Will Chatham is the Security Assessment Engineer for Arbor Networks. Since Netscape 2.0, he has worked in a wide array of environments including non-profit, corporate, small business, and government. He started as a web developer, moved into Linux system administration, and ultimately found his place as a security professional. Having most recently conquered the OSCP certification, Will continues to hack his way into various things in an effort to make them more secure.

Does Your Business Need a Mobile App?

When the first startup our businesses, we usually focus on our foundation. This can include things like the product you offer, the message you want to give to your audience and also the type of industry that you want to be a part of. There are many considerations when it comes to building a business from scratch, and you usually want to focus on these important points first.

However, once you start growing your business, you’ll realize that there are far too many ways to improve your company and you might get lost in the decision making. Do you try to expand your lineup of products, do you refine what you currently have or will you decide to branch out into other industries?

One of the most underrated ways of growing your business is to actually develop a mobile app. Mobile apps are all the rage now because more and more people are letting go of their computers and laptops in favor of tablets and smartphones. They can do all of their work on smaller devices and they’re more likely to use their phones to browse the internet and get on social media.

You can take advantage of this by making your own mobile app, but how would you approach it and does your business really need one? Let’s find out.

What Would the Goal of Your App Be?

Let’s start with the basics: what would the goal of your app be? What do you aim to accomplish with the app? If you’re not sure about your options, then here are a couple of considerations:

  • Grow your business’s brand image.
  • Extend your reach to customers that wouldn’t normally use your services.
  • Provide an extension to existing services.
  • To facilitate a loyalty scheme that promotes customer loyalty.
  • To increase the number of customers you have.
  • Allowing customers to engage with your business better.
  • Improved connectivity between you and your clients.
  • To improve the customer experience.
  • Provide customers with unique offers and discounts.

These are just a few example goals of what the goal of your app would be. It’s best to take these all into consideration because the type of app you create is ultimately going to change depending on your goals. Some companies might want to focus on growing their brand image first, while others might focus on improving the customer experience.

Consider the Costs of Software Development

Now that you’ve taken a look at the common goals of a business app, let’s examine the costs involved. For starters, enterprise software development doesn’t come cheap but it does come with many advantages. You get a far more professional service than the alternatives and you can plan your app with the development team to ensure you’re getting the best features.

However, if you only need a small app then you might want to consider hiring a freelancer to do it for you. There’s no guarantee that they can help you manage it, however. Keep this in mind when planning out your software development and remember that cost is a big factor. It can sometimes be worth taking out a loan just to pay for the development of your app, but make sure you speak with your financial manager to determine the return on investment you can expect to receive.

Reasons to Have a Mobile App

Now that we’ve got a goal and we’ve considered the costs, let’s take a look at why you should be developing a mobile app for your business.

 

  • Better Product Value – When you attach additional services and offers to every product you sell, you’re boosting the value of those products through the use of your mobile app and creating a better value prospect.
  • Improve Brand Image – By having a mobile app with your business, you greatly improve your brand image and reputation. Almost every large business with a well-known name has some kind of mobile app that extends their services and assistance.
  • Boosting Web Traffic – Because many mobile users also focus on using the web on their phones, you’re more likely to get increased web traffic as well.
  • New Sources of Revenue – Apps can be used to secure new sources of revenue such as microtransactions. These are more common in video games and software apps, but there are many useful applications of having microtransactions.
  • Social Media Integration – Social media is a brilliant platform to advertise on and having social media integration in your app makes it much easier to take advantage of.
  • Listening to Customer Feedback – Using an app is a great way to listen to customer feedback. You can ask your customers questions, you can present them with surveys or you could even allow them to send feedback to you through your app.
  • Improving the Overall Experience – An app can greatly enhance the overall customer experience if used correctly. For instance, a software app could be a companion to your services. If you’re a delivery service, then you could use a mobile app to track deliveries that your clients and customers have sent or are expecting to receive.
  • Show Your Customers You Care – An app can do a lot if used correctly. You can show your customers that you care about their service by attaching an app to your business that allows them easier access to your products or guidance when they’re in need.

