Post

Long Silence...

Posted
By
5 min read

Sorry for the delay there, I decided to take some time off in January for burnout and the subsequent recovery, I also elected to redo my CV to make it more offensive (from a security standpoint not like typing ‘fuck’ every other word).

How have you been friends? did you do that thing you wanted? or start that ‘new year new me’ diet? Excellent!

Me, as per the above I had a little burn out. It was more from the constantly applying for jobs and getting the same canned ‘we have reviewed your application and decided to not move forward’ which is a waffly way of saying “No, Fuck Off” If a company had the balls to do something like that I wouldn’t be offended in fact I would want to work for them more as they are 100% direct.

So after a few of them in a row I decided to keep applying (obviously) but try not to take it to heart or, unfortunately, bother chasing up why as it will never get a response.

So that harsh reality kinda knocked me down a peg, adding to that some unfortunate news relating to a beloved family pet that unfortunately had to be put down so that just about killed me. It wasn’t the having to take him part (I have dealt with Death before) it was telling my son and seeing him figure out and understand what this meant and the realization that he had with this.. Fuck.

To cheer things up a little and during my ‘recover’ phase we sat down and built ‘The Child’ in Lego. I’m not a collector or anything but, holy crap, that Lego set is amazing and I very much want to spend thousands on Lego sets in the future haha.

I keep going back and forth on what my next steps should be. Should I keep hacking at CTFs to keep my skills sharp and keep learning? or should I pick up a programming language and try getting a job as a dev with an interest in security? It’s complex and annoying and I wish it were smoother.

In other news I had a fun learning experience dealing with someone selling Snake Oil. It wasn’t that side of things that was fun for me, the fun part was research and coding.

The claim of having a Cyber Weapon worth $1Billion intrigued me but I’ll be honest the thing that brought me into this was that the CEO was mouthing off on LinkedIn and tagging Security Researchers directly.

Now, LinkedIn is a professional network for job hunting and I see it as an ‘online resume’. Yes, they have added stupid ‘social media’ style things like fleets stories, but thats an attempt to be ‘hip’ in the eyes of the youth and I get why they would do that. What it isn’t is a place where you can straight up insult people and name call so that really scratched that part of my brain (you know what I mean casual reader).

So I started to use some of my Liam Neeson skills of quick jump cuts to have a look at this guys social media, site, Yahoo Finance, reviews etc and I came to the realization that his ‘app’ was programmed in Visual Basic (confirmed by Daniel Card and by my programming in Visual Basic at Uni, so I know what it looks like!) and it just pooped out the Active Directory users and their access in a csv.

I thought long and hard about it for 5 seconds before writing my thoughts on this (after all it was a comment made by someone I know that brought it into my ‘feed’ so I am able to comment also if I choose) and it seems the guy didn’t like that.

I looked a little more while rebuking his messages and within 20 minutes I had put together a script that would do the exact same thing as his $Billion tool via a one liner in PowerShell.

I said it could be done and I gone done did it too.

It seems all this guy wanted to do was gas bag online and told everyone that would comment to ‘wait for his next post explaining everything’ (spoiler: It didn’t) but as I wrote “I’m not going to waste more keystrokes on some attention grabbing CEO with a Messiah complex and a copy of The Bond Collection.”

Point made. Point proven.

Some may say it is harsh or being a bully but when someone else is being bullied you can stand up to them and still be the bigger person (I’m entirely sure no one needs my help in a fight).

I’m not saying I am an expert or anything, in fact Bloodhound would do the exact same thing and has been around way longer than my brain just the other morning (remember there is likely something out there already that does what you want it to do, it could be free/open source/licensed but always check, please). I really found it an enjoyable exercise, not that there was a time limit or anything but I knew it was possible to do this quickly and easily (oh and for free).

If any are interested it’s on my github now : https://github.com/ha3ks/AD_Permissions_ReportGEN If there are any issues or anything submit a pull request or bug even grab me on twitter I will always be happy to learn from someone who knows better than me. It’s the only way we can be sure that there is no gate keeping or hording or knowledge when it should be free.

For now I’ll let you get on with your day.

Love your family, friends, pets, tell your dog I said hello, eat ice cream and be kind.

Dan

OLD
OLD
This post is licensed under CC BY 4.0 by the author.