Will Chatham is an Information Security Analyst, OSCP, Ethical Hacker, and Penetration Tester at a federal data center in Asheville, NC. Since Netscape 2.0, he has worked in a wide array of environments including non-profit, corporate, small business, and government. His varied background, from developer to search engine optimizer to security professional, has helped him build a wide range of skills that help those with whom he works and teaches.

The Power Of Privacy

The online world is both weird and wonderful. It’s safe to say that the internet has opened us up to so many possibilities, it’s incredible. We can connect with family around the world, do business deals from our bedrooms, and shop for just about anything, from anywhere – all before sunrise! But there is a flip side to having such much access. Not only are you able to access pretty much everything that you can, but the internet also has access to you. And it’s this side of the online world that can be pretty worrying to most of us. When you think about it, how much privacy do you really have online? Sometimes, not much! But you can change that by working with the right tools.

Domain Privacy

If you have a website or a blog, or any kind of online space that you have your own personalized domain for, you can often feel pretty great. You have your own corner of the internet to share the things that interest you, and owning your own domain can be a cool part of that. But it’s not always private. When you register your domain, your personal details such as your name and address can be visible to anyone. And that can be quite scary. So, you should opt for domain privacy when you’re buying your domain. That way, the details are the company, such as Bluehost, details, not yours.

Online Anonymity

When you’re browsing the internet, you can often assume that you’re safe and that nobody can see what you’re doing – even if you’re just looking on Facebook. But that’s not always the case. You can often be seen, even by the CIA or FBI! So you might want to use a VPN to keep your activity private. Take a look at some VPN reviews to see if they’re for you. You may feel more comfortable knowing that companies can’t always access your search history if you do.

Cookies

We all know about cookies. We often clear them regularly to keep our computers working well and to avoid too much of a trail online. But if you find that advertisers are still tracking you with what you’ve browsed, then why not think about blocking third-party cookies? You can do this in the settings, and it will allow advertisers to stop tracking you altogether, for a bit of peace of mind.

Social Privacy

Then you’ve got your social accounts to think about. Are you happy with anyone and everyone being able to see your social accounts? If not, then you’re going to want to go private. That way, your online social life can be kept to those that you’re happy to share it with.

SSL

Finally, you may also want to check that you’re secure online. We often see SSL when we’re logging into financial accounts, for example. But not everyone uses it. If you want to keep your privacy up, you need an SSL connection. Not every browser users them, but you can get extensions such as HTTPS Everywhere that can put that SSL connection onto a range of websites for you, just for extra measure!

Left Brain vs Right Brain: Can You Have a Creative Career in Coding?

Left brain or right brain? It’s a question that seems to be forced on us all the time as if making a binary choice between the world of tech, data and coding and the more creative career options out there is all we can do. But increasingly these days, people are looking to combine their interest in the arts with the possibilities of a technology-led career, and the choice certainly doesn’t have to be either/or. In fact, the point where creativity and logic meet can be startlingly inspiring. If you’re looking to combine the two areas, here’s just a flavour of the kind of arenas you could be operating in –  and who knows where you might be in ten years time:

Digital Product Design

An eye for technology and processes combined with ergonomics and splash of creative flair could well lead you down the path of product design. From web apps to digital products to physical objects out in the world, like cereal packaging design, you’ll need to drive projects with a vision that combines technical know-how with computer-aided design and a knowledge of aesthetics and what has consumer appeal. Knowing how things work and being able to apply that to a host of applications and products is a highly marketable skill. Familiarise yourself with multi-variate testing, graphic mock-ups, wireframing and site mapping to really understand your niche.

User Experience

Closely related, UX is big business these days, from disruptive start-ups to blue chips, as everyone competes for our shrinking online attention spans. UX articulates the emotional response of a consumer to site design and seeks to continuously optimise these in a relentless march down the sales tunnel to conversion nirvana. Constructing the architecture of a successful app or website is as much art as it is alchemy – there’s a ton of insight to be found in analytics, but a lot of subjectivity in design that leaves room for creative souls. From streamlining purchasing processes to creating branding guidelines, the scope of the work is highly varied.

Big Data Analytics

With data mountains stacking up around us all the time, and companies pushing to collect more and more information, there are heaps of untapped data lying around with companies desperate to analyse consumer behaviour and monetise it. It might be Machiavellian, but if you’re a bit of an armchair psychologist, such untapped access to behavioural analytics can be a playground. Defining user profiles, spotting macro and micro trends and translating them into workable strategies requires a keen eye for statistics, but also a massive dash of creative intuition to make the leap into saleable insight. Plus, the depiction of big data can literally be an art form if you’re feeling exceptionally creative…

Digital Animator

Web developers can use their coding magic to turn static designs into fully functioning realities, and creative problem solving and thinking outside of the box are skills in definite demand when it comes to this profession. There are opportunities to develop custom animations all round, and web development is definitely a skill best learned on the job. In fact, coding can be entirely self-taught, and can then lead you down the path of creating animations for other sites as a source of freelance work.

