-atlas wandering-
Bloggorama for breaking things

\

• /(38)

Subscribe
Subscribe to a (RSS) feed of this weblog.

Archives


This Blog

longtime no post
Yes, thank you for noticing, I've not posted in a while. And with good reason. I'm afraid I still have not had the time to post more about fucktcpd, so if that's what you're looking for, don't bother reading the rest of this post.


I recently did 4 interviews with a large security company only to be turned down. They had four positions and apparently I wasn't in the top four. The friend who got me to interview tells me I was close, but he's a friend, what's he gonna say? There are potentially other jobs I could do there, even perhaps better matching my "break things" direction... we'll see. They seem too busy to talk to me, which I can understand. They're starting a brand new department.
Bottom line is I'm content in my current job and that may be why I didn't make the top four... :(

Meanwhile, back at the ranch, we've had kids sick and me sick within the last few weeks. We're all doing much better though. And the family is great. I'm very thankful. I wish I could say I made it out without an inappropriate encounter with the toilet, however :/

My consulting/network appliance business has kept me busy. I've much to learn about the low-price appliance market, and I've already learned so much. The appliance cost and maintenance costs must cover the amount of work it generates or you end up doing a lot of stuff for free! :\ My wife kept me from mass marketting the thing a couple years ago. I'm kinda glad she did, given some of these lessons I'm having to learn. We are waiting until such a time as it makes sense (time-wise)... if that ever happens.

Meanwhile, I've been working to get the v2.0 of the product ready. It's a shift from one major distro to another completely different distro of Linux for its base. That is proving interesting. I am glad I'm doing the shift now rather than later. The switch is getting it off an RPM-based distro onto a DEB-based Ubuntu platform. This gives me a better update mechanism. That's always been a problem. If I wanted to make my own updates it was always having to hack into SuSE's online update mechanism which is proprietary. Debian distros are all using APT, which is just as easy to package for and much easier to maintain a software repository.

Anyway, I'm probably 3/4 way through the major refresh of the build package, which handles all the building/configuring events. I have some holes to fill in for the Modem and DSL connectivity pieces, and a few other areas to be completed. Then I move into the "spot-check" phase, where I test every major subsystem to see what doesn't work right. The todo list then serves as the countdown to pilot (which is where I convert my own systems one-by-one). Somewhere before then I have to work out the inplace upgrade process, where all the hard drive locations get moved into the new locations (as the Ubuntu packages often place things in different locations than SuSE).

Meanwhile, I'm reading "Reversing: Secrets of Reverse Engineering". Seems pretty good so far. I'm only into the second chapter, but it promises to be very good. I'm also reading The Shellcoder's Handbook, and Hacker's Disassembly Uncovered is next on the list.

Meanwhile, I have a singing gig in a few weeks..... A friend of mine and I are doing a duet "Never Alone" by Barlow Girl (yes, we're male-ifying a girl song)

Meanwhile, I've been working to come up to speed on PyElf, and contribute a little bit. It tears apart an ELF binary and should allow you to modify it and put it back together when we're done. This is a project lead by Visigoth and Metr0 from Kenshoto.

Meanwhile, I've put together a proposal for a DefCon 14 presentation and tool release. So I've been updating my hack-assistance tools and am going to package them and release them at dc14 if I get selected.

Meanwhile, I've taught myself Python which is an awesome language. My day-job is getting me to learn C# and VB.NET. And a part of me would like to learn Ruby someday. Perhaps I should do it, since I clearly don't have enough going on. :)

Meanwhile, I'm going to be teaching SANS 504: Hacker Techniques, Exploits, and Incident Handling soon. This was how I got my start into this world. I'm *really* geeked! I just finished mentoring this same course, which of course was 12 weeks long (normally 10 weeks). I've been wanting to teach this class since I took it with Ed Skoudis. I'm no Ed... but I guess neither was Ed when he started ;)

Meanwhile, the day job has got me doing a wide array of things, some still relatively new to me, some old hat. From configuring Wireless bridges to firewall design and maintenance, to application security assessments, etc... they keep me busy. We are doing a good deal of systems design and replacement of legacy core systems. And they have me involved during various phases to ensure security is designed in. They've also got me doing security audits on existing systems, and code audits will be the next step (which of course is the direction I'm enjoying). That's why I'm learning C# and VB.NET, so we can not only point out issues, but come to the table literally speaking the developers' language. Granted, I'm learning it a bit differently than they are ;) But you can't expect every Windows developer to learn on both Visual Studio *and* Mono, nor to spend the time disassembling the IL. ;)

Well, time to head. I wanted to let both of my readers know why they haven't seen any new posts in a while. The job-interviewing and stuff really took it out of me. I picked back up the deadlisting of fucktcpd, though. We share overcome. It's enjoyable ;)

[] permanent link / /