Category Archives: Life the universe and everything

Here is how I did in the new condensed table format.

Other bits

• Research – I was not able to talk about this last month but the Fedena research finally came out. My team and I found seven vulnerabilities in this school management software. It took over a year from discovery to posting. This was picked up by the daily swig, which was nice! Getting clear of this has given me a boost to go find some more bugs. The technical details for the authentication bypass CVE-2021-27980 are out for reading. Or just the short video of the PoC:

• Euro 2020 – I cannot adequately put into words how excited I was for this. I barely watch football these days but I just love these tournaments. The fact that Scotland were at the party just made it all the more exciting. The build up to the first game was fantastic and I was singing through the entire game. It doesn’t matter that Scotland exited early. We actually played pretty well. I would say that was pretty much the tale for our tournament in the end. We played well. We created chances. But we couldn’t take them and that was the end of that.
• Audiobooks 1 – technically still on Stealing Light: Shoal, Book 1 by Gary Gibson. A good bit of Sci-Fi. But without much exercise or walking occurring these days my time has been limited.
• Television 1 – Star Trek Voyager. I have completed this and it honestly stands up quite well. Last time I watched it there were far more episodes I wanted to skip. This time I was ok with most of it. Some excellent Star Trek in here.
• Television 2 – Brooklyn 99. After voyager I fell back into season 7 of this. What a lovingly made show this is. Captain Raymond Holt going badass over his fluffy boy being kidnapped is a total highlight.
• House – We booked someone to come replace the bathroom sink and they have not done so yet. We have sort of been stuck waiting on that as we are trying to do things in a set order.
• Garden – Has paid out strawberries twice already this summer. I have had horrific hay fever (the worst I have ever had) but I have still been able to murder the lawn appropriately so hopefully I will learn to get that done more effectively to minimise the impact. I have been out the back in a Darth Vader style breathing mask but that didn’t actually reduce the symptoms after cutting the grass. Answers on a post card (or comment) welcome.

That is the log for June.

A new year has begun.

If we go back to two years to 2019 for a moment. I was diagnosed with a medical condition that is prone to immobilise me periodically for around 2 weeks. There were a few bouts of that. I also had some unrelated chest infections, tonsillitis, and a run of bad health that went through the peak of summer until December 2019. I had been pretty miserable and had seen my weight increase due to the lack of mobility.

By Christmas eve 2019 I had been on medication to control my condition long enough for me to get back to walking around. Sick of the misery I set myself a goal of doing the 10k steps per day that Fitbit offers as good minimum level. Through lockdowns this became an absolute mission but I got it done.

I got through my self-set 2020 challenges, and now I have to ask what next?

I have set some health, lifestyle, and hobby goals for 2021.

Lets get Spectabular!

I am going to introduce you to the table of the six labours, and one thing I need to track monthly:

I will complete this table each month to add a bit more brevity and structure to the rather chaotic approach used last year. Starting from February I should get away with much shorter blogs as a result.

How did I do in January?

Now into the meat.

The Good

• Board Games – I discovered that someone at the school had taught my eldest how to play chess. We had tried for years to play board games but their lack of patience and attitude to losing at anything was too explosive and caused fights. I bought a compendium of old board games and made the time to play just with them regularly. It has been great fun! I can see they have a logical brain when they are not exploding about losing. Seeing them mature is beautiful.
• Music – Having setup the Piano over the keyboard over the holidays, and procured a poster which shows the chord shapes, I have been able to belt out a few songs in the evenings. Since I have never had a lesson or loads of time to do this before it has been nice. I am happy mucking about like this. My goal clearly isn’t to master the instrument. Simply to have fun and this has been great.
• Health – I have lost weight. I am just not terribly interested in the number this time. The focus is the exercise goals and maintaining those and the results will continue. Or not. But I will be healthier regardless of my mass. In most things I find data and statistics comforting. Somehow weighing myself is a mixed bag as it can be as demotivating as it is motivating. Trying it differently this time and not going for weekly weigh ins.
• Audiobook 1 – I listened to Sandworm by Andy Greenberg. I found this very interesting and should be the kind of book you can recommend to non-infosec humans. It is well delivered. The pace is expertly done.
• Audiobook 2 – From there I moved on to Dune by Frank Herbert. I would like to state for the record that I didn’t listen to Sandworm (which is a reference to Dune itself) and then decide to buy Dune to listen to. That would be far too logical! I had actually been meaning to read Dune for many years. I had bought it on Audible before I was recommended Sandworm. I let the recommendation jump the queue and was laughing when Sandworm was revealed as a reference to Dune. The audible production of Dune is excellent and is the first I have heard with additional music. It isn’t quite a radio play version but is definitely acted more than just read.

