Hiatus Update

A lot has been going on since I got a concussion a couple months ago! I’ve mainly focused on work, and recovery and recently have started feeling more normal.

I will be resuming my capstone project and should finish my bachelor’s degree this summer, or winter. This really depends on how incompletes and summer registration for classes go. But, I have the ok to work on capstone until end of May. I plan to review the research and work I had done before and come up with a timeline for remaining work afterward. I should have a progress report by the end of this weekend.

This week, I’m looking forward to helping set up wifi at Open West as a volunteer and will be sure to write about the experience.

Until next time,

Charlie

 

Intermittent Hiatus : A Blog Update

While I may or may not have any regular readers yet, because of my personal goal to blog regularly, I want to state that I will not be able to meet my posting goals for some time.

The bad news:

On February 16th, I sustained a concussion at this time am struggling with light sensitivity and concentration issues at this time.

That’s why I haven’t been able to make updates on my projects, and haven’t been sharing much of what I’ve found and learned for a few weeks.

I have a lot of ideas and projects I want to work on as well as resources I’ve found and wanted to do write ups on. But trying to catch up on school, and personal projects as the breadwinner of my family has meant that I’m stretched thin right now.

The good news:

My first priorities are to graduate this semester or next semester while getting back into my job full time. In order to do that, there will be doctor visits, and other appointments, as well as plenty breaks sitting in dark rooms.

What is really great, is that I have an excellent husband, work place and peers who have helped me step back a bit, and given great advice. It’s shown me that uprooting my life to study IT, and going out of my way to be involved in the cybersecurity community (as much as I can) was the best thing I could have done.

Closing thoughts:

It’s funny how right now, some mental tasks are “easy” and others are sometimes impossible! For example, counting more than a few things, staying on task, or doing arithmetic… not so good. Yet, I can generally express myself sufficiently. There is a big difference between expressing experiences, and writing well about complex issues. But I have a feeling as I get better, I’ll want to share what I’ve found for accessibility software and the like. Maybe someday I can contribute to improving or expanding some of the vision and focus tools!

On a similar note, despite my successes, my years at UVU have been an extremely difficult period in my life. The sordid details aren’t important, but suffice to say I’ve become well acquainted with my own burnout-doppelgänger. Having a serious but recoverable injury has shown me how much I’ve learned from the bad in the last four years. I finally understand what is meant by the saying that hardship builds character. And it’s reignited my passion for my studies at a time when I was once again, setting unrealistic standards for myself. If I had given up sooner, I wouldn’t be so lucky now.

I hope if you’re burning out, or facing a monumental struggle right now, that you also hold on to hope and take care of yourself. It may or may not get better, but I promise, if you don’t give up, you will get stronger.

Hacker Publications : A small listicle

The information age is grand! Anyone with an internet capable device and a connection can learn whatever they want if they know where to look. However, information overload is easier than ever.

In the interest of sharing, and not losing, information about some fascinating community resources I put together this small list of pulications and archives for techies, hackers and security concious folks.

Current

2600 : The Hacker Quarterly

I love 2600, and it was the first zine or publication I came across written by and for hackers. There are opinion pieces, stories, research and more in the quarterly. To me, 2600, is fascinating and inspiring. It’s the only magizine I can pick up at Barnes & Noble concerned with privacy, freedom and surveilance.

But I don’t think I can put it any better than the New Yorker did here when interviewing the editor, Emmanuel Goldstein :

“2600 provides an important forum for hackers to discuss the most pressing issues of the day—whether it be surveillance, Internet freedom, or the security of the nation’s nuclear weapons—while sharing new code in languages like Python and C. For example, the most recent issue of the magazine addresses how the hacking community can approach Snowden’s disclosures. After lampooning one of the leaked N.S.A. PowerPoint slides … and discussing how U.S. government is eroding civil rights, the piece points out the contradictions that everyone in the hacking community currently faces. “Hackers are the ones who reveal the inconvenient truths, point out security holes, and offer solutions,” it concludes. “And this is why hackers are the enemy in a world where surveillance and the status quo are the keys to power.”