 

Some Final Words

Having a mobile app is a great way to grow your company. While it can get quite expensive to develop an app, it’s an expense that is worth the money thanks to all of the fantastic advantages that it offers. Whether its’ growing your customer base with an easy-to-use app or offering them additional services through the use of it, customers are usually always willing to download your app just to get some additional benefits.

4 Great Apps for Bringing Some Harmony to Your Life

Life just tends to get a bit rough sometimes. Even if there’s nothing explicitly going wrong at any given moment, the normal grind of daily responsibilities, chores, and expectations can end up wearing us pretty thin, to the point where we’re pretty ready to throw our hands up in the air and have a minor breakdown.

Part of this stress is just the inevitable cycle of ups and downs that comprise the human experience. Some of it is due to the way our lives are structured in the hectic 21st Century, where internet, tv, and smartphones all keep us permanently hooked into the neverending flow of information and obligation.

Luckily — whatever the cause of your personal stress and irritation — technology can also offer you some soothing solutions. Even if you run a software development company and are pretty sure you know your way around the block, these life-aiding apps are worth looking into.

Calm — for learning to meditate and keeping up a routine daily practice

There are many meditation apps out there — some more modern, and some more esoteric than others. Calm is one app which strikes a brilliant balance between the structure required to make progress in learning a skill, and the easygoing and fee atmosphere that defines the clearheaded mindfulness meditation is meant to inspire in the first place.

With the Calm app, you can enjoy a series of restful backgrounds and side effects, benefit from short “Daily Calm” meditation sessions focused on different themes, and even listen to soothing sleep stories to help you doze off promptly at night.

Then there’s the database of meditations. These are broken into individual sessions and “courses”. You can do any number of courses at the same time, and switch between them without any hassle, but it’ll generally be in your best interest to see a course through promptly once you’ve started it.

An intuitive calendar feature shows you your best and current meditation streaks, and nudges you gently to stay on track.

Meditation has been demonstrated by scientific research to be effective at enhancing calm and feelings of wellbeing. With the Calm app, you can start enjoying those benefits pretty much immediately.

Habitica — for forging positive habits (and breaking bad ones)

Habitica — formerly known as HabitRPG — is the perfect nerd-friendly solution for anyone beset by bad habits and an inability to properly stay focused on the task at hand.

Habitica “gamifies” habit-mastery in an intuitive and deeply fulfilling kind of a way. You have a pixel-art virtual avatar, equipment for him or her, a shop to buy new items from, gold, levels and experience points.

The way the app — or game — works is that you create tasks across three different category sections. “Habits”, “Dailies”, and “To-Dos”. Completing tasks in each of these areas will reward you with experience and gold.

“Habits” are, well, your habits. You should include both habits you want to reinforce and habits you want to undo, here. For a positive habit, every time you perform it throughout the day you can click a plus button for a boost of XP. For negative habits, you press a minus button and lose health. The idea here is that you combine positive and negative reinforcement to re-shape your habits and guide you towards a better, more uplifting lifestyle.

“Dailies” are recurring tasks that you need to perform on a daily basis. “To-Dos” are one-off tasks that you need to achieve in general.

If you struggle with mastering your routine and habits, maybe turning your life into an RPG could be the ideal solution.

Nozbe — for getting tasks out of your head and into a system

Nozbe is a project management app based on David Allen’s world famous “Getting Things Done” productivity system. The essential philosophy behind the system is simple; humans are very good at coming up with ideas, but not good at remembering them. Trying to keep all of our goals and tasks stored in our heads, therefore, is a quick road to stress, under-performance, and disaster.