The Bad

• Maybe not “bad” really. This one is actually a bittersweet. One of my team decided to move on to pastures new to continue their career progression. This is always both a sad and a wonderful thing. Sad because you won’t be talking to them every day anymore. But also wonderful because everyone needs to eventually move on. They were definitely ready to do so. Even though I will miss our wide ranging phone calls that always started “I have five minutes” and ended up an hour later with us both much happier for the exchange.

The Good

• 10k a day steps challenge – I have managed this every day again. That-is-11-months. Almost an entire freaking year. If I get to Christmas eve I will have actually done something I said I would do. Which in this whole crazy wreck of a year is something to be celebrated.
• 150 active minutes a week challenge – I hurt my thigh as I started running again at the end of October. I needed to rest that up for a week or so. But I banged into November with bad news (see “The Bad”) regarding my health. After the thigh issue cleared up I had an excellent run of it (pun gleefully intended). Most weekday mornings I would be out jogging before work and I got both fitter, and thinner as a result. I ordered an exercise bike which was said to be “next day delivery” that I have not seen any more about. I ordered before England locked back down so I was expecting to get a bike :(. Update: It eventually arrived 3 weeks later, but I haven’t had time to build it.
• Eating well challenge – (see the rabbit food ^^^) I don’t think I really ate too badly before but lockdown definitely accelerated the amount of crap I was eating. After the bad news (see “The Bad”) I went back to tracking calories. The act of having to scan barcodes and weigh spinach is so damn annoying that I definitely eat less as a result. The first bit of weight loss for me always goes really well. So into the baggy clothes and feeling good part of the process. Back to sorta where I was pre-lockdown when I started this series of posts. It is paying off.
• Audiobooks – I moved back to feeding my brain with Sapiens. It started by reminding me about the Naked Ape which I read a good 20 years ago. I am intrigued by the speculation around what happened 70k years ago when suddenly one of several species of tool using humans came to dominance. The theory is that there was a cognitive revolution after which one species was capable of more complex language allowing both gossip and shared fantasies like religions. This allowed evolution through co-operation instead of time consuming genetics. The most fascinating point was that this is why we have anxiety about various things that logically do not make sense. Genetically speaking we are not apex predators but it turns out we are purely because of cognitive abilities. We get anxiety about things that would kill us on the plains of Africa. We have obesity because sweet things are great for survival (high calorie content) but rare in nature. If a chimp finds a ripe fig tree they immediately gorge the whole supply. Exactly how we cannot stop ourselves with a box of chocolates. Looking forward to where it is going.
• Testing – I have done several testing projects this month. I learned lots of things. I found lots of things. This is always brilliant.
• PS5 – There was a whole awful Saga where I can rant about how crap the vendor I ordered from were. But it eventually arrived the day after launch more because of luck that I had a postal redirect setup than the effort of the vendor. It remained in its box until the 29th and then it was an expensive massive brick while it downloaded update upon update upon update. I haven’t really played it. The Spiderman game seems good.

The Bad

• I was tentatively diagnosed with a liver disease – This was found as a result of blood tests I had ordered due to me feeling extra shitty after moving house for weeks. The results said I had fatty liver meaning that I need to now actively lose weight and eat right for a real reason. We do not know the extent of the problem until I get an ultrasound and other tests done. But the chances are this is extremely early stage and if I lose weight the problem will reverse. That’s the hope. So I have thrown myself into that.

Highlights of the month

Football – Scotland Qualified for Euro 2020 through a delightful playoff win against Serbia. I honestly was calm throughout. I had no doubt we were going to do it and didn’t even waver when Serbia scored in the last minute. I just felt it was going to happen.

To be clear I have supported Scotland for a long time now and I have never once felt like that before. I have been hopeful, but always sort of knew it would implode. Because we had done the penalties so well in the previous game I just expected us to do it again when we had to play extra time.

InfoSec Community – The lovely people over at Ladies of London Hacking Society asked me to do a workshop on CVE bug hunting. Despite me being an absolute fraud with only one CVE to my name I took that on. It seemed like everyone had a good time – me included. It was recorded here. I am starting at 31 minutes and 05 seconds if you just want to see my face:

That’s all folks.

