Timothy De Block

  • Blog
  • About
  • Technology
  • Media
  • EIS Podcast
  • EIS Archive
CircleCityCon 2015

CircleCityCon 2015

Post 2017 Thanksgiving links

November 27, 2017 by Timothy De Block in Media

I hope everyone had a good Thanksgiving. Onward to Christmas!

What I'm reading

Using an Attack-for-Hire could get you in trouble with the law. Now you can do it from your mobile device!

Facebook's mission: ‘How do we consume as much of your time and conscious attention as possible?'

Interesting idea for setting goals. Three days, three months, and three years (what happened to three weeks?). New Year's is coming up!

Finding sensitive information in URLs is one of the easiest things to find in application security. Adam Baldwin went down a rabbit hole with this question: “wonder if any npm dependencies are using urls that contain tokens or passwords.”

CouchDB and the npm registry.

Good article on Digital Forensics Incident Response (DFIR) resources.

Root9B shuts down at the end of the year. It's a Brian Krebs article if you're wondering, "who is Root9B?"

Another Brian Krebs article. Scammed via Western Union? There's a fund for you.

Great take on the baseball Hall of Fame by Astros County

Troy Hunt is testifying in Washington DC regarding data breaches.

What I'm watching

Linkin Park & Friends Celebrate Life in Honor of Chester Bennington

When You Haven't Played Destiny 2 in 3 Weeks...

Destiny 2 Lore - The Story of Osiris

Leviathan Raid Funny Moments

#EarnedHistory | Houston Astros

November 27, 2017 /Timothy De Block
Links, Destiny 2, Houston Astros, Linkin Park, Baseball, infosec
Media
Comment
DG9UATdXsAA6X6c.jpg large.jpg

Podcast updates: EIS now available on Google Play and a new Astros podcast soon

August 20, 2017 by Timothy De Block in Media

The Exploring Information Security podcast is now available on Google Play Music. I decided to add it to Google Play Music, because a listener requested it. In the past I've put podcasts on multiple podcasting platforms. That is a bit of a pain to manage. With EIS I decided to just put it on iTunes and add it to other podcasting directories when requested. If you have another directory you prefer over iTunes or Google Play Music reach out and I'll get it added to that directory.

For those who enjoyed the Crawfish Boxes podcast (an Astros related podcast) I'll be starting a new Astros podcast soon. I've been toying with the idea for a month or two. I think I've figured out the format, the co-host, the recording time and place. I have some ideas for a name (I might do a Twitter poll). It will be much more casual. Name suggestions are welcome.

I expect to start the new podcast right around the playoffs.

August 20, 2017 /Timothy De Block
podcast, Astros, EIS
Media
Comment

How to win your first PUBG match

July 10, 2017 by Timothy De Block in Media

I just won my first solo PLAYERUNKNOWN'S BATTLEGROUND (PUBG) match. It feels great! So great that I've decided to write up this blog post on how you too can win your first match. As you may have already noticed by the screenshot above, I'm not a very good player. But I like playing, because it's a new style of shooter for me and I get to play with some awesome people.

The Jump

Shatter NL's PUBG Map v0.7

Shatter NL's PUBG Map v0.7

The plan entered from the north with a heading towards Mylta and Novorepnoye. I decided to get out at Yasnay Polyana. Most people who jumped with me headed towards the school and Rozhok. I had one or two other people head to Yasnaya Polyana with me. I never saw them.

The Loot

Looting the town, I ended up with an AK, an UMP, and a ton of healing items. I modded out both weapons decently. The only thing I was missing was a barrel attachment for the AK. On the armor side, I had level two backpack, helmet, and body armor.

The Town

While looting I heard a car drive up and the player get out. I froze at this point and stopped looting the house I was in. I was making sure to close doors of the buildings I was in so I could hear anyone coming in. I waited around for him to enter one of the two doors, but he never did. Eventually, I got the courage to head to the roof for a look around. No one.

