Category Archives: Uncategorized

Dealing with Burnout (or Why I Haven’t Been Posting)

Leave a reply

I’ve spent the last year dealing with burnout, and really shut down overall on tech, which is part of the reason the blog hasn’t had much done on it, even though I have several blog ideas (projects and results, or industry trends I’m seeing and want to comment on) that are in the wings. Like the last couple of honeypot series posts, “Does Cyberchef call home or leakdata”, some stuff on pihole, and some things on Android Wi-Fi.

Instead, I’ve been doing things working with my hands, mostly gardening and woodworking. Occasionally, I’ll get to go hiking; although, does short rail-to-trail hiking really count? Also, hills don’t care how many rail-to-trail miles you have recently.

Lastly, my current day job doesn’t have many techies on the team. Most of them come to work, do the job, and go home. I think there are three of us who have “home labs”, and we don’t see each other in the office much, which prevents the good tech build discussions.

However, the last few weeks I’ve been doing a little more tech work. I had to get the AWS Cloud Practitioner Foundational certification for work. I’ve had to update Duo Security’s MFA software, and I made some changes to my mail server to prep for migrating to Dovecot 2.4, which I should have done already, but I’ve been dealing with burnout.

Today has been fun, though. I’ve built a new VM to redo the Duo MFA installs and to blog about the issues. I’ve had. I had to create the Debian VM several times, and I’m still trying to get Guest Additions to work right. It’s been so long since I set up a VM that I’ve forgotten many of the tweaks I used to memorize. I also managed to mess up my Debian install from when I built my PC several years ago. The updates seemed to break something. I’ll probably have to reinstall if updating the BIOS (based on errors in the logs) doesn’t fix it.

Duo MFA CA Bundle experiation soon

Leave a reply


For those that don’t know, Duo Security has been sending out emails since at least the end of August about their CA certificate bundle expiring on February 2nd, 2026. The main point was to upgrade your system so you can keep using Duo Security’s MFA on ssh, web servers, etc.

The last time I installed Duo’s MFA tool, I built it from source. The upgrade, which includes the new certs, appears to have been successful, but it took about 6 hours to get it working.

I say it appears to be successful because before the upgrade to the current version, every login would generate an email and log entry in the Duo unsupported (can’t get an update to the CA bundle) log panel on the admin site.

I haven’t seen any new entries or received any new emails since the upgrade, but it was an adventure to get it working. I’ll share a more thorough write-up before February 2nd, in case anyone else gets stuck.

Updating still

Leave a reply

I’m still going through updating the old links. The good news is that my RSS feed didn’t start bringing back the old posts that I’ve been updating. The bad news is that I had to delete my feed from The Old Reader and re-add my RSS feed.

I do plan on getting back to writing soon. I’ve opened the FAIR and CTI posts. I want to get back to those. I also want to write up some of the Honeypot stuff I’ve been working on over the last several years. I don’t think I ever did a book review on Chris Sanders’ book Intrusion Detection Honeypots, which got me started and I’ve been expanding on. Also, I want to compare and contrast Intrusion Detection Honeypots running NetCat listeners vs. OpenCanary.

* Note the amazon links above are alffilate links, for which I earn a commission from qualifying purchases.

Using FAIR with CTI – Some key definitions

Leave a reply

Using FAIR with CTI – Some key definitions

This post won’t cover all the Factor Analysis of Information Risk (FAIR) definitions. It will provide the ones I think are vital for using FAIR with Threat Intelligence (TI) and Cyber Threat Intelligence (CTI). I’m paraphrasing several sources, but it’s the way I understand the definitions I learned over the years. If you want in-depth/exact definitions from my sources, for FAIR, lookup: Measuring and Managing Information’s Risk, The Open Group’s Open FAIR Risk Taxonomy and Risk Analysis whitepapers, the RiskLens FAIR study guide (provided as part of the course). For Threat Intelligence, lookup: Effective Threat Intelligence, and Intelligence Analysis 6th edition.

Continue reading

Current Python Working Environment.

Leave a reply

Over the last nine to ten months, I’ve changed how I’ve been using Python, again.

Working environment:

I work in either Debian or Xubuntu Linux, or Windows Subsystem Linux (WSL) Debian. I prefer Debian on bare metal hardware. The VMs I use at work are usually Xubuntu (faster, easier setup). Work’s laptop has Windows 10 Enterprise on it, which is where WSL comes in.

Continue reading

productivity vs tweaking

Leave a reply

I’ve been wanting to switch back to a Linux based system for a while. Main hold up has been school. Recently I  got to rebuild my travel laptop to run Linux.

I started with Debian, but after 2 days and a bunch of tweaking of the system and still not to the point of of actually start working.

So out goes Debian, in moves Xubuntu. A couple of hours later up and running. Disappointed, I’d rather be running Debian. But I really don’t have the time to spend doing endless tweaking. I have several other things to do.

Remnux and Docker

Leave a reply

At work, we have this thing on Fridays called power up time.  It is the last 4 hours of the week to work on personal projects, test new ideas to see if they are worth implementing, or self improvement.  Most weeks it is when I get to look at the most tickets doing Tactical level intelligence since the rest of the week is filled with project or priority case work.

Recently while working on tactical level information for SOC tickets, I was able to add in a little fun, and actually power up.  I wanted to do some reverse engineering of the malware associated with the  ticket, to see if there was more IOCs that could be extracted.

Earlier in the day I read an email in the SANS DFIR alumni list, which included someone talking about using Remnux with docker.  So later in the the day working the ticket, and because I didn’t have a Remnux box, I decided to check out the docker containers.  This was also my first time working with docker as well.  Starting at Lenny Zeltzer’s Remnux Docker Site.

I went to my linux vm, a box that gets reset to the fresh installed state via snapshot after each use.  After a sudo apt install docker.io and a sudo docker pull remnux/pescanner I had the container.

I ran it and learned a little bit about docker. I also got an understanding of some of the information that VirusTotal displays under the detail tab.

pulled in many directions

Leave a reply

So my current reading list had changed 3 times in the last 3 weeks or so since the Fall class ended. I had started with:

Then it was going to be some Social Media Intelligence books:

Now it’s Counterhack Reloaded (Amazon affiliate link), which I’m using as my only study materials before the GCIH exam in a couple of months.

Can someone tell me again, why I try to make plans since I always seem to get pulled in many directions at once and not study what I want?

* Update 2024-10-01: changed to Amazon Affiliate Link, which I earn a commission from qualifying purchases.