The Good

• 10k a day steps challenge – Completed for another month. There were some tricky days. Some extremely tricky days where I was just stressed beyond belief and somehow managed to fight fatigue to stay on target. Probably the hardest month to be fair. The idea of hitting 22 active minutes a day was mostly out the window due to the stress and disorientation of the month (see below).
• Audiobooks – I completed the Rama series of books this month. Overall I really enjoyed them. The first one for the mystery. The follow ups slowly peel back the mystery and then leave you with a tale of growing old that absolutely rings with me at the moment. I have never felt the aging process so much as I am now. Autumnal thoughts and all that. I would highly recommend this. I then lightened it up a bit with the Alan Partridge: From the Oast house. I was recommended this by Mr Paul Mason in our final conversation and I admit I am chuckling along knowing exactly why he loved it. Hand in glove with the aging thing. You do start to think a bit more Partridge the older you get. The writers and acting play an absolute blinder with this character every time.
• I moved house – Most of this blog post is going to be dominated by this lets be honest. At its basic level I moved from a flat to a house and gained myself a little garden, and an office space which is outside of my bedroom again. In terms of lifestyle going forward this should be major. Given lockdown(s) are going to continue for a while you need to be more comfortable with the space you have. Now I have options. I can walk away from work, close the door and be done with it when the task is over which is nice. I can play PC games at night with a microphone since I am at least not at the foot of the bed where my partner is trying to sleep.
• It has a garden – I have completed the majority of my 10k steps a day challenge in a corridor of my flat which was about 1 metre wide by 8 long. The garden is an upgrade and gets me fresh air at the same time. It also has one solid step to elevate the heart rate on before getting onto the light jogging I am capable of. It ain’t much. But as of the 16th of October I have cleared the space and found all the running stuff from the myriad of boxes and am set to get back to the “lets get 22 active minutes a day” side mission.
• Good weekends – We managed a pretty relaxing weekend or two at the end of the month which helped me recover. While hard to do we built 3 new flat pack beds on a Sunday. A great thing is building furniture with the eldest. They want to help but have been “far too silly” until just about now (I have tried). They got to thwack things with a hammer and screw in screws until they were thoroughly bored of it. We did some Halloween drawing with the kids, we played some board games. It was overall pretty decent.
  
  

• Borat Subsequent Moviefilm – I mean. An absolute stunning work this one. They had a point they wanted to make about #MeToo and politics in general. They went after it and it is as fascinating as is it funny to witness. Making it part of the “freely” available content on Prime instead of charging a fortune for new content shows they wanted to make the point land on as many screens as possible. A truly fascinating project and absolutely worth a watch.
• Left4Dead 2 – I played a round of L4D2 on Halloween eve. I really like that game when you have a squad to play then it is a satisfying online gaming experience since it rewards teamwork and not lone wolves with sniper rifles. Great times.

The Bad

• Loss of a friend – The legend that was Paul Mason sadly died the same weekend as my house move. I have covered this a lot already as he was worth his own blog entry and more.
• Panic Attack(s) – I have not had one in a long time this year fortunately. As this monthly blog tracks them I think the last entry was pre-Glasgow Defcon in February. The month has been a total blip of panics which I have mostly been fine about as the effects are more easily mitigated. However, I believe the stressors are now removed so I hope we get back our regular schedule of hardly any a year. Classical cause reason: poor sleeping patterns.
• They say moving home is stressful. I have never really experienced that before as it was mostly fun to pack stuff up and cleanse your life from unnecessary possessions and go on a new adventure. The problem with that rosy attitude is I had never experienced the full lawyer experience. If you both have to SELL a property and BUY one you get both barrels of them.
• There is definitely a blog post in me only about the experience I had on this with a slant on incident management brewing. I may calm down enough to let it lie.

Highlight of the month

I would say actually getting moved and starting to make a new place our home.