I finished looting the house and headed north across the street. I had lucked myself inside the circle. I was confident that no one was coming from the North. They'd either come from west or south. I started looking for mods in the north side of town. As I found an SMG suppressor for the UMP, I suddenly noticed that the blue force field was running in on me (Whoops!). I jumped off the roof of the building I was in and started heading south. Across and open field with my pistol out. Right before I left I had heard gun shots to my east so I was watching that direction by using the ALT key while I ran. Shoot I forgot to grab the SMG suppressor! 

Situational awareness and sound are very important in this game. Most games I'll have music going in the background (Thank you Amazon Prime Music!). This game I don't. I make sure the game volume is at 100% and any chat programs are at 50% or less. This allows me to hear vehicles, footsteps, and gun fire.

You can run slightly faster in the game with your pistol out verse running with no gun out (default key X). Don't ask me why that is, I don't know. We tested in game the other night and the person with the pistol looked like they were running slightly faster. While running or standing still you can look around your character with the ALT key. This allows you to spot enemies in the distance or around objects like trees. I don't bother with the first person view in the game.

Being in the Blue

Once the blue force field passes your character starts to take damage. This is so that games move along and don't turn into camp fests. The more shrinks there are the harder the blue hurts. This was only the second shrink, so I wasn't taking a ton of damage, but enough to concern me. I made sure to take painkillers and red bulls before the blue overtook me. Two of those will also help make you run faster while healing you over time.

I eventually did make it out of the blue, with just enough time to take a first aid kit and another red bull (it gives you wings!). The blue was shrinking again and I had to move. I made it to the next white circle just as the blue got there.

15 players left

Is I entered the white area, I immediately looked for cover. I now had some time to breath and listen for gun fire. There was quite a bit off to my left. I hadn't fired a shot at this point, so I had plenty of ammo. I was hesitant to shoot anything as I didn't have a flash hider or a suppressor for my AK. Any noise from me would draw attention. A vehicle came flying into the zone, but he was flying up the hill and too far of a shot for me. He was getting peppered by others to my west so I focused there.

I saw a gun running across the field. With a clear shot I started firing at him. After three hits he went prone and I finished him off. The blue was about to move again so I started skirting the next zone east because it had more cover and the action was to my west. Another car drove up and stopped near the road. The drive was out and I started taking shots at him. This time I missed all my shots and he went for cover behind a rock. The blue was moving in and I headed back west to get behind a tree. Shoot! I have to cross the road.

I decide to take some damage and see if the guy will pop his head out. No go. I moved into a different rock just a few feet from his rock. He wasn't popping out so I started using a first aid kit and used ALT to look up over the rock. He's throwing a molotov cocktail. I move and cancel the first aid kit. The molotov lands behind me. I start using the first aid kit. Now he's moving out on me. I decide to pop out and rush him with the AK, despite having half health. I think he had an UZI, because I wasted him. I moved behind a tree into the next circle.

Four Players Left

At this point there are four players left. I heal up and start chugging as many red bulls as possible (usually two). I see a guy prone moving in from the west. He's moving into an area where my view is blocked from trees. I decide to note his location and hold off firing any shots. I hear a Kar98k fire and kill someone to the south of me on top of the hill. I'm in the circle at this point and don't need to rush anything. There are three players left now.

The guy from the west has a long way to go. I have a good idea of where he is and what route he'll take. I know someone is on top of the hill, but I don't have a very good location. I wait to see if the guy south will fire and give me a better location. A few seconds later I have my answer. The zone shrinks again and I'm still on the edge (thank you RNG gods!). The guy ontop of the hill takes out the guy to my west.

Two Players Left

I have the advantage now. I'm in the zone and he has to come to me. The last guy probably doesn't have a good fix on me. I watch to the south and see him start moving down the hill. In the open! I lean right by hitting E and starting firing. I miss all my shots. I have the AK on auto, even with my 4x scope. Double tapping with the AK at distance is surprisingly effective. But not effective enough here.