Scott told me that 2600’s advocacy for Snowden was nothing new. At the time of the leaks, the then Congressman Ed Markey, of Massachusetts (he is now a senator), once called the publication “a manual for computer crime.” But the magazine is less a how-to guide than a collection of stories gathered by hackers on their adventures on and offline, reflecting the bulletin-board systems (B.B.S.s) that inspired Goldstein to start the magazine in the early eighties. “ [From https://www.newyorker.com/tech/annals-of-technology/print-magazine-hackers%5D

If you can’t find it in your bookstore you can still subscribe to paper or digital issues here: https://www.2600.com/

POC||GTFO

Proof of Concept or Get the Fuck Out started as a community zine, and is now also availibe in two bound volumes, printed by the beloved No Starch Press!

In their own words:

PoC||GTFO (Proof of Concept or Get The Fuck Out) follows in the tradition of Phrack and Uninformed by publishing on the subjects of offensive security research, reverse engineering, and file format internals. Until now, the journal has only been available online or printed and distributed for free at hacker conferences worldwide.

Consistent with the journal’s quirky, biblical style, this book comes with all the trimmings: a leatherette cover, ribbon bookmark, bible paper, and gilt-edged pages. The book features more than 80 technical essays from numerous famous hackers, authors of classics like “Reliable Code Execution on a Tamagotchi,” “ELFs are Dorky, Elves are Cool,” “Burning a Phone,” “Forget Not the Humble Timing Attack,” and “A Sermon on Hacker Privilege.” Twenty-four full-color pages by Ange Albertini illustrate many of the clever tricks described in the text.” – [https://nostarch.com/gtfo]

As you might expect, it’s full of POC and research, in addition to poetry and social commentary. If you’re looking for inspiration, or want to know how to hack your tamagotchi, this is the place to look!

From Times Passed

NTK.Net

NTK [http://www.ntk.net/] ran from 1997 to 2007 and collected interesting tidbits and news in the community.

Check out the photos below to get a feel for their content.

Phrack

Phrack appears to no longer be active, but the website is up and full of fascinating reads. To allow it to speak for itself, here is the introduction to Phrak from 1985 :

Screen Shot 2019-02-25 at 10.55.32 PM

This article on the fall of hacker groups is one of my favorites right now :

phrack_hackerculture

phrack_fallofhackergroupspart2
Phrack : Strauss : The Fall Of Hacker Groups

 

 

Refocusing

When I made this blog, originally I was inspired by a technical writing course I took. I wanted to create a resource accessible to the average home user.

However, in hindsight, there are multiple issues with that focus. Firstly, that’s far to narrow of a focus considering my interests are not that of the average home user. I frankly have no idea what someone like that would find helpful. My husband has begun to accuse me of technobabble, and he’s not exactly clueless about computers. Second, that is far too narrowly focused, and my interests in technology have expanded as I’ve learned more about computing and technology.

What drew me to technology in general was the centrality of internet and computing technologies in our daily lives. We truly live in the Information Age.

Big Data, and Privacy are major issues in our times. My interests are in the social, legal and technological issues presented to the modern person in controlling their data, privacy and maintaining control over their property (software and hardware). The list of things I intend to research in depth in the next year keeps growing and if I ever want to have a meaningful record of progress, and share what I learn along the way, I shouldn’t be narrowing my scope too far.

I want to empower myself and others by increasing access to clear and useful information on technology and privacy but I can’t narrow my focus so much that I never write or kill my own fun.

So, if I can crank out an article on VPNs that my grandparents would understand, awesome. But that doesn’t mean not writing about SQL injection, or routing protocols.