So there you have it – left and right brain, not destined to be mortal enemies after all, but creating viable and profitable careers paths in the brave new world.

The Ethics Of Food

When you sit down to your evening meal, it’s unlikely that you take a moment to think about where the food has come from. We have all become accustomed to having what we need, when we need it, from gluten-free options to low-carb keto-friendly recipes. We can eat strawberries in January and exotic fruit from the other side of the world, such are the delights of the modern diet options.

While you should always enjoy your food, it is worth spending a moment thinking about the ethics behind how we eat. There tends to be a price — sometimes financial, sometimes environmental — for everything that hits our plate. Sometimes, that price can be extortionately high, and one you might not be willing to pay if you know the extent of it.

Below are three examples of the ethical questions surrounding modern food, and how you can make small changes to address some of the issues raised.

#1 – Fair Trade Food

For third-world countries, globalization has meant that there are more work opportunities than there might otherwise have been. However, it’s wrong to assume that the citizens of these countries are in work that pays well and supports their living. Sadly, multinational corporations have a terrible history of exploiting their third-world workers in an attempt to boost their profit margins.

The Fair Trade movement is an effort to combat this issue. Farmers who work within Fair Trade practices are paid a fair wage, one that is enough for them to live a decent life on. If you’re curious to see how this works, you can find out more about the Fair Trade movement at fairtradecertified.org.

One note: Fair Trade food is a little more expensive than non-Fair Trade items, but the difference is relatively small– and can make a huge difference to the lives of farmers around the world.

#2 – Overfishing

Overfishing is becoming a huge problem throughout the world. Fish are being caught at such a rate that the declining populations don’t have the chance to reproduce and replace.

Companies who produce fresh and tinned fish are well aware of this issue. That’s why some companies have banded together to try and increase sustainability in their offerings. If you’re curious about these programs, then visit globalsalmoninitiative.org for more information on one of the leaders in this area, and see the difference these initiatives can make.

You could then put that knowledge into practice, and ensure that you’re always

#3 – Food Miles

Being able to eat any food you want at any point in the year is wonderful, but there’s a serious downside when it comes to the carbon footprint of that food.

Out-of-season and exotic fruit has to travel a huge distance to reach our stores, as it can’t be farmed naturally in the US. All of that travel is catastrophic for the environment, which is then made worse by the sheer volume of food waste the world creates.

It’s far better for the environment if you stick to locally-grown produce. Yes, you will be restricted to fruit and vegetables that are in season, but it can be fun to branch out and see the meals you can create with only local goods.

As it turns out, the food that goes onto your plate and the process is went through to get there is more complex than you might have originally thought. With a few small changes, you can be sure that you’re eating as ethically and sustainably as possible.

OSCP and PWK Tips, Resources & Tools

Here are some resources and tools I found useful while taking (and passing!) the Pentesting with Kali (PWK) course in preparation for the Offensive Security Certified Professional exam. It has been about two weeks since I passed, and I am still reveling in the satisfaction that has come with it, as it was ultimately a year-long effort to prepare for and take the course in order to pass the exam.

Many people post the usual resources that you can find on various blogs related to the course (g0tmi1k, highoncoffee, pentestmonkey, etc), and those are absolutely useful, but what I have assembled here are less common, and are hopefully useful for those of you about to embark on, or already in, the OSCP journey. They were useful for me.

Enjoy!

How to Pass the OSCP

https://gist.github.com/unfo/5ddc85671dcf39f877aaf5dce105fac3

My favorite part is this, right at the beginning:

1. Recon
2. Find vuln
3. Exploit
4. Document it

However, I would add a step so that it looks more like this:

1. Recon
2. Find vulnerability
3. Exploit
4. Privilege Escalation
5. Document it

Most of the machines in the PWK labs require that additional step. You seldom run across a VM where you run an exploit and get root right away, with no intermediary privilege escalation step needed. In fact, it is an entirely unique skill that you need to develop, practice, and practice again. What’s more, you have to learn “privesc” for both Linux/Unix and Windows machines — two entirely different methodologies.

Path to OSCP

https://localhost.exposed/path-to-oscp/
An interesting ‘trials and tribulations’ story of one man’s path to accomplishing his goal: the OSCP certification. Contains both video logs and various notes and snippets that may be helpful to you.

One Two Punch

https://github.com/superkojiman/onetwopunch
I didn’t discover this script until I had already rooted about 15 of the machines in the PWK labs, but I wish I had learned of it sooner. It runs a unicornscan (UDP) to find open ports, then passes them to nmap for service detection. It also looks at all 65,535 ports, so you don’t miss anything. Set this up as one of the first things you do when you start working on a new machine (it takes a while to run), then come back to check the results after you’ve done some manual exploration.

Reconnoitre

https://github.com/codingo/Reconnoitre
“A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags.”

This tool ended up being a workhorse, both in the labs and in the exam. Being able to check quick nmap results while more in-depth scans were still going was invaluable for getting things rolling along.