Nozbe deals with these issues simply and intuitively. Every idea you have that seems significant should be turned into a rough task or entry in your “inbox”. When you have a free moment, you should process your inbox, delete irrelevant or non-actionable tasks, and turn those which are actionable into “projects”. Once turned into projects, these tasks then move to a separate panel.

For each project, you then add tasks that must be completed in order for the project itself to be completed. Then, for each project, you select a “next action” out of all the available sub-tasks.

These selected “next actions” then appear on a “priority” panel.

So, in a few simple steps, you’re able to collect your tasks, categorise them, and identify the next actionable step you should be taking. It’s a real load off the mind, so to speak.

YNAB — for managing your budget on the go

Financial issues are perhaps the single biggest source of stress out there, and having to page through stacks of old receipts to identify your spending habits and plan your budget going forward isn’t any fun.

You Need a Budget — or YNAB — is a browser and app-based service that follows the principles of zero-based budgeting, and allows you to stay on top of your spending, and manage your finances, virtually effortlessly. Transactions can be automatically imported from your online banking to YNAB, or can be entered manually, either while at home or when out and about.

Your income appears as a “to budget” amount which you then assign to different categories of your choosing, such as “parking”, “fun money”, or “bills”.

By planning how each penny of yours is assigned, and then tracking your expenses to make sure you’re sticking to the script, YNAB can remove a lot of the uncertainty and worry from your financial life.

5 Ways To Maximize Your Data Security

The world of business tech is advancing at such a rapid rate and with it, cybersecurity is progressing massively. The improvements in technologies have their benefits, but the downfalls are that they are also helping out the hackers and criminals floating around the cyber world. The data security loopholes can be easily exploited with the tech know-how among cyber criminals, which means that as a small business, you have to be on the ball with your security. It’s an increasing worry with small businesses when it comes to data, because while you’re not a large corporation, you are going to be far more at risk than the bigger players in the industry. This is largely due to the fact that as a small business, you are less likely to spend your budget on increased IT security.

You can manage your data far better when you need to protect it and maximise your data security and this includes things like updated software, better technologies and preparation with your precautionary measures. When you are a small charity, data management software similar to what you can get from Global Faces Direct is so important for not only managing your donors but keeping their information as secure as possible in the face of a security breach. This goes for any small company; using an outsourced business to look after your data can do wonders if you are a victim of a cyberattack.  The thing is, protecting data just doesn’t protect the data. It also protects the core of your business and the entire framework. If you’re not working to take care of your sensitive information, you’re going to leave your company open to people coming in and taking what is not theirs. With that in mind, here are five ways to maximise your data security and protect your business as much as possible.

Limit Access. While it’s nice to trust people with access to the sensitive data on your business server, this is not something that you should be giving out to everyone around you. A lot of organisations – including yours – likely give out privileged information to a large number of employees. Have you ever considered only doing this for the management team and those that ‘need to know’? Limiting the access to your sensitive data doesn’t just help your business, but it helps you to understand exactly who has the access to it. This can then be helpful in the incident of an internal security breach and makes it easier to narrow down a culprit.

Know What’s Sensitive. Businesses have a lot of data floating around out there, but if you don’t quite know what is classed as sensitive, then you should really start looking into that. This will mean that you have the right information when you need it and will give you the chance to allocate more security to that information as you need to. It may only be about 5% of your business data that is crucially sensitive, but it’s this information that could bring your business to its knees.

Prepare Security Policies. No one wants to think about what would happen in the event of a cyberattack but preparing your policies to mitigate you in the circumstances of it happening will be a huge help. It will impact your response to an incident as well as help you to carve out your reaction to extreme security breaches. You’ll also know which information has been breached right off the bat, helping you to manage your response.

Password Management.  Every employee in every department of your company needs to have a strong password allocated to them by the system instead of allowing staff to choose their own. Sensitive data should be buried under lock and key, only accessible with passwords and multiple codes. Doing this can make a huge difference to the response time when a breach happens and can also help you to locate where things have gone wrong; whether internally or from the outside.

