Skip to content

Year: 2017

The Ethics Of Food

When you sit down to your evening meal, it’s unlikely that you take a moment to think about where the food has come from. We have all become accustomed to having what we need, when we need it, from gluten-free options to low-carb keto-friendly recipes. We can eat strawberries in January and exotic fruit from the other side of the world, such are the delights of the modern diet options.

While you should always enjoy your food, it is worth spending a moment thinking about the ethics behind how we eat. There tends to be a price — sometimes financial, sometimes environmental — for everything that hits our plate. Sometimes, that price can be extortionately high, and one you might not be willing to pay if you know the extent of it.

Below are three examples of the ethical questions surrounding modern food, and how you can make small changes to address some of the issues raised.

#1 – Fair Trade Food

For third-world countries, globalization has meant that there are more work opportunities than there might otherwise have been. However, it’s wrong to assume that the citizens of these countries are in work that pays well and supports their living. Sadly, multinational corporations have a terrible history of exploiting their third-world workers in an attempt to boost their profit margins.

The Fair Trade movement is an effort to combat this issue. Farmers who work within Fair Trade practices are paid a fair wage, one that is enough for them to live a decent life on. If you’re curious to see how this works, you can find out more about the Fair Trade movement at fairtradecertified.org.

One note: Fair Trade food is a little more expensive than non-Fair Trade items, but the difference is relatively small– and can make a huge difference to the lives of farmers around the world.

#2 – Overfishing

Overfishing is becoming a huge problem throughout the world. Fish are being caught at such a rate that the declining populations don’t have the chance to reproduce and replace.

Companies who produce fresh and tinned fish are well aware of this issue. That’s why some companies have banded together to try and increase sustainability in their offerings. If you’re curious about these programs, then visit globalsalmoninitiative.org for more information on one of the leaders in this area, and see the difference these initiatives can make.

You could then put that knowledge into practice, and ensure that you’re always

#3 – Food Miles

Being able to eat any food you want at any point in the year is wonderful, but there’s a serious downside when it comes to the carbon footprint of that food.

Out-of-season and exotic fruit has to travel a huge distance to reach our stores, as it can’t be farmed naturally in the US. All of that travel is catastrophic for the environment, which is then made worse by the sheer volume of food waste the world creates.

It’s far better for the environment if you stick to locally-grown produce. Yes, you will be restricted to fruit and vegetables that are in season, but it can be fun to branch out and see the meals you can create with only local goods.

As it turns out, the food that goes onto your plate and the process is went through to get there is more complex than you might have originally thought. With a few small changes, you can be sure that you’re eating as ethically and sustainably as possible.

OSCP and PWK Tips, Resources & Tools

Here are some resources and tools I found useful while taking (and passing!) the Pentesting with Kali (PWK) course in preparation for the Offensive Security Certified Professional exam. It has been about two weeks since I passed, and I am still reveling in the satisfaction that has come with it, as it was ultimately a year-long effort to prepare for and take the course in order to pass the exam.

Many people post the usual resources that you can find on various blogs related to the course (g0tmi1k, highoncoffee, pentestmonkey, etc), and those are absolutely useful, but what I have assembled here are less common, and are hopefully useful for those of you about to embark on, or already in, the OSCP journey. They were useful for me.

Enjoy!

How to Pass the OSCP

https://gist.github.com/unfo/5ddc85671dcf39f877aaf5dce105fac3

My favorite part is this, right at the beginning:

1. Recon
2. Find vuln
3. Exploit
4. Document it

However, I would add a step so that it looks more like this:

1. Recon
2. Find vulnerability
3. Exploit
4. Privilege Escalation
5. Document it

Most of the machines in the PWK labs require that additional step. You seldom run across a VM where you run an exploit and get root right away, with no intermediary privilege escalation step needed. In fact, it is an entirely unique skill that you need to develop, practice, and practice again. What’s more, you have to learn “privesc” for both Linux/Unix and Windows machines — two entirely different methodologies.

Path to OSCP

https://localhost.exposed/path-to-oscp/
An interesting ‘trials and tribulations’ story of one man’s path to accomplishing his goal: the OSCP certification. Contains both video logs and various notes and snippets that may be helpful to you.

