hackathon” at work and was blown away by the joys of simply being around some utterly lovely people. Listening to colleagues talk about things they have been researching and then a spot of directed bug hunting was brilliant.
  • My hackathon efforts found a modest vulnerability in a wordpress plugin which I disclosed to the developer and ended with my first ever CVE reference. Go me.
  • I had some study time due while I prepared for an exam. I refreshed some app testing skills and delved into a few techniques I hadn’t had time to catch up on before. Studying is good for the soul.
  • I signed up to audible and listened to my first book in roughly 30 minute chunks walking to go get coffee whenever the sun poked out from the clouds.
  • I travelled solo on a plane twice without freaking out about it. The whole experience of travel had become stressful over recent years. So getting back in the saddle was uplifting.. Get it? Planes.. sky… uplifting?? Hard to please some people.
  • I sat and most likely failed an exam (but I won’t find out until February). I had a lovely time preparing for it, an uplifting journey, and actually really enjoyed spending a day hacking stuff that was vulnerable. It is in the good column because overall it was positive, and now I will know how to prepare for the next attempt if it is necessary.
  • Patrick Stewart returned as Jean-Luc Picard. It was like meeting an old boss you love for breakfast (which I also managed this month, and which was also delightful). Two episodes deep the show is going strong.
  • Dr Who returned with a flurry of brilliant episodes which generally entertained.

The bad:

  • A panic attack while sat about to eat dinner with my colleagues the night before that hackathon I mentioned.

I clearly but politely said “I am off folks” and then spent the rest of the evening breathing cold night air. Speaking to my partner on the phone and playing guitar in my hotel room. It worked. I calmed down. Improving my ability to cope with and recover from the situation is important.

Probable cause of panic? Take your pick. The restaurant was insanely hot. I had spent a long day socialising pretty hard which, when you work from home is pretty rare. I had driven a long way to be there. I was all out of my routine etc etc.

Highlight of the month:

  • I had an actual proper date with my wife without the kids. The time when we could not achieve this is coming to an end. We can spend some time together alone which is great. This could be life altering. We had such a laugh and enjoyed a nice meal.

I feel like the year has started well.

Burp a sandstorm

Back when myself and Andy Gill were working together it became a running joke in the office that whenever you open Burp suite Darude’s Sandstorm must blare out. How would you get a shell storm without sandstorm? Back in December I took a moment to make an Extension that does exactly that. Have the code here:

from burp import IBurpExtender
from java.awt import Desktop;
from java.net import URI;

class BurpExtender(IBurpExtender):

	extensionName = "Hacking in Progress"
	def registerExtenderCallbacks(self, callbacks):
		callbacks.setExtensionName(self.extensionName)
		if Desktop.isDesktopSupported() and  Desktop.getDesktop().isSupported(Desktop.Action.BROWSE):
			Desktop.getDesktop().browse(URI("https://www.youtube.com/watch?v=c-ydGUHUDj8"))
		
		return

Save this into a “.py” file and import as a python extender within burp.

It serves no useful function unless you want a 10 hour loop of Sandstorm playing in your system default web browser. To be honest, why wouldn’t you?

Awkward first post of 2019 out of the way. Back onto useful things soon.

* Featured image was pulled off Google with “Free for non-commercial use” selected. The Flickr account that originally had it doesn’t exist now so unable to thank the person who took it or seek permission. Whoever took it, well done and hope you are ok with my using it.