Back-Up. Regular security checks on your data as well as a regular backup (think daily!) is going to make life much easier for you in the event of a breach. You will be able to get your information back quicker and secure it so that it’s not wiped completely from the cyber universe.

Being a successful business means being awake to the issues that present when it comes to your data. You need to know the risks as well as the benefits of protecting your information.

Can You Invest In Real Estate Without Being Filthy Rich?

The average Joe is shut out of many investing arenas not because he or she is not part of the elite, but because they simply don’t have the capital. But in the modern world, we all would like to invest our money somewhere smartly. Many people are hesitant, but the reward of your money making more money is far too great for others to miss out on. Sensibility plays a huge role in how we make decisions because behind our wallets are our minds. Some of us wouldn’t mind a high-risk high reward investment plan, but for others, the odds have got to start in their favor. This kind of polar opposite in personality is everywhere no matter how rich or poor you are. Real estate has been and always will be the top dog in investment with the global property market valued in the hundreds of trillions of dollars. So you would think that with so much money floating around, there would be just as many opportunities. Put simply there didn’t use to be, as in truth you had to be rich to invest in lucrative real estate propositions. Not now though as real-world currency plays a bit part instead of running the show.

Tokenized opportunities

In an effort to make the real estate industry more transparent and fluid in how it does business. Tokenization is fast becoming the trend to hedge your bets on. Individual and asset management companies are willing to put their properties in the digital realm where there are more opportunities. Tokenization is simple, but because the concept is new, people often freak out and veer away from it as they think it’s too complicated or just a fool’s hope. A property owner can register his or her property with a cloud platform token blockchain. After being accepted by the company whose platform it is, they need to register their wallet in order to get ready to receive and distribute tokens to financial institutions; one of these systems is the i-house IHT Token. The property is then split up into different segments. Smart contracts for each part of the property are issued and then given a token as to what their real-world value really is. On the platform, the owner can track how their property is doing via the asset income display. They may also want to check out who is buying and who is selling via the asset transfer platform. Put into layman’s terms, properties are split up into tokens, and each token has its own value. These tokens can then be bought and sold freely with everyone keeping notes as to what’s going on, so there is absolute transparency.

Where Joe comes in

So now that properties are being accurately valued for each of their segments, this means they get split up. After tokens are assigned to them and then given to financial institutions, they are then sold to individual buyers. Because the properties have been segmented there are differing values to them. This gives the average Joe a chance to invest in a property without having to bust the bank. Rather than being an investor, you’re a buyer owning a piece of the pie without any obligation to hold onto it. As the smart contract can be bought and sold as a token, there is no need to involve a mediary either. Every transaction is open and honest, done on the cloud platform. This makes a blockchain meaning all the data of who bought what from who and for how much is not hidden. As there are many witnesses to the blockchain, the selling and buying is more honest and transparent therefore it invigorates one’s trust to buy. The legal side of investment puts the average Joe off his morning coffee. It’s boring and complicated to many, but in the past, it’s been necessary. However, with blockchain platforms that use tokens as the currency of buying and selling real estate, two birds are hit with one stone. Firstly the token system is actually quite simple to use even if you can’t understand it right away. Then the platform is self-regulated or rather transactions made in the public arena so all those involved, i.e. peers, regulate it themselves. The other benefit is that fact that even people with small amounts of investment funds can get involved.

As the properties in cloud platforms are segmented, parts of a property can be bought rather than the entire asset. This also means that due to the sheer number of investors, token values can go up and thus your token is now turning over a profit. This is the new way of making money and investing in real estate that everyone is watching right now.

Windows Privilege Escalation (privesc) Resources

I have obtained a standard user account on Windows. Now what?

This is a common question I see people inquire about frequently on the Discord/Slack/Mattermost servers I hang out on. This includes people working on CTF exercises (Hack the Box), OSCP/PWK studies, and just pentesting in general. The answer, of course, is that you need to enumerate the system and find a way to become Admin.