This blog post is really for myself to read in a month or a year and remember that if I want to accomplish my goals, it’s best to write whatever I want now, and edit later. I’ve had a “how to set up a virtual machine” article saved as a draft for weeks! So, I’ll keep notes that I think may benefit others here, and track progress on various projects here, and write how-tos as I go.

This is really my journal. A record for myself, of what I’m learning and would like others to be able to find information on as well. So… here goes!


My First DefCon

DefCon 25 was an amazing experience! While I had heard that DefCon could be an unwelcoming place to newcomers and women I did not find this to be the case personally. Attending DefCon was hands down the best conference experience I have had so far.

While I did miss the first day due to working as a Conference Associate at BlackHat that was also part of how I earned a DefCon badge in the first place. I was also able to share a hotel room with a couple of friends.

I loved the social environment of DefCon. People came from such diverse backgrounds and had highly varied reasons for attending. I met people who simply came along with a group of friends who were into hacking and others who worked in video game design and wanted to transition into a cybersecurity career. There were students, well establish cyber security professionals, aspiring music teachers, professors, web developers, pentesters and hobbyists from all over. It was easy to meet friendly people and a lot of fun! A piece of advice I received several times, which I fully stand behind is “Prioritize the villages, demonstrations, sky talks and people over talks. Talks will be online later but certain opportunities need to be taken advantage of during the conference.

The vendor area was also quite a bit of fun itself. I picked up my first set of lock picks there and scouted out interesting books and tools. I learned about Security Weekly podcast  there and got to flip through a bunch of No Starch Press books while I was there. For example, I got to take a look at The Manga Guide to Crypto which still only available to preorder right now. There are also independent visual and musical artists who you can buy directly from. You can also find groups like Hackers For Charity in the vendor area where you can learn more, make a donation or purchase goods.

At some point, I became tired enough that I wasn’t really sure what to do with myself for the remaining hour of the conference that day. So, I got in line to get a mohawk at Mohawk Con. For a suggested donation of $20.00 volunteers will give you a mohawk. This year you could choose what percentage of your donation went to the Electronic Frontier Foundation, Hackers For Charity and Mohawk Con itself. I had a great conversation while waiting in line and had a lot of fun with the whole process.

One of my favorite things I learned about was that there are people and organizations using hacking skills in order to track down human traffickers. When they have enough incriminating evidence the government can be tipped off, start their own investigation and prosecute. Several people have been saved from human trafficking in this way. I found this incredibly inspiring to hear about and it only makes me want to progress more. I would like to be able to put the skills I develop into such good use.

If you are thinking about going to DefCon start planning your trip now! Find out if you have a local hackerspace or local DefCon group. Learn about the conference and how to stay both digitally and physically safe, and go for it! You’ll be glad you did.

 

 

First BlackHat USA and the Conference Associate Program

This summer I had the opportunity to work at BlackHat USA as a conference associate and attend DefCon, both for the first time. Having never been to Las Vegas or such major conferences I was ecstatic for the opportunity.

My experience at BlackHat was primarily shaped by the Conference Associate program. Through this program students and alumni from certain universities can apply to work  as BlackHat support staff. Conference associates are put up in hotel rooms in or near the venue, earn a wage, get about one meal a day, and earn access to conference briefings online in addition to scoring a DefCon badge. While most the day was spent preparing for the conference or helping attendees, evenings provided ample opportunity to meet new people and make new connections. I made friends with peers in the program and had the opportunity converse with professionals about career development. I even met some of my online friends face to face for the first time!

The opportunity to ask professionals face to face what they are looking for in good candidates for various roles was extremely helpful. Additionally, it was great to learn about the highly varied backgrounds that brought them to their current point. There are stereotypes about who is interested in cybersecurity, and an idea that everyone starts in tech in the first place. I’ve found that isn’t the case. The greatest common denominators seem to be curiosity and drive.

