Antisyphon & Wild West Hackin’ Fest

Training

I just finished the 4 day course titled Active Defense & Cyber Deception through Antisyphon, and it was excellent! This was one of the Pay What You Can classes that they offer, which made it affordable for me as a noob. The class did start to get a bit over my head, but that does not mean it was not super valuable. I now know what I don’t know.

All the reading I have done, all the videos I have watched and all the studying via INE, TryHackMe and HackTheBox has been very beneficial. But they all lack real world experience. John Strand (BHIS) is a veteran in the field and his experience comes through the entire course. The classes taught me a lot about technique, tools and connected a lot of dots for me. I can’t wait until WWHF where there is going to be more training and I get to meet a lot of these folks!

Update

I was able to attend the Wild West Hacking’ Fest (Way West) conference in San Diego from May 3rd to May 6th. It was a bit overwhelming and not at all what I thought it would be. Compared to every other conference I have been to, it was the least inclusive and least informative, but I am not sure I was really the audience the conference was aimed at. Still I learned a lot.

Fun with VMs

The need for a VM

This week I am taking the Active Defense & Cyber Deception class with John Strand and in preparation for the class I followed this guide.

Mac

One of the steps is to install VMWare. So I try this on my Macbook. It’s an M1, and I forgot when I was downloading to make sure to grab the right download. That failed because I have the M1 chip. I grabbed the right one, but it won’t run the VM because the VM wants X86 Arch. Of course.

Windows

So I scramble and borrow a Windows laptop (Dell Inspiron 17) that my mother in law is not using. We got it for her last Christmas, but she never uses it because it’s slow. Well, she was not kidding. It’s super slow, and that’s because HDD utilization under Task Manager is always at 100%. Like, always. I really don’t like Windows. I loved Windows 98, and XP was probably my favorite. That’s about the time I made the switch to Mac. So I spent almost a day doing all the things I could find and think of to solve the issue, but no go. Even reinstalled windows, updated all drivers, etc. I think the HDD and/or cable is bad or RAM is not working right and causing constant swapping. Whatever it is, I can’t use this laptop. I ordered an SSD and some new RAM so I can play with it later.

Linux

Next was to try and make this work on My Kali Linux. I was sure that it was not going to work, but someone in Discord who is also in the class mentioned that it should. I gave it a shot, and sure enough, I am good to go! I figured Kali would not work as well as Ubuntu, or RHEL, but it’s smooth.

So lesson learned … try Linux first. Always.

Hacking For All

In October of last year I stumbled upon a YouTube channel that looked super nerdy and fun. Indeed it was! Network Chuck is the guy’s name and he was building a K8s cluster using a Raspberry Pi. Bare metal install of K8s? Yes please! After thinking about it a few days, I decided I had to do it. So I did! I blogged about it of course and you can take a peek at K8s Part I and K8s PartII if you are interested. I had a blast building and configuring these and now I have this really great toy to play with.

While looking through this new channel I stumbled into a community that has totally sucked me in. I have always know about Hackers and Cybersecurity, it’s not like it was new information, but I had no idea it was something I could do. I had no idea it could be so fun either. My background is technically diverse to say the least. I have many years as a Linux SysAdmin working on clusters (literally the fastest in the world), many years as a Web Developer, many years in Technical Support, etc. I also have, well had, some of the same basic certification. RHCE, CCNA, VCP, A+, etc. So I have a lot of the same tools in my toolbelt that Pentester has, but never really explored that as an option. I am also not a computer scientist level programmer, and I assumed that because I was not, hacking was out of the question. But it’s not! Truth be told coding is fun as far as troubleshooting, but I only really like debugging code and making it work. Or peeling back the layers to determine why. As far as sitting down a coding, I’d much rather script tasks than write an app.

There are several roles within hacking and Cyber Security, and more importantly, a TON of resources for getting started on the journey. You can pivot into the field with a lot of work and studying. The thing you can not do quickly, of course, is gaining experience. That takes time, so be prepared to sink hours into this, which won’t be an issue if you love it. I personally am not looking to step into that role at the moment, mostly because I love where I work and I don’t see a path towards it there. My goal to have fun, eventually compete on a high level at HackTheBox, and knock out my very first Bug Bounty.

So how does one get started? I personally would start reading some books and watching some videos on YouTube. I have a page here that list these resources, but in particular I would start with a specific book and this article titled “The Conscience of a Hacker“.

Next head over to TryHackMe and HackTheBox Academy (HackTheBox as well) and start learning. Both have free resources and paid. The paid is worth it, 100%. I would then get connected on LinkedIn and start looking at what folks in this field do.

My next step is to dive in and learn some more in person with professionals. I am heading to WildWestHackinFest in May, which is a conference and training centered on hacking and Cyber Security. The eJPT is a certification I have my eye on next, As a basic entry level cert it represents all the hours I have poured into studying and demonstrates competency. Ultimately my desire is to contribute with the community at large to make the web a safe place.