The methodology for how you actually do this depends on a lot, all depending on your specific environment and circumstances.

Windows Privilege Escalation to the Rescue

Here are some useful resources on what to do next in your given situation, after you have succesfully exploited your way onto a Windows box, but before you have the system administrator role. I collected these links, snippets, and exploits during my OSCP studies, saving them in this massive OneNote notebook. Rather than letting them sit there where no one but me can access them, I thought I’d share.

Some of these get pretty detailed, and some of them have links to yet even more resources on this topic.

Have fun…this rabbit hole runs deep!

Privesc Resources

Elevating privileges by exploiting weak folder permissions
http://www.greyhathacker.net/?p=738/

Encyclopedia of Windows Privesc (video)
https://www.youtube.com/watch?v=kMG8IsCohHA&feature=youtu.be

Windows Privesc Fundamentals
http://www.fuzzysecurity.com/tutorials/16.html

Windows Privesc Cheatsheet
https://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html

Windows Privesc Check
A script that automates the checking of common vulnerabilities that can be exploited to escalate your privileges:
http://pentestmonkey.net/tools/windows-privesc-check

Common Windows Privesc Vectors
https://www.toshellandback.com/2015/11/24/ms-priv-esc/

Windows Post-Exploitation Command List
http://www.handgrep.se/repository/cheatsheets/postexploitation/WindowsPost-Exploitation.pdf

WCE and Mimikatz in Memory over Meterpreter
https://justinelze.wordpress.com/2013/03/25/wce-and-mimikatz-in-memory-over-meterpreter/

Windows Privesc – includes tips and more resource links, on Github
https://github.com/togie6/Windows-Privesc

Do you have any Windows Privesc resources you think should go here? Comment below and I will add them.

Which Software Is Right For My Business?

Every business can benefit from using software to speed up processes and improve organisation. But with so programmes out there on the market, how do you know which software is right for you? Certain software may be too simple for your needs, whilst other software may be overly complex. There are also factors such as cost to consider. Here are just some ways to help make the right choice when looking for software for your company.

Check online reviews

Online reviews are great at giving you unbiased information on software including the pros and cons. You may find professional reviews in tech publications are the most insightful as these people have tested lots of different software and so have more know-how when it comes to which programme is best (comparison guides are a great read). That said, user reviews can also be handy as they may offer information in layman terms and show how software can be applied in a real life setting. There are also video reviews out there on Youtube that may include walk-throughs of the software on screen so that you can see what it looks like.

Download free trials

Some software companies will offer the opportunity to download a free trial. This allows you to use the software for a few days and get to grips with its interface, helping you to determine whether its right for you. You can get your employees to test it out too if they’re also going to be using it and then you can vote whether you think it’s worth buying. Free trials may not always give you a full experience of what software is like to use – some features may be locked – but you can get a good idea just from the basic settings whether a programme is right for you.

Attend software demos

Some companies will host software demos in which a spokesperson will give a presentation and answer any questions regarding the software. Software demos can be very salesy and you’re likely to get very biased information as a result, however the chance to ask questions and possibly even negotiate pricing can make demos a worthwhile event. They’re also great chances to network with other business owners and get an idea of a software company’s target market.

Consider specialist software

There’s a lot of generic one-size-fits-all software when it comes to processes like accounting and project management. Some of this software is very popular and therefore has had a lot of money poured into improving it and making it reliable, however it may be too generic for some niche companies that need more specific features. Looking for specialist software such as veterinary software or architect software could be more beneficial in certain cases. It’s worth testing out a mix of specialist and generic software.

Go bespoke

There’s also the option to pay a software development company to build your own software. This could be designed entirely to your specs, giving you all the features you need. This can be more expensive, so make sure that you’re going to get regular use out of this software – it could be a way of combining the functions of multiple programmes into one software, saving you money in the long run.