JohnsNotHere @JohnsNotHere@infosec.exchange

Times are a bit rough right now, and at EliteSec we'd like to do our part to help. If you are a SMB with less than 250 employees, we are offering a flat-fee network scan to ensure your company's WFH setup is secure.

https://elitesec.io/blog/scanning-smb-networks-during-covid-19/

Hey everybody. In the interest of giving back to the community (and the fact that I *really* need to start advertising more), my company (EliteSec) has created a simple project for setting up Sonarqube to test against your own codebase.

Sonarqube is an open source static code analysis tool. I've created a simple Vagrant script that will:

1. Download an Ubuntu 18.04 VM
2. Install Docker
3. Install Sonarqube
4. Setup all routing for your local machine.

Check it out:

https://github.com/EliteSec-io/vagrant-sonarqube

May the next decade treat you better than the last one. May the best of your past be the worst of your future. May intelligence and compassion guide you, and may the voice of reason temper your emotions. You are capable of anything - don't waste the opportunity.

Incorporation is complete, I can start making noise about https://elitesec.io

For those who are looking for #pentesting #vulnerabilityassessments or just #infosec help, make sure to consider us. We're based in Canada, but happy to help whomever we can reach. Many thanks!

c) Don't know? Network+, Security+, then the Udemy course. Nice, inexpensive exposure to the field. Read up on the CISSP, even if you can't write the exam yet. The mile-wide, inch-deep nature of that beast also happens to be a great way to get exposure to the size of our field, and give you an idea on where you may want to spend your time.

Oh, and take that writing class at the local college or whatever. We all need better communication skills in this field.

Overall my current strategy for getting people into things is as follows:

1. Offensive, Defensive, or just curious?
2.
a) Offensive - The Cyber Mentor's course on Udemy, then TryHackMe, then HTB/VulnHub. then eLearnSecurity/OSCP.
b) Defensive - Splunk Academy and try to get a job as a SOC analyst. That's the best advice. Want a course? Network+ and Security+, then maybe one of the eLearnSecurity Blue Team courses. Maybe CompTIA CySec+ or whatever it's called now.

I would tell people to start more formalized education afterwards, maybe eLearnSecurity or one of the CompTIA certs like Security+ or PenTest+ afterwards if they really wanted to get into the offensive side, but take a damn Creative Writing course first so you can learn to write reports!

There's plenty of crap on THM, but the machines and environment are easier to get into than HTB, which is just hard-core, but also in a lot of ways more "realistic" IMO.

Today I reached "G0D" status on TryHackMe.com. Nice. Do I feel like it was earned? Not really. Seems an easy way to game the system if you persevere enough.

Also, WAY too many CTF authors on there are obsessed with stego and Vigenère ciphers. I certainly see why people aren't fans of CTFs for security work.

Truth be told it's not a bad place to send someone who wants a low-cost means to learn something new and more importantly practice the craft.

It's been a while, but I feel a good rant coming. Likely tomorrow, I need a good nights rest to get my thoughts in order.

Pro-tip: Trying to install Parrot OS on VMWare Workstation and clipboard sharing doesn't work? Remove/purge open-vm-tools and reinstall VMWare's tools, it'll work like a charm.

#til #wastedhourschasingghosts #ihateforumbasedsupport

Spent most of the day listening to The Hu, because sometimes you just want to have a Mongolian horde coming down to take over your village...

Met a fan on another Slack community today. That was nice. I like nice things, especially in these days, no matter how small. Stay strong my friends.

My first time being quoted in "print"! Very exciting! It was for an article on Password Management. So exciting!

https://bestcompany.com/identity-theft/blog/expert-tips-to-help-you-with-password-management

#cybersecurity #passwordsecurity #passwordmanagement

I was quietly working in my office when I heard a loud "BANG!" at my front door. Thinking some idiot tossed a package at my door or something, I went to check. Nope, bird crashed into my window just above my door. Watch the poor dude die. Great way to start June. /s RIP bird.

I spent 5 minutes on Twitter today. Then 5 minutes on Google news. Holy hell I'm shocked I can see the fires from my house. WTF is wrong with the world?!

For the love of god either fake your whois records or buy the private registration hosting. Honesty IS NOT the best policy...

So after running `apt update ; apt upgrade -y ; apt autoremove -y` on my Kali install on Virtualbox, I have managed to bork my install. I can reach the login prompt, but can't connect. Seems this time it's a disk-space issue (how I ran out of disk space, I have no idea).

Rather than fight with the damn system by booting into a rescue terminal or anything else, I'm just moving to Parrot OS to see what the hype is about.

I'm still standing, just really bad at social media.

On the plus side, I'm done teaching college for the foreseeable future, so now I can focus on other things! But rest first.

Got me some stickers for those who want to share in some EliteSec love!

I fell down the hole of YouTube and started watching some master UK Sudoku players showcase their prowess in new and unique Sudoku challenges. Am I a nerd for absolutely loving it? I honestly don't care, but I'd like to see if my wife is right.

Looks like people want to see some Teraform scripting. Cool. I'll see what I can do this weekend and then put it up on EliteSec's GitHub page.

Sorry all, been a bit heads down. Making good progress on the personal front, but seems I've been getting rusty. So here's a quick poll for you all to help me decide what to work on next: