Timothy De Block

  • Blog
  • About
  • Technology
  • Media
  • EIS Podcast
  • EIS Archive
dsc_3727.jpg

Application Security resources for beginners

October 29, 2018 by Timothy De Block in Technology

This is a continuation of my resource series of posts. Application security is the field I found a lot of interest in. This despite coming from the operations side of IT not development. Using the resources below I was able to get a job in application security.

Websites:

  • Troy Hunt

  • Open Web Application Security Project

I first realized I had an interest in appsec after reading a Troy Hunt post. Not only were things explained well, but I was also paying attention to every word in his blog posts. He has since branched out to more breach related content as the creator and maintainer of Have I Been Pwned. Still he has a lot of good appsec content. He has several courses on Pluralsight for beginners plus. He also does a weekly podcast that’s worth checking out.

The Open Web Application Security Project (OWASP) is the go to resource for AppSec. It’s a massive non-profit organization that has tons of projects, knowledge bases, cheat sheets, and more. There might even be a local OWASP chapter. There’s annual conferences to attend (I’ve never been). It’s the resource I recommend for people starting out.

Podcasts:

  • DevelopSec

  • Application Security Podcast

James Jardine puts on the DevelopSec podcast. The podcast is targeted at developers. It’s also consumable by security people. This podcast doesn’t release on a regular schedule. The Application Security podcast is also targeted at developers. It releases in seasons.

Training:

  • SANS SEC542

  • PWAPT

The first bit of AppSec training I got was the SANS SEC542 Web Application Penetration Testing and Ethical Hacking. It’s a lot of AppSec information, concluding with a Capture The Flag (CTF) exercise. I’d try to get your organization to pay for this as it’s several thousand dollars.

The Practical Web Application Penetration Testing course is a Tim Tomes course. He’s a former SANS instructor who puts on this training several times throughout the year in public and for organizations. It’s a great affordable course that Tim tries to keep up to date with relevant information.

October 29, 2018 /Timothy De Block
appsec, Resources, infosec, training, Have I Been Pwned
Technology
Comment

Finding my place, again

October 22, 2018 by Timothy De Block in Experiences

I started writing another Finding my place post. Two paragraphs in I decided to check my website. Yup, I already wrote the post (how embarrassing would that have been?). That post was written in early August, almost two and half months ago. I think I’m still trying to find my place. The Mike Shinoda song at the top of the post is something I play on a daily basis (maybe every day or two). It’s a really good song and something that expresses how I’m feeling.

I’m still trying to find my place. I am taking more time for myself. I’m spending more time with the family. I’m not sure that’s been the best option for me. I have a five and nine year-old and boy can they wear an adult out (much love to the wife). I spent last week on PTO playing video games and watching baseball. I hopped on the computer after putting the kids down and I don’t really feel like playing video games right now. I’m taking a step back.

I have a strong urge to write. A strong urge, apparently, to write something I already wrote (and here we are).

I’m not really sure what I’m expecting out of this post. I think, I’d like to highlight that not everyone has it figured out. I have a kick ass job. A podcast that’s growing. I drink a little more than I should (On number three and feeling good). I probably don’t spend enough time with the wife and kids. I don’t know where I want to go from here. I’m just kind of making it up as I go.

Writing feels good and maybe that’s part of it. I have a need to be productive. If I’m not, I’m not satisfied. That comes at a cost though. It comes at a cost to my personal time. It comes at a cost to my family time. It’s a catch 22!

I’m trying to take a step back right now. I feel like I have those goals in video games. In Overwatch it’s weekly quests and getting my 10 placement matches in. In WoW it’s unlocking allied races that I can then also get to max level (120). I like doing that stuff, but it’s personal goals. It doesn’t benefit anyone else but me. I like benefiting others. It’s why I volunteer at conferences. It’s why I’ll be on my feet for 12 hours a day at DEF CON for the SE Village. I came back more refreshed from DEF CON more than I did any other conference.

That wears on me too though. The constant serving others. I’m trying to find that happy medium. Maybe that happy medium is a fantasy. Maybe life is meant to be these struggles. I feel ashamed that my struggle is being in such a good place. I guess that’s life.

October 22, 2018 /Timothy De Block
Life, family, infosec
Experiences
Comment
2018-10-11 20_07_58-OSINT - Google Search.png

OSINT resources for beginners

October 22, 2018 by Timothy De Block in Technology

I know what you’re thinking, “not another resource for OSINT.” This post is more focused on helping people just getting started with open source intelligence (OSINT).

This is the second of several resource posts I’d like to do that point people to some getting started resources. This is not meant to be an exhaustive list. Instead I’d like to highlight some of the resources I have found useful and use on a regular basis. This is meant more as a gateway into the deep field of OSINT.

Websites:

  • Google

  • IntelTechniques

  • OSINT Framework

Google is the primary tool I use for doing searches. Learning how to Google Dork is one of the most useful skills to have in security, not just OSINT. IntelTechniques has a lot of useful tools for doing specific searches. OSINT Framework has over 1200 tools available for OSINT. Plenty of opportunity to fall into rabbit holes.

People:

  • Josh Huff

  • Tazz

  • Micah Hoffman

  • Justin Nordine

  • Kirbstr

These are all people I’ve interacted with regularly or had on the podcast previously to talk about OSINT and threat intelligence.

Training:

  • SANS SEC487

  • Social Engineer - Advanced OSINT

  • Justin Nordine’s course

I took SANS SEC487 earlier this year and it is exhaustive. Lots of information, tools, and methodology in the course. I also recently took Social Engineer’s Advanced OSINT course at DerbyCon. It’s a shorter and much more focused course. It provides opportunities to play with certain techniques (Google Dorking) and tools (Maltego). Recently, Justin told me he was doing an OSINT course. Follow him on Twitter (above) to keep up with dates and links.

Podacsts:

  • OSINT on Exploring Information Security

I think this is the easiest way to capture all the podcast content. Plus, it keeps this blog post a little shorter and more streamlined. I don’t want this to be a super long post. The links I’ve provided in this post will lead you to other resources, tools, and ideas in OSINT.

How to get started with OSINT

Something to think about is use cases. Penetration testers use OSINT for assessing and organizations security aptitude. Investigators use it to track down people and companies. Incident responders use it to track malicious domains. Threat hunters use it to identify threats and risks to an organization. Those are some of the things I’ve used OSINT for working on a blue team. I’ve heard of use cases for police, insurance companies, and organizations looking to make acquisitions.

Methodology is also really important. It’s what keeps us from jumping too far down a rabbit hole. Dutch OSINT Guy has a good post on methodology. It’ll take practice and experience, so really just go do it and learn.

October 22, 2018 /Timothy De Block
OSINT, Resources
Technology
Comment
BSides Nashville 2018

BSides Nashville 2018

Information Security resources for beginners

October 16, 2018 by Timothy De Block in Technology

I wrote a recommended resources post back in early 2017. I’d like to update that, as the resources I recommend have changed. I try not to think of my podcast as something for new people to the infosec field. However, the people reaching out to me the most are people who are new to the field. So, I’ve given in and I want to start creating a series of posts directed at new people or those trying to get into the industry. These posts are meant as a gateway, not an exhaustive list.

These are the resources I find the most useful. With out further ado.

Websites:

  • Krebs on Security

  • CSO Online - Steve Ragan

Krebs is considered the public Intrusion Detection System (IDS) for companies. If you’re getting a call from him, it’s probably not good. He covers various topic primarily around breaches, skimmers, and unmasking malicious actors. I’m friends with Steve. He reports on a variety of infosec related topics. When something breaks on Twitter he’s one of the first people I check to get accurate information.

Podcasts:

  • Risky Business

  • Security Weekly

  • Peerlyst list of podcasts

Risky Business is the best security podcast out there. It’s the podcast with the best content and quality. The podcast allows me to stay up with the latest infosec news. He’s got sponsored (gotta pay dem bills) podcasts that are just as useful. Security Weekly was the first podcast I listened to. It’s great for getting information and gaining an understanding of the hacker culture. After a while, for me, it turned into a bit of a boys club where they go off on tangents and genital jokes. Episodes are usually two hours long which sucks up a lot of podcast listening times. Finally, there’s the Peerlyst list of podcasts. It has an exhaustive list of infosec related podcasts.

Conferences and local user groups:

  • BSides

  • Meetup.com

Conferences and local user groups are a great place to learn, while also meeting people in the field. The security community is inclusive and welcoming if you put yourself out there. That means doing that awkward social thing. There is very likely a BSides near you. Most local user groups can be found on meetup.

Training:

  • Irongeek

  • Pluralsight

  • SANS SEC401

Information security is an ever changing field. To stay relevant in the field requires curiosity and a willingness to learn new things. Before getting to that point, we need to learn the basics. Irongeek and Pluralsight help with the basics and staying up-to-date. SANS SEC401 is a general course that will provide a good foundation for any security professional. I thought I was above the course, as I was taking it three years into my infosec career (and several more in IT). I was so wrong. The course helped fill in a lot of gaps for me from a security and IT perspective. I highly recommend the course for beginners and those already in the field.

October 16, 2018 /Timothy De Block
infosec, Resources, SANS, Training, websites, podcast
Technology
Comment
img_3063.jpg

Pen and paper are your most important tools in IT

August 30, 2018 by Timothy De Block in Experiences

I put out a tweet earlier today that seems to have resonated with people.

Pro tip for those in a junior IT position: Have a notepad and pen ready for notes during meetings and when someone is showing you how to do something.

— Timothy De Block (@TimothyDeBlock) August 30, 2018

The tweet was a result from a conversation I had with someone in IT. They were asking me about a decision made in a meeting they were not only in, but also setup. I was a little flabbergasted that he was asking me about what decision was made. "You didn't take notes?" was my first thought.

One of the best (if not the best) tips I've been given in IT, is to bring pen and paper. The idea being to write down instructions or jot ideas or action items or decisions in meetings.

Many years ago, shortly after landing my network administrator gig, I was being shown how to administer one of the many tools we have. As we started going through the tool, the senior in the room asked me why I didn't have a pen and paper. I didn't have an answer. I was then asked how I was expected to remember the instructions. Since then I've gone through hundreds of notebooks. At one point I had them categorized between instructions, troubleshooting, investigations, and a variety of other topics. I don't think there's a true way to take notes. Whatever is found to be the most effective.

For me, it's about step-by-step instructions, follow-up questions, and action items. For follow-up questions, I circle them so I need to go back. For action items, I use a rectangle. Step-by-step instructions are transferred to our documentation repository. Everything else is for remembering context or decisions later.

I take a notepad and two pens to every meeting. I leave my laptop at my desk unless I need to run a meeting. This is two-fold. I don't want to be distracted by the computer and writing things down is more effective for memory retention than typing. I bring two pens in case someone forgot their pen (makes a good impression) or one of mine explodes or stops working.

It's one of the most effective things you can do on a daily basis. If you want to dive into why it's important I recommend Career Tools A Notebook And A Pen episode. They also have several other's on how to take notes. It's what helped me refine my approach.

 

August 30, 2018 /Timothy De Block
Career, Work Habits, Pro Tips
Experiences
Comment
  • Newer
  • Older

Powered by Squarespace