He's behind the tree opposite me at this point and I'm scoped in. I'm still just leaning, because It exposes less of my body. He peeks right and I miss. He peaks left and I miss. Finally (for whatever reason) he pops out from behind the tree. Two shots later I'm the chicken dinner winner!

2017-07-03 18_53_15-PLAYERUNKNOWN'S BATTLEGROUNDS.png

Final Thoughts (and things I forgot)

The easiest and fastest way to loot in the game is to hit TAB and drag the items over you want. I recommend starting at the bottom of the list, because pulling from the top will move all the below items. If you're grabbing them all, grabbing from the top is fine. Mods are important for weapons in this game. If you have a suppressor, you can take more difficult shots, because it will be harder for players to get a location on you. Seeing as I was without one, I decided to be more picky about my shots.

Scopes and sights are important. There are tuns of holographic and red dot sites available in the game. They replace sites which are very difficult to shoot from. The game has 2x, 4x, and 8x scopes. 4x scopes are the middle ground and you want at least one assault rifle with them. 8x are best with sniper rifles. I've used one with an m416 with great success.

My reaction to footsteps, doors opening, or vehicles is to crouch by using C and then hold right click. This zooms downs the site in third person. It allows for better aim and makes you walk. Combined with crouch this allows you to move around with out creating a lot of noise.

I've played the game for over 60 hours and I'm still not good. I am getting better. The game is fun, especially, if you can group with a squad (hit me up on Twitter if you're looking for one). It's very nuanced and takes a lot of practice. Jumping out of the plane is a lot of work. Heading straight down gets you to places quicker, but landing with a parachute is a whole mini-game in itself (AIM FOR THE ROOF!). Crap landed in a tree again (or worse fall of the roof and take fall damage). If you're patient enough with the game, though, you can win too.

If you're interested in joining our GamerSec Google Group, hit me up in email (timothy.deblock[at]gmail[dot]com or reach out to me on Twitter (DMs are open) for an invite.

July 10, 2017 /Timothy De Block
PUBG, video games
Media
Comment

Join GamerSec

July 03, 2017 by Timothy De Block in Media

I've decided to start up another security user group. This one is online and for those in information security interested in video games. I've setup a Google Group for communication and coordination purposes. Right now I am surveying the group for the best night to start doing weekly events. It's worth noting that most of the people in the group are PC focused. I'm more than willing to expand the group to include consoles and board games. Reach out if you're interested in starting up those initiatives.

I decided to start the group, because video games are great for blowing off some steam. We in the infosec community need more opportunities to blow off steam. Video games are a great way to do that. As a bonus video games are great way to meet new people in the infosec community. I've had the opportunity to get know a lot of the MiSec community through gaming.

People are playing a variety of games, from single player to multi-player type of games. Free and paid games. We're discussing news related to games. If this sounds interesting to you, hit me up in email (timothy.deblock[at]gmail[dot]com or reach out to me on Twitter (DMs are open).

July 03, 2017 /Timothy De Block
gaming, infosec
Media
Comment
CircleCityCon 2015

CircleCityCon 2015

Recommended resources for information security

February 20, 2017 by Timothy De Block in Media

“What are some good materials you would recommend on InfoSec?” -Kenneth Reavis

This is such a great question and one I thought worth a post. My short answer is podcasts, blogs, and videos. These are what I use to help improve and stay relevant in the information security field. I listen to podcasts on my ride into work. I read Feedly to stay up with news events and people in the industry. I watch YouTube and Pluralsight when I need to pick up a complicated concept or technical topic.

Podcasts

I love podcasts. I love them so much that I produce my own. Security Weekly is the first podcast I started to listen to when I got in the field. Each episode contains a news, interview, and demo segment. I found the interview segment to be the most useful. This is a good first podcast to start with. The show has been around for years. It has a lot of good content and it’s a good crash course to the hacker culture of the field.