The Good

• 10k Daily Steps Challenge + **New Goal** – Still rumbling along with this nicely. I upped my game to now add a sub task to aim for 22 active minutes a day. That means having the heart rate properly elevated. This is going to take a while to get habitual but I have made a decent start and lowered my resting heart rate a couple of beats at the same time. The month went well until the final 2 days where I had a beast of a cold and sore throat. I managed the 10k but it took a lot of effort. I whinged on twitter about a possible chainbreaker while being sick and @TIA568B reminded me to keep going so voila:

• Blog Posts – I got an actual technical blog post out the door getting re(started) with iOS app testing. I prefer this blog maintaining its technical edge but I was never prolific with that stuff with at most 8 a year. The commitment to track my 2020 with the Captain’s Log series has drowned out the few technical posts.
• Audio Books – Absolutely still devouring the Rama series of books by Arthur C Clarke. I am on to “Rama Revealed” which is the final book. The first book was a wonderful and relatively short story but the later instalments have been much longer listens with this one being 20 hours. Very much worth watching.
• Youtube Channel – I have been watching Kurzegesagt with my kids. It is probably a bit beyond them but my eldest is getting all kinds of joy out of the existential and space series. I keep regularly having “mind blown!!” reactions to these videos. Honestly they are amazingly well put together. Delve into the series on ants… Pro tip.
• Sleep – The youngest has started to sleep through the night! Hopefully this continues. So I relocated myself from sleeping on their floor to an actual bed. Like a real person I have slept on a bed! As I write this on the 7th of September for 4 consecutive nights. Long may this continue. *update.. It continued :D*. This is the real shift as it enabled the new exercise goal. If you don’t get sleep you cannot recover from exercise and so it was of limited value without this.
• Games – XCOM: Chimera Squad. I had no idea that this had been released! I am a long time lover of the XCOM series. Over the years they have tried multiple different game modes including flight simulator, FPS etc. This is an interesting twist which is close to old school final fantasy game dynamics. Each mission is a series of breach and clear engagements. Upgrade kit to make more breach possibilities occur i.e. a brute force device to defeat doors locked with keypads, or explosives to make entries in walls. It has been interesting and a different direction for the series.
• Weekends – We managed to get to the park most weekends for outside activities. Getting this done early in the weekend sets us up for a happier time over the weekend. Even ventured out to the forest for a roam about in nature. The kids were mainly asking where the slides were until they discovered a massive pile of rocks to climb.
• CENSIS Talk – I was asked to speak at an event for CENSIS. Work were all for it, and gave me time in the busy schedule. The talk was around security practices in the IoT ecosystem space. While I tell everyone I am not the expert in this area I do slowly improve my understanding of it. The real positive about this was that we had agreed to do a live hacking demo. No bother when the event was face2face, but I needed to record it. The process of recording and editing was enjoyable and I really get a kick out of making little films.

AWS Snafu Finally Solved!

In April I bought a book called “AWS Pentesting with Kali”. I had decided to fire into some cloud skills as I am increasingly back on customer engagements again and it is always nice to learn new things. Sadly I have not even opened the book yet. But I did develop a tool (still not released) to enable data in and data out of restricted environments.

Data in via typing, and data out via QR codes which are both established techniques already but I like to make my own tools for these things sometimes.

Anywho, I needed a Windows server over an Internet connection and RDP to get the right feel for speed. So I went with opening an AWS account, woohoo! I would spin up a new instance each time I worked on the tool and then crush it as I went to bed using my free-tier allowance like a boss.

Unfortunately ever since May I have been sent an email every month warning my of my free-tier allowance being at 85%. But.. but.. I have nothing running? I log in to the dashboard and see nothing even paused. As the months roll on I eventually tweeted about it:

Enter the heroes I needed: @JGMSoftware, @UK_Daniel_Card, and @joe_jag who all deftly informed me I know nothing about AWS because I had assumed that dashboard showed me everything when it is indeed tied by region. I have honestly no idea why the server was spun up once in Ohio when I seem to default to Virginia on the dashboard.

Lesson very well learned and THAT is why I bothered opening an AWS account in the first place. Now that my test server is properly wiped I can now crack that AWS book open in the dead of winter and not incur costs immediately as I will have my free-tier amount back.

To the helpers. I salute thee. Keep being beautiful.

The Bad

• Stress – I had a very stressful couple of weeks over the end of August and start of September. Some times are tough but this one was pretty up there. On being positive about it something good should come of it mid October unless there are delays or catastrophe. Fortunately the uptick in weekends being relaxing and sleep came just as it ended. Nicely timed.
  • I would like to caveat this with the fact that, after the initial rocky start, the increase in sleep quality and duration by sleeping on an actual bed made it vanish.

Highlight of the month

Work took me to places where I needed to record multiple videos for different audiences. Some for internal training, and then this one which I can share with you.

This is notable because it was made for a non-security audience. That meant doing some background theory in risk analysis and threat modelling before going into a live hacking demo to help contextualise what was happening.

Research it is not. But a reasonable demo against a vulnerable spoofed IoT ecosystem which was fun to put together.