Posted on 02 Jun 2022 by Ray Heffer
Yes that’s right, the
Nmap command in my header image was the same as Trinity used in The Matrix Reloaded (2003). But have you wondered what
-sS does, or
-O? I thought I’d share my cheat sheet which may come in handy if you need a quick reference for TryHackMe or HackTheBox.
First, a quick breakdown on the command Trinity used:
nmap -v -sS -O 10.2.2.2
-v - Verbose mode. This provides additional information when verbose mode is used, such as the time of scans, and number of hosts and ports scanned.
-sS - This is the Scan Type. In this case a TCP SYN scan, also known as a Stealth Scan.
-O - Operating system detection. If you look closely at Trinity’s output, no OS was matched.
Posted on 31 May 2022 by Ray Heffer
It was a hot summer in 1996 when I parked my car along the beach in Littlehampton, a small coastal town in the United Kingdom, and I took my usual walk to the office. It was a small office above a Chinese restaurant in the town. I joined this small company as an Informix 4GL programmer, and little did I know the journey I was about to embark on.
We rarely had customers in the office, so we’d have music playing all day on a small CD player. The Prodigy - Music for the Jilted Generation, was on repeat most days in the office. Fueled by the sounds of techno, this was a pretty cool place to work, despite the pitiful pay.
After a few months of fixing bugs in Informix 4GL code, and spending my days using
vi, I ultimately ended up becoming their Unix administrator. They sold bespoke software to customers, so I ended up helping customers with their Unix setup too.
Back then there were no virtual machines or containers, and orchestration was achieved with bash scripts, oh and 10BASE2 was actually a thing! It was always Dave that would kick the cable under his desk and disconnect the entire network. Dammit Dave!
For the two decades that followed, my journey ultimately led to joining VMware in 2011, and then moving to the United States in 2016. My new life in the US gave me a fresh start in many ways, including a new focus on cloud architecture.
In the years leading up to the move, I was part of VMware’s End User Computing (EUC) technical marketing team. I’d dive deep into the latest releases of VMware Horizon, and Workspace ONE delivering sessions at VMworld, VMUG, and Tech Summit events all around the globe.
The move to the United States also gave me the opportunity to shift my focus on cloud architecture, and in 2019 I took the decision to join AWS. I was eager to see what was on the other side of the fence, and dive deep into public cloud. I knew that many customers were embarking on their own cloud-native journey, and I had that itch to scratch. I started learning Kubernetes, I needed to understand the technology stack used by born-in-the-cloud companies, and enterprises alike.
At the same time VMware was diversifying with the Tanzu portfolio, and a few years later I was asked if I’d return as a founding member of the Tanzu solutions engineering team. It was good timing. I would help cloud providers with their Kubernetes service offerings, on multi-tenant architecture, and inevitably security was always top of the list. I started establishing myself as the go-to SME for secure DevOps, and privacy-engineering.
Posted on 29 Apr 2022 by Ray Heffer
I was first asked that question last year during a job interview. I started to rattle off everything I knew about threat modeling, and I used an example from a privacy standpoint, to highlight risk and why threat modeling is important. I was in the mindset of a CISO, not the security analyst.
The interviewer asked “What examples of threat models do you know?” Of course, he was expecting me to talk about STRIDE, PASTA, or DREAD. He was thinking of threat modeling from a security analysts perspective, whereas I was thinking about the core purpose (the why) of threat modeling, rather than blindly diving straight into a given framework.
A threat model is used to gain insight into the security of a subject or system, resulting in the identification and prioritization of threats, and the steps to mitigate them.
In other words, think like an adversary! so you and your organization can be aware of, and help mitigate potential threats. A threat model can help you understand what could (and probably will) go wrong, how likely is it, and what the impact would be. It’s about being prepared.
The point of threat modeling is to ensure security is NOT an afterthought.
Posted on 16 Oct 2021 by Ray Heffer
The use of VPNs is a hot topic right now. Edward Snowden recently warned people away from ExpressVPN (and rightly so). Just to be clear, I use a VPN all of the time. It’s always-on, running on my pfSense router. In fact I use multiple VPN providers for different reasons.
Recently I’ve also seen some poorly represented information about how VPNs do not provide any privacy. It appears to me that some of this information has good intentions, but doesn’t address the threat models VPNs are great for.
Making a statement like ‘VPNs do not provide privacy’ is too broad, without understanding your threat model.