One Two Punch

https://github.com/superkojiman/onetwopunch
I didn’t discover this script until I had already rooted about 15 of the machines in the PWK labs, but I wish I had learned of it sooner. It runs a unicornscan (UDP) to find open ports, then passes them to nmap for service detection. It also looks at all 65,535 ports, so you don’t miss anything. Set this up as one of the first things you do when you start working on a new machine (it takes a while to run), then come back to check the results after you’ve done some manual exploration.

Reconnoitre

https://github.com/codingo/Reconnoitre
“A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags.”

This tool ended up being a workhorse, both in the labs and in the exam. Being able to check quick nmap results while more in-depth scans were still going was invaluable for getting things rolling along.

General Tips from Techexams

http://www.techexams.net/forums/security-certifications/116262-oscp-starting-13-12-2015-a-6.html#post1028560
This post has a lot of good tips for the OSCP exam. I can’t stress enough the need to be prepared for the exam, having all the things you need at your fingertips so that you don’t have to go digging through notes of files when you are tight on time or limited on brain power because you’ve been working on this for 18 straight hours.

Test Taking Strategy
http://www.hackingtutorials.org/hacking-courses/offensive-security-certified-professional-oscp/

  • The most useful parts of that site for me were:
    Finish your lab report for 5 extra points and optionally the course exercises for an additional 5 points. You might need them to reach the 70 points.
  • You need to write a penetration test report after the exam. Make sure you know how to write it so you know what information to collect during the exam. The lab report is a great practice for this, use it to learn how to document properly.

There were so many people in the NetSec Focus OSCP Slack channel that skipped the exercises, skipped the videos, and skipped documenting the requisite 10 VMs to get the bonus points for the exam. I saw more than a few of them fail the exam as a result. I would likely have failed the exam had I not completed the exercise and 10 lab machine documentation. All I will say is this:

Do not skip the exercise or lab documentation. These are free points. The way the exam scores total up, you may well need these points to pass!

Timing of the Exam

Also from this page, I chose to follow this exact strategy for timing, and it really worked for me. The important thing to consider is being able to have two fresh starts.

“The second attempt I’ve started the exam at 3 PM and planned to work till 3 AM and then sleep till early morning. This way I had 2 ‘fresh’ starts for the exam to utilize more productive hours.”

I ended up sleeping from 2am to 5am, at which point I set an alarm and a full pot of coffee to carry me through until the exam was over. I also had the support of my amazing wife, who kept me fed and hydrated the whole time.

The Offsec PWK Kali VM

Use the provided Kali VM, do not use the latest/greatest Kali version. Offset provides you with a VM that has been customized to contain everything you need to complete the course and the exam. There is no need to update it. There is no need to run the latest version of Kali. In fact, they customize it in certain ways to make sure you don’t run into problems, so don’t try to use something different. I witnessed multiple people having problems with this in the NetSec Focus OSCP Slack channel, and I wisely used the Offset Kali VM the whole course to avoid issues.

The NetSec Focus Slack Channel

I have mentioned it a few times, but this Slack channel was invaluable during my OSCP journey.  It allowed me to ask questions, bounce ideas off others, and chat with folks who were currently in the course or had already passed it. If you are in the OSCP course and you join the group, ask a moderator to add you to that private OSCP channel once you join. Keep in mind that they do not allow spoilers, or even questions about specific lab machines.  This resource is a great asset for those taking the PWK/OSCP course, and I made some good friends from being there and suffering through it all.

Lastly, I have to say it:

Try harder!

3 POS Features That Will Streamline Your Business

In today’s business world, it’s increasingly becoming important for business owners to leverage latest technologies to improve their sales. How you accept payments from your customers determines the quality of your customer service and the efficiency of your sales processes. Using a Point Of Sale system allows you to give customers control, collect better data, and increase your revenues. Sadly, most businesses are not making the most of the features of their systems.

In this post, we’re going to explore some of the features that can actually help to grow your business. Read on to learn more.