Risky Business is the best podcast in the infosec field. The production quality and content are top notch. The show starts with a news segment. That leads into two interview segments. The first usually deals with a current topic being discussed in the field. The other is a sponsor interview, which is usually just as useful as the other interview. The show is usually 50-65 minutes long.

Peerlyst has a long list of podcasts. Look for a few that are of interest. Give the podcast about three episodes before making a decision. Podcasters do sometimes have “off” shows. Here are some of the other podcasts with good content.

Down the Security Rabbit Hole - Leadership and business

Defensive Security podcast - Blue team focused

Data Driven Security - Data scientist focused

DevelopSec - Application security focused

On my ride home I listen to hobby and interest focused podcasts. I found that when I listened to infosec podcasts both ways I started to get burned out on podcasts. I now listen to infosec or business related podcast on my drive in. This helps me get focused. On the ride home I listen to hobby podcasts. This helps me transition from work to home much easier.

My last recommendation is to pick up podcasts that don’t have an infosec lean but focus on improving the self. I listen to both Manager and Career Tools for business etiquette guidance. I also listen to the Art of Charm for relationship building and self-improvement guidance. Both have helped tremendously in my day-to-day interactions at work.

Blogs

I use Feedly to collect RSS feeds from the sites and blogs I have an interest in. I follow ars-technica for news. Their articles are both informative and usually a quick read. I also follow Steve Ragan at CSO for news.

I work in the application security field. Troy Hunt is one of the bigger names in the field that produces content regularly. He also runs Have I Been Pwned which is a very useful tool for incidents involving a breach.

Brian Krebs is the man when it comes to reporting on breaches and criminal activities involving digital technology and ATMs.

Bruce Schneier is one of the top names in the cryptography and encryption field. He also tends to focus on the bigger picture and ramifications of security in society.

I add and prune my feed pretty regularly. If I get too far behind on my feed I’ll look to simplify it and get rid of the blogs. I look for blogs that aren’t providing as much value or report on stories I see from other feeds.

Get an RSS reader setup (it doesn’t have to be Feedly). Start adding to it and adjust if necessary. Feeds are also good for keeping up with alerts and vulnerability databases.

Video

I am a visual learner. The two resources I use extensively are YouTube and Pluralsight. I add a lot of conference talks to my Watch Later list. That list has 48 videos as of this writing. I don’t get on YouTube as much as I would like, but it’s still a useful tool for research. And every once and a while I'll create a playlist. It’s a valuable resource for better understanding a technology or infosec technique. Pluralsight requires a subscription. The content is top notch and provides a more indepth look at technology or security topics. It's $300 a year. I've had my place of employment pay for the last few years. It's usually an easy sell.

Conclusion

Those are the resources I use on a daily basis to learn and keep up with information security. There are a lot of other great resources out there. I just haven't found them or don't get as much value out of it. There are a lot of great digital forensics and incident response resources. I just don't work in that field. Find what gives the most value. If it's giving very little, ditch it.

Blogs allow me to keep up with daily news and read interesting new content. I have several hobby feeds setup in there so I get a nice mix throughout the day (I sometimes need a break from infosec). I listen to podcasts almost daily. There are general podcasts and more focused podcasts. Some have varying degrees of quality, but most have really good content. Finally, videos provide a visual opportunity to learn and research topics. I don’t use these on a daily basis. Instead I use them when I need to dig deeper into a topic.

There are a lot of great resources out there. Ask around. Find what type of medium you prefer and fits best into your lifestyle. Try something. If it provides value, great! If not, get rid of it. I just realized I didn't even touch on boxes. I may save that for another post.

February 20, 2017 /Timothy De Block
infosec, podcasts, videos, YouTube, Pluralsight, blogs, Resources, career
Media
Comment
  • Newer
  • Older

Powered by Squarespace