On my way to work I’m mostly listening to some podcasts. Two weeks ago I’ve found a (for me) new podcast that I would like to share here. It’s the Developer Tea podcast by Jonathan Cutrell. The episodes are relatively short and discuss only one special topic, which is often introduced by a listener’s question. The questions aren’t always directly related software development, but sometimes a kind of a meta-topic like some general career or work method topics. For example he discusses things like: Should I go back to school and get a degree?, How to deal with a demotivated co-worker?, What should I do if I’m unsatisfied with my current tasks at work?
I like this podcast very much and have already listened to more than 20 episodes. Jonathan gives a lot of his personal opinion but also advice how he would approach a problem or act in a given situation. I do not always agree with him to 100%. However, I think his tips are very helpful and give some interesting insights and some new points of view. The only critics I have at the moment is the sponsorship. Every episode is sponsored by some company and he has a short sponsor break to promote the company or product. It is understandable that you want to make some money at least to cover your costs for hosting, etc. However, if you are listening to multiple episodes in a row it is a little bit annoying to hear the same kind of commercial over and over again. But that’s maybe just me and I’m still listening to the podcast because of the great content.
Recently he started a new series on his podcast with the title Dev Career Roadmap. In this series of episodes he gives more detailed information and tips on how to start or get better in your developer career. I’m looking forward for the next episodes of this series and the podcast and I can recommend that you start to listen to some episodes. I think this podcast is definitely worth listening to!
I haven’t thought that this could happen. Today I decided to apply for the Master’s course. At last, I decided to take a course which is more general in IT and software engineering and also contains some infosec modules.
It will be again at the Wilhelm Büchner University of Applied Sciences in Darmstadt/Pfungstadt. The Master’s course contains software architecture, development of mobile and web applications, software engineering classes and the possibility to choose IT security management as one specialization.
I’m very excited about my decision and I’m looking forward to my new study letters that should arrive next week.
I recieved the permission to publish my thesis and presentation today from my university. So here you go!
You can now download my thesis with the title “An Analyis of the Tor Network” directly from my server. I hope that this is an interesting read for you. Unfortunatly it is in German language. The whole title in German is “Eine Analyse des Tor-Netzwerks: Konzept, Funktionsweise und Angriffe”.
Here is my presentation which I used in the colloquium to present my thesis, explain my motivation and showed the key results.
The thesis was rated with grade 1,3.
Update: In case you have any questions regarding this topic or my thesis, just ask and I’ll try to answer it. 🙂
I guess you have seen it in the news: On Friday 22nd July 2016 afternoon, a 18 years old teenager started a shooting rampage in the Olympia-Einkaufszentrum (OEZ) in Munich and committed suicide afterwards. In the last days a 16 years old friend of the attacker contacted the police. The police applied for an arrest warrant for the 16 years old boy, because they feared he might manipulate possible evidences and indices.
Actually he already tried to clear some traces. In the meanwhile the police in Munich was able to to check his smartphone and found, that both friends have met some hours before the rampage at the OEZ and had a chat conversation via WhatsApp. His friend deleted the chat session in WhatsApp. But the police was able to restore the chat session.
It’s interesting how this is possible, but actually it is not that difficult! 🙂
WhatsApp stores a local backup of your chats on your smartphone. On my personal Samsung Galaxy Note 4 there are nine backup files for the last nine days. Every day at 2 am WhatsApp creates a new backup and deletes the oldest one. Additionally you can set up WhatsApp to create a further backup online for example in Google Drive.
The restore is stupid, simple. If you uninstall WhatsApp and reinstall it, it looks for recent backup files and asks, if it should restore the latest backup. If you say “yes”, all your deleted chats and messages are restored. It uses always the latest backup. So if you want to restore the backup that was created 4 days ago, you just have to change the filename so that WhatsApp recognizes the required backup file as “last” backup and restores it.
So, bad luck for the 16 years old teenager, but good for the police to investigate the rampage and the motives of the attacker further.
I’m currently setting up my VMs according to the “Penetration Testing” book, I’ve wrote about last time. During the setup you need to install additional packages like mingw, etc. On my machine, the command
apt-get install <package>
finished with error: “Unable to locate package …”.
If you search the internet for this issue you will get lots of advice how to change the source.list file in Kali. Most of them just say: ‘Copy these x lines and you’ll be fine.’. But you have to be careful. Offensive Security explains in the Kali documentation how to set up the sources.list file correctly. Here is a link to this documentation. Instead of just adding more an more repositories, you should check if the required package is available in the Kali repository. Sometimes the name of the package may have been changed.
Here you can search all packages in the Kali repository. This was helpful for me and I found the missing packages this way.
This morning I saw on Twitter another article about the Kali repository. Maybe this is helpful, too.
Today I would like to recommend a podcast that I’m regularly listen to.
I’m trying to move into an information security career. So I’m very interested in the stories of people, who are successfully working in this particular field of information technology.