1. Streamlined Inventory Management

There is nothing as relevant to your business as your inventory. The last thing you want is failing to fulfil customers’ orders because specific items are depleted. With an inventory management interface, you can stay on top of your operations and monitor everything from the backend. For every fulfilled order, your system subtracts the item from your inventory.

This way, you get a clear picture of the state of your inventory. You’ll able to plan when to re-order new items for your inventory. Also, the management system allows you to determine the size of your next orders for specific items based on their past sales numbers. A great system will send you alerts when specific items start running low, so you can never be caught off-guard.

2. Customer Relationship Management (CRM)

In any business, customers are usually the main target. The more customers, the higher the sales numbers. So, you can take advantage of your POS system to improve your customer relationships. Through the CRM tool, you can store your customer data and identify their preferences. This way, you’ll able to personalize your customer service to suit your customers.

As technology advances, you have more options for cultivating and growing meaningful relationships with your frequent customers. In the long run, it’s possible to score a significant number of loyal customers. You can then reinforce your service with loyalty programs, which are aimed to reward frequent and high volume customers.

3. Staff Management Feature

Employees are also crucial to the growth of your business, and a good POS can help you to track their time and attendance. Use the tool to assign them job-based permissions, which you can customize depending on specific job groups. A great system will also allow you to set an entire week schedule in advance based on the availability of your staff members.

Typically, you don’t need to monitor your staff every time, and the system helps to eliminate confusion when it comes to task allocation. For example, if you’re running a restaurant, your system allows you to assign workers to specific sections of your floor plan to ensure a seamless operation.

If you have a POS tool and you’re not leveraging these features, you’re missing out on many opportunities to grow your business. Or, if your system doesn’t have them, then it’s time to invest in one that will help you accept payments faster, ensure customers’ safety,  and improve your overall business model. Take the time to review different POS systems while taking into account their specific features before picking one for your business.

Where Do You See Your Work In Ten Years Time?

Whether you’re just starting out with your career, or you’ve been working for more years than you’d like to count, it’s always a good idea to have vision. When you can see ahead into the future, you’re more likely to have more control over your present. And one of the ways that you can do this is through goal setting. Although you may not always achieve every goal because they could change, by having them in the first place, you’re able to make something happen. But what will that something be? To help you figure out exactly what that could be, here are some questions to get you thinking about where you see yourself later on down the line.

Do You Want To Be A CEO?

Maybe you want to be a CEO. Whether you’re in college and looking at starting your own business when you graduate, or you’re climbing the corporate ladder, and you know where you want to end up, seeing yourself as CEO could be a real option. By looking at someone such as Issa Asad Qlink, you’ll see that you can take your skills and passion and turn it into a company that you’ll be CEO of. But you could also think about becoming CEO at a company that you’ve always wanted to work for, or even work at now.

And Make A Lot Of Money?

Or maybe you just want to make a lot of money and it’s as simple as that. When that’s the case, and you are still in college, you should think about the high-paying careers you can aim for to make this happen. Or, if you’re already out there in the working world and you don’t want to retrain, then you need to start putting plans in action to earn a lot more money, or make more money in another way.

Then Retire Early?

And if you want to be able to retire early, you need to start working on this and fast. Because not only do you need to be earning well, you need to be saving that money, and investing in things that are going to only increase in value and give you money back, in order to make that happen.

Do You Want To Make A Difference?

Or maybe you’re not concerned about how much money you make or retiring early, but you do want to be able to make a difference. And when you want to make a difference in the world, you have to be able to put a lot of time and attention into making that happen. Because work isn’t always about you, but it’s about what you can give back. So give this option some serious thought.

Or Build A Lasting Legacy?

Finally, maybe you want to build a legacy. Whether it’s something under your own name, or something for your kids to take over. When you want something that lasts, you need to know how to make the work you put in now keep paying off to make that happen. And this is why goal setting is just so important.

Business Tech Vulnerabilities: Problems & Fixes

It’s fair to say that technology plays a key role in modern business. Without a thorough understanding and implementation of tech, it’s far too easy for your business to fall by the wayside. Technology is how businesses are run; contracts signed by email, customer files stored digitally rather than electronically, every employee history accessible with a few taps of a keyboard.

