Monday, October 17, 2011

Yes, this blog is still alive, expect new posts by next month










Y
es, this blog is still alive, and I plan to start posting new materials starting next month. Topics will range from Armitage for Metasploit, Artillery for Linux, Cloud Computing Security, QualysGuard Scanner, Nessus Scanner, ITIL and ISO27K, and of course, our favorite playground, Metasploit Open Source Framework. HD is the man!

I feel blessed for the past 10 months despite my inactivity from blogging.
I met an awesome mentor that paved the way for me to meet excellent minds in InfoSec (Thanks Gene Schultz, we miss you already R.I.P).

Through grit and passion I was able to get the position I want with my current company; without the hassle of starting new relationships with another company. How did I get the job?

I pen tested my way to it :-)

I have some major milestones up ahead before the year ends. Hopefully I clear the following tasks so by 2012 I am back to blogging:

1. IAM Level III Certification Exam
2. Industry Compliance Initiatives with my current company

"Stay hungry. Stay foolish" - Steve Jobs 1955-2011

Ron
@guerilla7 on Twitter


Saturday, January 29, 2011

Confessions of a script kiddie and a l337 wannabe

Dear interviewer,

I do not know how to code. I only know a limited amount of Python and Ruby scripts. I can't figure out assembly language and C++. Shellcode scares me. Socket Programming, yeah, a little bit.

But there's a couple of tricks that I do know. I know how packets are made of and how they behave. The OSI layer and TCP-IP 3-way handshake is something close to my heart. I know how to leverage the MSF3 Framework for a goal-oriented penetration testing engagement. I know how to evade firewalls and overall detection using NMAP. I know how to craft my own packets using NPING. I know what a reflective DLL injection is. I know how to migrate an existing exploit from one running process to another. I know the difference between a compromised Windows XP and a clean one by just looking at a running Wireshark capture. I know how to maintain my connection. I know how clean my tracks.

I know how to go over a list of check boxes, namely SAS70 Type2 Audit (Now called Service Organization Control Reports), the legendary PCI-DSS, or HIPAA, or the ISO27001. I love the GAPP document by AICPA/CICA. Pretty straight forward.

Yes, I am a script kiddie. I do not breath and live codes. All I need to do is read and follow how to exploit a specific vulnerability. The l337 coders already made the codes, the payloads, and the guide how to attack. The difficult part is done and all I need to do is follow the guide from step 1. And yes I hate the command-line. Thank you Raphael for creating Armitage, makes MSF3 like child's play. Hail Mary see you tonight!

Thank you for hearing me vent by reading this blog. I am just frustrated because everyone is looking for "paper-certified" security researchers when I go over Dice.com, Monster.com and other job hunting websites.

Goodnight.

A playground for network security enthusiasts, innovators and early adoptors


Welcome to my blog, this is me thinking out loud about Voice over IP security (VoIP), managing and optimizing converged networks, Metasploit Framework, Cloud Computing, general security and privacy concerns, grappling adventures, and tuning my MKIV VW Jetta.

All inputs, feedbacks and violent reactions are welcome.

Packet Boy Perseus
Helping spread a positive image why we hack things.

About Me

I am an InfoSec Innovator, a Blue Ocean Seafarer and a Paul Graham Pupil.