Times are a bit rough right now, and at EliteSec we'd like to do our part to help. If you are a SMB with less than 250 employees, we are offering a flat-fee network scan to ensure your company's WFH setup is secure.
Hey everybody. In the interest of giving back to the community (and the fact that I *really* need to start advertising more), my company (EliteSec) has created a simple project for setting up Sonarqube to test against your own codebase.
Sonarqube is an open source static code analysis tool. I've created a simple Vagrant script that will:
1. Download an Ubuntu 18.04 VM
2. Install Docker
3. Install Sonarqube
4. Setup all routing for your local machine.
Check it out:
This project was a lot of fun, as it had all the elements: hardware, software, sysadmin, installation, training. For the techno-phobic family who got the system, the bar was very low and ultimately acceptable to them. Not going to put Facebook Portal out of business anytime soon, but it's a nice trade-off all things considered.
My home-brew video conferencing on a budget worked out well. Total cost? Under $200 CAD for the RPi4, case, PS, 1080p camera with shutter, and media keyboard. Likely could have saved on the camera and keyboard, but quality wins out here. The reaction with the family once they could see the rest of us without having to leave their living room seats? Priceless.
Had a family member buy a TV thinking it could run Zoom natively (not tech savvy, it's a Roku-based TV). Rather than pointing out the flaw, I worked on setting up a spare Pi4 that I had lying around to auto-start Chromium in kiosk mode with a link to meet.google.com. Privacy be damned when ease of use is king. Combined with a wireless media keyboard and webcam, and now that TV set is a fully functioning video conference rig on a budget. It impressed my wife at least.
I attended a local chamber of commerce networking event the other week, which led me to being invited to another group's meetup as a "visitor". Did some digging after I found their invitation email somewhat ... disturbing. After about 2 minutes of Googling, I declined and said I have no interest in joining. Man alive, there is literally a cult for every facet of life, isn't there?
I think the biggest thing is how numb I am to the whole thing. I mean, I'd beat the guy to an inch of his life if it's true, but I'm not as she'll shocked as others. We security folk know to be level headed and calm during calamities, but this even surprises me. Am I so jaded?
Found out an old work friend was charged with a horrible crime. I'm still in shock given how 'normal' he was, for all that means. My wife asked if we were close. I try to get close to everyone I work with unless you give me a reason not to. I'm in shock, and not sure how to respond. I believe in innocent until proven guilty, but they _named_ him. This isn't something that you can bounce back from.
Anyone have more insight on this Big Sur fiasco? What about developers writing their own code on macOS? Will they need a special license for Python apps, custom Java or Rust apps? What about Go, which is compiled? I know a lot of teams that use Macbook Pro's for their dev teams, and this smells of a huge trap if this is the case.
Case in point with eLearnSecurity:
Originally the Pen Tester Extreme (PTX) course was $1,799 USD for the "Elite" course, which included 120 hours for the lab as well as an exam voucher. Unlimited lab access was another $399, so $2,198 in total. Now you get "full" access for $1,999 for a year, plus $400 for the exam voucher. That's an extra $201 compared to what it would have been "a la carte".
If you do 2 or more certs per year, then maybe, but for a single cert it's a hike in price.
eLearnSecurity has merged with INE for their courses. On the surface this seems like a good thing, but digging deeper you need to do at least 2-3 certs per year to make it worth it under the new model compared to the old one. Colour me unimpressed, but it's still cheaper than anything SANS has to offer.
I like SANS, I know a bunch of the instructors from my time with podcasting, but holy hell are those prices inflated. I may just go back to OffSec.
~Open Source Security Tool of the Day~
A modern behavior detection system, written in Go. It stacks on Fail2ban's philosophy, but uses Grok patterns & YAML grammar to analyse logs, a modern decoupled approach (detect here, remedy there) for Cloud/Containers/VM based infrastructures. Once detected you can remedy threats with various bouncers (block, 403, Captchas, etc.) and the blocked IPs are shared among all users to further improve their security.
I have completed my contract with a marketing firm to help get the word out for EliteSec. After spending ~$400 on LinkedIn ads with zero clicks, I'm starting to wonder if I'm doing this wrong. I don't expect miracles, but I would have hoped for at least one lead.
Next step is to use Sales Navigator and see if I can socially engineer my way into some target markets.