It’s impossible not to see these technological advancements as a good thing. Businesses have become simpler, in the best way imaginable. Technology has sped up tasks that otherwise would have taken weeks, improving the way the world works beyond doubt.

So let’s all agree: technology + business = good things.

However, there are a few downsides that no savvy business owner can afford to overlook. If you want to have a full grip on all of the tech, internet service, devices, and storage that your business uses, then you need to think about the potential that exists for vulnerabilities. By ensuring you close any potential gaps that could be exploited, you can be sure that your business is able to enjoy all the benefits of technology, but without any of the pitfalls.

Here’s a look at the areas you’re going to need to focus on.

The Employee Threat (Part One)

Everyone that accesses your business tech is a potential weakness in your systems.

The Problem

If that sounds harsh, perhaps it is– but it’s also true. Computers and technology can do a lot of the heavy lifting; they can prevent attacks on your system, ensure you maintain your records as you should, even do your accountancy work. However, these processes can only happen if they are correctly controlled by human hands.

This is a particular concern when it comes to security. Passwords are great; but humans who don’t change their default password are incredibly common. Your members of staff may have little appreciation for the way that their behavior has the potential to cause real disruption to your business.

Solutions

It’s important to preach a need for constant vigilance when it comes to tech security. If a member of staff has access to a database or your public cloud hosting, then they need to be able to prove they understand the security requirements. One way of doing this is by making each employee take a quiz to prove they at least know the basics of online security.

The Employee Threat (Part Two)

Yes, sadly, there’s more than one issue when it comes to your employees. Even if you feel you have the best staff in the world, there’s no denying the fact they have the potential to cause you all manner of problems. Let’s focus on another potential employee issue you need to be aware of…

The Problem

One of the major benefits of technology is that working has become more flexible. We can now go through important emails on our phones, browse through customer records to fix problems on the beach if we so desire– but this flexibility is also a security risk.

First and foremost, if your employees are accessing the company software or cloud when out of the office, there needs to be restriction on how they do it. For example, how are they connecting to the internet? Are they using open Wifis? If so, that’s a serious risk to your company safety.

  • Insist that any out-of-office Wifi connections must be completely secure; the home network of your employee, or a reliable mobile network.
  • All security passwords must be changed from default.
  • Never, ever, ever should an employee connect to an open Wifi network. These are simply not secure enough for your company data.

Of course, there’s no way of guaranteeing that employees are actually going to do this. All you can do is make the point, explain why it’s so important, and make it clear you will take any transgressions of this rule extremely seriously.

The Outside Threat: DDoS and Hacking

Okay, enough making you worry that your employees are going to bring down your business! Let’s give your employees a break, and move onto the threats that come from the outside.

Many of us think of hacking problems as being an issue for large companies. After all, if hackers are going to spend their time trying to breach a company, they’re going to go after the big fish– it guarantees them the bigger payday. if your business is only small, then you might just entirely overlook the hacking threat, seeing it as one that other, bigger businesses need to be concerned with. This attitude poses a real threat to your business.

The Problem

Sure, hackers want the biggest payday or to cause the maximum disruption with their work, so they’re going to target large companies. However, large companies also have far sterner security blocks than small companies. That means it’s more work for the hackers to breach them. Instead of spending weeks working on a single company, many hackers might turn their thoughts to small companies– where the vulnerabilities in the tech are easier to exploit.

One particular risk that you need to be very alert to is ransomware. Basically, ransomware means that your systems will be shut down — you won’t be able to access any of your computerized data — until you pay the hackers off. Ransomware is incredibly lucrative for hackers, even though people are always advised not to pay hackers. The truth is that for many businesses — especially those that are not as tech-aware as one might hope — their only option is to pay. If they don’t, they no longer have access to all of their business files; potentially meaning they literally can’t run their business.

As well as ransomware, you may also find yourself falling victim to a “distributed denial of service” — better known as DDoS — attack. These attacks have the potential to bring everything related to your business offline; company records, accounts, anything at all.

These two issues — ransomware and DDoS — are matters your business tech has to be alert to at all times.

