old notes

brainstorm

About Me

#whoami #cv #extendedcv #favouritebooks #philosophy #email #me #at #yffenim@protonmail.com #guaranteed #slow #reply

CTF Learning Journey

#bandit #overthewire #hackthebox #leviathan

Infosec Concept Notes and Cheatsheets

#threatmodeling

UofT Cybersecurity Bootcamp

#UofTBootcamp #classwork #homework #classwork

Homelab Experimentations

#brainstorm #config_1

Searchable Tags by Topic

#ssh #nmap #nc #git #grep #awk #ps

Other Careers

#activism #poetry #prose #fiction #literature #movementtherapy #personaltraining

Collaborative Projects

1. Homelab

What do I want to explore in this homelab and why?

  1. Pi with EXSI set up on ARM: to create a manageable, low-budget hardware that is flexible and multi-use to host VMs

  2. Domain Controller: To understand Active Directory, DC hardening, and Windows Sys Admin.

  3. Malware Analysis Lab: To conduct static and dynamic (hybrid?) analysis and more efficiently triage threats.

  4. Linux Web Server: To gain a deeper understanding of Linux

  5. Custom Kali Box: Why not?

Notes on DC server

  • What is a Domain Controller?

A server that responds to authentication requests and verifies users — aka DC contains everything an attacker could possibly need to cause massive damage to your data or network, i.e. computer names, group policies (Windows AD only?).

The Domain Controller offers an additional security layer (is layer the right word here?) by managing membership on the network, often using Active Directory as its source of rights.

Active Directory = hierarchical directory service for Windows domain networks

Domain Controller = host(s) on the network that serves the Windows domain network

AD is the software. DC is the box.

Notes on Malware Analysis Lab

  • Windows 10 VM (home network)
  • Ubuntu VM (home network)
  • Undecided OS for SSH Honeypot (VPS)
  • ?
  • Linux Security Onion?
  • How else to capture macro malware, i.e. phishing attempts or malware hosted on a link in an email?

Follow-up Questions

  • What are witness nodes?
  • What is a Vcenter and when is it needed?
  • Why use a Intel NUC set up?

Individual Project(s):

Decide between Dopamine Tracker vs 3rd Party Tracker vs Creepy Stalker Tracker app?

Dopamine Tracker App: Mastery over Distraction

Users can create an account to track their non-work activities for the day. The app will then render a graph categorizing these activities as distraction- or mastery-based dopamine sources and offer a comparison with the previous day. The goal is to help neurodiverse people with addictive brain structures solidify positive habits and catch negative loops before they take a-hold. Similar to a habit tracker but instead of tracking habits per day, this is more about offering a mirror.

3rd Party Tracker

Users can create an account to aggregate browsing privacy data. This app will allow you to visit a URL as if a real user had made the request and receive a triaged list of all the third party cookies posted from the website visited. The goal is to where your information is going when you visit your favourite sites aka the ones you do free labour for on a daily basis.

Creepy Stalker App

Users can create an account to stalk someone via their publicly available What's App info. The app will log every time they come online and their shared location for one week in order to predict their schedule/location for the following week. The goal is the convince my friends that privacy is a civil right worth taking seriously right now.

#outlines #brainstorm