As usual, I have a lot on my plate. So I don’t get to blog as much as I’d like. Then again, I haven’t had a cool project to work on for a while. Just going through skilling up on things. Back in March, I mentioned I took the SANS Security 487 course, Open Source (OSINT) Gathering and Analysis. For the last month or so, I’ve been studying for the exam.
So that’s a thing. Second SANS class taken, second GIAC exam passed. I’d share the embedded link, but it gives too much personal information away. So all that is here is the certification badge they provide.
Next up is going to be the Open FAIR certification. I went through the training on my own dime last year, and I’ve been slowly studying for that one since last year. I’m planning to schedule the test for mid-August.
For SANS/GIAC, next on my radar will probably be Sec 504 / GCIH.
After that, I’m still interested in the Python classes. Both Sec 573 Automating Information Security with Python and Sec 537 Practical Open-Source Intelligence (OSINT) Analysis and Automation.
They added a new one for OSINT, and I’m wondering how much overlap with the Automating OSINT by Justin Seitz there is.
I’m also interested in LEG52: Law of Data Security and Investigations and MGT512: Security Leadership Essentials for Managers. Both of those are for personal reasons. But in all the years I’ve been around the industry, I’ve only gotten to go two SANS classes, so it will probably take a while.
I recently took the SANS Security 487, Open-Source Intelligence (OSINT) Gathering and Analysis, course with Micah Hoffman. Now, I need to get started on the associated GIAC Open Source Intelligence (GOSI) exam prep.
When I put my training request in, my manager pointed out I could probably pass the exam without the course. Maybe my manager was right, but I like a good refresher course every once in a while.
We live, we learn. A year ago, I had this post about my raspi-NAS failing. One of the things I said was I’d look into building a real RAID 1 based NAS on a Raspberry Pi.
Yeah, researching that subject while rebuilding my home network a few weeks ago, I found out that USB and RAID don’t work together like that. So, if I want a NAS with RAID, I’d have to do something else. Like a rack-mounted server running FreeNAS. Yes, I know it’s being rebranded TrueNAS Core.
I tried Open Media Vault (OMV) with my existing powered external hard drives. It didn’t like them. OVM could see the drives but wouldn’t let me do anything other than formatting them.
I’m sorry, I’m not interested in losing all my data. So I just set up the Raspberry Pi to run Samba again. It works fine.
I might try to rerun OVM someday when I have free time and free hardware to set it up, but I have a long list of things to do before then.
My regular travel laptop is a 15-inch Lenovo running Gnu/Linux. A couple of years ago, I decided to get something a little smaller, lighter, and cheaper. I didn’t want to take the 15-inch laptop if I didn’t need to. I use it mostly for conference presenting and running VMs. Replacing it would be a pain.
I ended up getting an Acer Chromebook 11, the C740 model, for vacation and easier travel. I liked that model because you could replace the original storage with something larger by swapping out the SSD. I also like dit because I could install Debian to it with Crouton.
I set up the device up to Debian Buster and the xfce4-desktop. Other than not using the device enough to remember all commands to launch the chroot Linux environment, it worked well. To help remember how to launch Linux, I have the following saved
# start the chrosh shell
# start xfce4 desktop
to a text file on the device.
Since it had been a bit since I used the Chromebook, I thought I would upgrade it. Heck, it was going to get an update from Google anyway. The upgrade started ok but went off the rails.
I don’t remember which podcast or who said it, but “Garbage In Gospel Out” is so true. Especially when talking about Cyber Threat Intelligence. I talked a little about this before, both in conference talks and in Validate Data Before Sharing.
But here it is, three years later, and the problem remains. I’m willing to say it is getting worse. We’re not running full life cycles, either Intelligence or Incident Response. We get to the collection phase and call it done. NixIntel has a good post on that at their blog.
Over the last nine to ten months, I’ve changed how I’ve been using Python, again.
I work in either Debian or Xubuntu Linux, or Windows Subsystem Linux (WSL) Debian. I prefer Debian on bare metal hardware. The VMs I use at work are usually Xubuntu (faster, easier setup). Work’s laptop has Windows 10 Enterprise on it, which is where WSL comes in.
I’ve been changing my thoughts on using Python Virtual environments. I last talked about the topic in December of 2018. Twice actually.
I’m not working the way I was when I wrote those posts, mostly because I’ve learned to do new things along the way.
This is a six-part series covering my experience modifying the instructions to build an Investigation VM from Open Source Intelligence Techniques by Michael Bazzell.
I made the VM to follow along with his online course that I bought last year but haven’t had time to work through. The course was originally built for the Buscador OS, but that distribution is no more.
Part 1: The Install
Installing Xubuntu as a VM
Part 2: Personalization
Configuring the VM to remove applications that leak data, and remove annoyances
Part 3: Configuring Firefox
Setting up Firefox for doing OSINT Investigations
Part 4: Configuring Chrome
Configuring Chrome for OSINT Investigations
Part 5: Setting up Linux Applications
Installing other applications to aid in capturing the information needed for OSINT investigations
Part 6: Finishing Setup
Final setups, and closing thoughts.
Welcome back, this will be the last post in the build process for the Xubuntu OSINT system. After I finish this post, I’m going back to Michael Bazzell’s video training courses, which is why I built the VM to begin with.
Welcome back. Sorry about the delay, but I wanted to get the post about fixing the NAS posted before I continued. This post has also been sitting waiting for editing for a bit. Picking up where we left off, I’m going to discuss the changes between Michael Bazzell’s book, and my experiences of setting up the system using Xubuntu.