The Solution

The simplest way to protect against ransomware is to completely backup your data, ideally on a daily basis. Yes, this is time consuming, but at least it means that no one can ever hold your business’ critical data hostage. If you have backups, then what’s being held ransom isn’t as vital to your business continuity. It does still pose a risk; for example, you don’t want your customer data to be leaked, but at least you can continue your business while you deal with the issue. Contact the cybercrimes department of your local police force for further assistance, but be reassured by the fact your business doesn’t have to grind to a halt thanks to those handy backups.

When you have a backup regime in place, examine the providers you use for various tech services. You will need to select your systems and public cloud hosting very carefully; decent providers will have some sort of DDoS protection included.

Will the above measures work? To a point. It’s almost impossible to ensure that you never get hacked, but the above will at least limit the damage, and make hacking harder to do.

The Update Problem

Let’s wrap things up with a simple word of warning about updates. System, software, and tech updates are annoying. When you get the notification, it’s impossible not to roll your eyes with frustration. You’re now going to have to sit through a potentially long update process, unable to do anything useful in the meantime… so you click ‘postpone’ or ‘remind me later’.

Then you keep clicking ‘remind me later’. Upgrades are always inconvenient, especially if you’re busy running a business. The idea of your system shutting down to update just isn’t feasible, or at least, you’re not willing to let it be feasible. So you keep postponing, over and over and over again.

The Problem

Let’s be honest: you know what is about to be said. This isn’t your first day online. You know that updates are important. You know that they contain security fixes which can help protect your business files. You know that you should install them immediately. We all do; we’re all well aware that those irritating update notifications are actually a good thing, our tech telling us that it’s found a way to make itself better.

If you don’t update — as you well know — then your system is going to be vulnerable. Patches for security glitches that were included in the update aren’t going to be available to you. So, it’s fairly clear what comes next…

The Solution

Update as soon as you receive the notification to do so.

Yes, it’s inconvenient. Yes, it’s annoying. Yes, it always seems to happen at the worst possible time. However, considering the stakes — the very safety of your business — then these are relatively small issues. It’s worth a little inconvenience to keep your data, your customer’s data, and your entire business operation as safe as possible.

With your vulnerabilities closing, your tech security will ensure your business continuity for years to come.

Top Tips for Staying Safe Online

With the prevalence of big computer hacking stories out there these days, the internet can sometimes feel like an unsafe place. As we devote more of ourselves and divulge more personal details to technology, it can feel somewhat risky. But there are a whole host of ways that you can better protect yourself while you are online. And the vast majority of them are very simple, so it is certainly worth reading on to find out more.

Make Passwords More Complex

Though you will have heard this advice a million times before, a surprising number of people still rely on simple passwords which can easily be hacked or stolen. You are better off using different passwords for different websites, and you also want to make them strong passwords containing a combination of letters, numbers and symbols. Where it is available on smartphones and tablets, use the fingerprint or facial recognition systems that they suggest.

Enhance Network Security

You need to ensure that any network you connect to is a secure one, so try to stick to password-protected routers that encrypt your data. Be careful when using public WiFi as it tends to be unsecured. Even if you do have a secure connection to the internet, you should still use a firewall so that hackers don’t have a vulnerable point of access from which they can get to your files and personal details.

Safe Surfing and Shopping

Ensure that any website that you share your personal information with is trusted and be careful about putting your credit card details into a site. Be careful with copycat sites which seem like the original ones but have some misspelling or bad grammar. Look out for the padlock symbol in the URL which indicates that the site is encrypted.

Set Limits on Your Spending

A major issue that people get into online is that they are tempted to spend more money than they have. So, be wary of one-click payment systems which seem very convenient but ultimately make it more tempting to spend your cash. If you are going to be playing online games like Unibet casino games, set limits for yourself so you don’t spend more than you should.    Practicing mindful spending online is an important habit to get into.

Keep Software Updated

Make sure that you have all the latest security systems installed on your software. Turn on automatic updates so this is not something that you have to think about doing yourself. Run regular scans to give yourself peace of mind and confidence that all your systems are safe. Keep on top of what all the latest scams are so you are more confident that you know what you are looking out for.

These five points are a good starting point for staying safe online. Make sure that you are always on your guard as the online world is a dangerous one, but you will put yourself in a much better position with safe internet practices like these.