General Tips from Techexams

http://www.techexams.net/forums/security-certifications/116262-oscp-starting-13-12-2015-a-6.html#post1028560
This post has a lot of good tips for the OSCP exam. I can’t stress enough the need to be prepared for the exam, having all the things you need at your fingertips so that you don’t have to go digging through notes of files when you are tight on time or limited on brain power because you’ve been working on this for 18 straight hours.

Test Taking Strategy
http://www.hackingtutorials.org/hacking-courses/offensive-security-certified-professional-oscp/

  • The most useful parts of that site for me were:
    Finish your lab report for 5 extra points and optionally the course exercises for an additional 5 points. You might need them to reach the 70 points.
  • You need to write a penetration test report after the exam. Make sure you know how to write it so you know what information to collect during the exam. The lab report is a great practice for this, use it to learn how to document properly.

There were so many people in the NetSec Focus OSCP Slack channel that skipped the exercises, skipped the videos, and skipped documenting the requisite 10 VMs to get the bonus points for the exam. I saw more than a few of them fail the exam as a result. I would likely have failed the exam had I not completed the exercise and 10 lab machine documentation. All I will say is this:

Do not skip the exercise or lab documentation. These are free points. The way the exam scores total up, you may well need these points to pass!

Timing of the Exam

Also from this page, I chose to follow this exact strategy for timing, and it really worked for me. The important thing to consider is being able to have two fresh starts.

“The second attempt I’ve started the exam at 3 PM and planned to work till 3 AM and then sleep till early morning. This way I had 2 ‘fresh’ starts for the exam to utilize more productive hours.”

I ended up sleeping from 2am to 5am, at which point I set an alarm and a full pot of coffee to carry me through until the exam was over. I also had the support of my amazing wife, who kept me fed and hydrated the whole time.

The Offsec PWK Kali VM

Use the provided Kali VM, do not use the latest/greatest Kali version. Offset provides you with a VM that has been customized to contain everything you need to complete the course and the exam. There is no need to update it. There is no need to run the latest version of Kali. In fact, they customize it in certain ways to make sure you don’t run into problems, so don’t try to use something different. I witnessed multiple people having problems with this in the NetSec Focus OSCP Slack channel, and I wisely used the Offset Kali VM the whole course to avoid issues.

The NetSec Focus Slack Channel

I have mentioned it a few times, but this Slack channel was invaluable during my OSCP journey.  It allowed me to ask questions, bounce ideas off others, and chat with folks who were currently in the course or had already passed it. If you are in the OSCP course and you join the group, ask a moderator to add you to that private OSCP channel once you join. Keep in mind that they do not allow spoilers, or even questions about specific lab machines.  This resource is a great asset for those taking the PWK/OSCP course, and I made some good friends from being there and suffering through it all.

Lastly, I have to say it:

Try harder!

3 POS Features That Will Streamline Your Business

In today’s business world, it’s increasingly becoming important for business owners to leverage latest technologies to improve their sales. How you accept payments from your customers determines the quality of your customer service and the efficiency of your sales processes. Using a Point Of Sale system allows you to give customers control, collect better data, and increase your revenues. Sadly, most businesses are not making the most of the features of their systems.

In this post, we’re going to explore some of the features that can actually help to grow your business. Read on to learn more.

1. Streamlined Inventory Management

There is nothing as relevant to your business as your inventory. The last thing you want is failing to fulfil customers’ orders because specific items are depleted. With an inventory management interface, you can stay on top of your operations and monitor everything from the backend. For every fulfilled order, your system subtracts the item from your inventory.

This way, you get a clear picture of the state of your inventory. You’ll able to plan when to re-order new items for your inventory. Also, the management system allows you to determine the size of your next orders for specific items based on their past sales numbers. A great system will send you alerts when specific items start running low, so you can never be caught off-guard.

2. Customer Relationship Management (CRM)

In any business, customers are usually the main target. The more customers, the higher the sales numbers. So, you can take advantage of your POS system to improve your customer relationships. Through the CRM tool, you can store your customer data and identify their preferences. This way, you’ll able to personalize your customer service to suit your customers.

As technology advances, you have more options for cultivating and growing meaningful relationships with your frequent customers. In the long run, it’s possible to score a significant number of loyal customers. You can then reinforce your service with loyalty programs, which are aimed to reward frequent and high volume customers.

3. Staff Management Feature

Employees are also crucial to the growth of your business, and a good POS can help you to track their time and attendance. Use the tool to assign them job-based permissions, which you can customize depending on specific job groups. A great system will also allow you to set an entire week schedule in advance based on the availability of your staff members.

Typically, you don’t need to monitor your staff every time, and the system helps to eliminate confusion when it comes to task allocation. For example, if you’re running a restaurant, your system allows you to assign workers to specific sections of your floor plan to ensure a seamless operation.

If you have a POS tool and you’re not leveraging these features, you’re missing out on many opportunities to grow your business. Or, if your system doesn’t have them, then it’s time to invest in one that will help you accept payments faster, ensure customers’ safety,  and improve your overall business model. Take the time to review different POS systems while taking into account their specific features before picking one for your business.