On my daily way to work I often listen to various podcasts. Most of them are IT or specially InfoSec related. One of my favourite podcasts that meet all points is the “Building a Life and Career in Security” podcast by Jay Schulman. It is about IT/InfoSec (check), it is about people’s stories (check), and the host Jay Schulman talks about the way of his guests into the infosec field and their personal and professional background (check, check, check!).
If you are interested in getting into the IT security field I can strongly recommend this podcast! You will hear lots of different stories and get to know a lot of different jobs in this industry. And there are around 2 to 3 new episodes each month, which is a perfect publication period.
Do you know other podcasts or blogs, that are covering this topic (infosec + career stories)?
In my previous post I’ve already mentioned that I will keep up learning new stuff. The title of my blog is securitypath and so security topics will be mostly present here. In the future I would like to get my foot in the door in the security industry. The most interesting part is the whole blue team / red team approach, where the blue team is defending and hardening the systems and infrastructures and the red team is trying to get around these things and get control of the target boxes.
Some days before I saw on Twitter a nice piece of code as infinite recursion. Starting with a new idea, losing motivation, abandon project and then having the next idea again. So according to this I’m currently at the “start with new idea” step, again. 🙂
At next I will work through the book “Penetration Testing – A Hands-On Introduction to Hacking” by Georgia Weidman. Publisher is No Starch Press. My copy is from 2014 but I think this is the first and latest edition of this book until today. I saw many positive recommendations and a lot of love for this book on Amazon.de and also Amazon.com, so I decided to get a copy of it.
At the moment I’m still in the beginning, chapter 1. This chapter is all about getting your penetration test lab started. You learn to set up Kali Linux with some additional tools like Nessus (a vulnerability scanner, which has a free version). And you set up a Linux box and a windows box, which work as vulnerable victims for your attacks.
The next chapters will walk through the penetration testing cycle with information gathering, finding vulnerabilities, exploitation and post exploitation. There are much more detailed chapters, but that seems to be the recurring theme through the book.
My goal is to get my hands dirty and to reach some hands-on pentesting skills, even if it’s on a low level. Currently I’m considering if I should approach to the OSCP (Offensive Security Certified Professional) certification in Pentesting because of the workshop content, the exam and the certification in the end. But this will be a challenging task and at first I want to finish the Pentesting book.
In my next posts I will report how it works out and which problems or success stories I experienced during my approach.
It’s done! It’s finally done! And since Saturday it’s official!
On the 19th of May 2016 I have finished my study and reached the Bachelor of Science degree. My first academic degree. Starting in August 2016, it took me a little bit more than three and a half year to finish my study. At the end of March 2016 I sent my thesis to the university and I got invited for the colloquium on 19th May.
So, what’s a colloquium? My colloquium got two parts: presentation and a Q&A part. The presentation was all about my thesis. What is the topic? Why did I choose this topic? How did I proceed to write the thesis? What are the key results? I had 15 to 20 minutes for the presentation and then there was a Q&A part of further 15 minutes. The examiners asked only questions regarding the thesis. I had to explain a fact here, an imprecise statement on page x or one of my figures. There have been some questions, that was not able to answer, but that was no problem.
Finally, I completed my thesis with a 1.3, which leads to an overall grade of 2.0 for my whole study. And I have to say that I’m pretty fine with this result and I am very proud of myself, too.
So, what’s next?
If you thought that I will stop this blog now and stop learning, you’re definitely wrong! I have already some other topics on my mind, but this is a story for the next blog post.
In the last weeks it was a little bit quiet here … again … sorry for that! [I’m always excusing myself, that I don’t get that many posts written as I want to. Maybe I should stop that … 😉 ]
But I can proudly announce that I have finalized my thesis, got it printed and bound and sent it to the university on Saturday.
The print is very nice. It has a dull, black leather hardcover with golden letter imprint. So the cover shows that it is a bachelor thesis, the title and my name. Each corner of the book has a golden metal piece on it, to prevent damages to the corners. For the paper I have chosen 100 g/m. That improves the print and it feels more like high-quality. To order the printing I used the company sedruck, which was able to print the books in great quality and sent it to me in less than 48 hours. That’s simply amazing!
The next step is to prepare the presentation for the colloquium. In two weeks I will discuss with my tutor what is expected and what I should take care about. The date for the colloquium will be in May, so there is enough time for my preparation. And then, hopefully, you can call me Bachelor of Science and I have my first computer science degree!
In January I’ve started my bachelor thesis. The first two months are gone now and there are only three weeks left to complete the thesis. Actually there are still four weeks to go until the deadline. But I have to get my thesis printed and to bind it. It also has to be send to the university before the deadline ends.
To complete the thesis I have to write only the last few chapters, the introduction and the summary. So this should be definitely doable in three weeks.
I’m so happy that the bachelor study is nearly over. It took me nearly four years to get through it. But currently I’m also doing plans for the future. I think I will explain this in one of the next blog posts.