I had also thought I wouldn’t know anyone there but I learned that several professionals from the DC 801 area worked in the NOC. Some of whom I had met at previous security conferences. As someone working at the conference rather than attending it, the social opportunities are the highlight. When it comes to networking, I am someone who is more interested in becoming friends with people who have similar professional interests than I am in rapid fire business card distribution. What I learned from my first multi-day major conference is that it is a better than usual opportunity to build relationships. Everyone is away from home, and to a potentially lesser extent away from work, and therefore ready to talk and play.

Some real highlights for me included making friends with my roommate and other conference associates, meeting Tarah Wheeler and getting my copy of Women in Tech signed, and discussing career development with pentesters over lunch.

If you have the opportunity to work as a conference associate through your school, like UVU or UAT, I highly recommend it. Earning a wage there can help with your travel expenses and make it a bit easier to get to DefCon. The one downside this year was we received our DefCon badges after BlackHat the same Thursday that DefCon started.

 

 

My tips regarding a first time Vegas visit and BlackHat USA:

  • Pack light and purchase snacks at the local walmart or to order from Amazon Prime Now if you don’t have access to a car or don’t want to get an Uber. (Take it from someone who packed 3 boxes of clif bars.)
  • Uber is super expensive! Account for this when you choose your hotel room. I walked a lot to save money but The Strip is designed to corral consumers, not to be walkable.
  • Drink a ton of water. Drink more water than you think you need and purchase it from a supermarket or walmart. Otherwise you can end up paying $10.00 for a bottle of water. Get some aspirin too while you’re at it.
  • Bring your own portable battery. You don’t want to be plugging into any old USB port after all. Burner phones/devices are also a good idea but it’s still important to maintain physical control and not make any unecessary connections. 
  • Bring cash and store it securely so you don’t need to withdraw from machines.
  • BlackHat: If you are a student and venture into the vendors area it is helpful to have specific questions or to go with a professional. Not everyone on the vendor floor knows how the product they are pushing works and if they do they likely want to speak with someone who has decision making power in a business. However, it should be noted some vendors love talking to students because they see them as potential contributors, future customers or possible interns.
  • BlackHat Conference Associate: If you have time to explore during the conference itself try to go see demos instead of talks. You can get access to talks later unlike Arsenal Demos.
  • BlackHat USA: If you wait until the last day to purchase apparel you can probably get it on sale. However, if you are an average sized male be aware your size may not be available by the time the sale comes.  
  • Wear quality shoes made for walking which have already been broken in. This is not the time or place to break in a new pair of shoes or suddenly transition to minimalist footwear.
  • Pace yourself when it comes to alcohol. Never leave your drinks unattended and drink plenty of water!
  • Go to bed early enough to enjoy the next day! By the end of a week I hadn’t met my personal sleep requirements so Def Con was more difficult than it need otherwise be.
  • Give yourself time to recharge your batteries at night as well. Especially if you are an introvert, it can be exhausting to meet so many people and be in such busy places all day. Take some time to read a book, take a soak, go for a jog or take care of yourself in some other way.
  • Walk the strip at least once. You see so many interesting things, displays and people. Go see the fountain show at the Bellagio, you will not regret it.

 

First blog post

My name is Charlie, and I am starting this blog in order to write informative articles accessible to the average user regarding security, as well as to document my own personal projects and studies.

Two years ago I decided to move across the country and change my major from illustration to information technology. Once I made that shift cybersecurity caught my eye and motivated me to continue learning more. As I get more involved in my local cyber security community the more exciting it becomes. I recommend to any tech enthusiast to check out meetup and look for conferences in their local area. You learn things you may not have otherwise, meet new people and have a great time doing it. At DefCon this past August I learned about several charities dedicated to bringing technology into people’s lives and even using hacking skills to bring down human traffickers. This opened up my eyes to the potential for good that can come out of dedication to this path and increased my desire to make a meaningful contribution. I have high goals but, after all, every journey begins with a single step.

There is always something new to learn in computing so let’s have fun with it and teach each other!