WSR: #23: July 4th - 10th 2022
GPYC,eBPF, and some bash scripts
Published: July 4, 2022
| Reading Time: 5 minutes
This Week’s Recap
Happy Sunday. No roundup last week as I was in a bootcamp for GCIA and spent most of my free time wishing screens didn’t exist.
7/4/2022
- Went through an indexed all the GPYC books. After going through the bootcamp, I was very surprised at the not only the quality of the course but also how much information was covered. I’ve taken a bunch of python “courses” and none of them can touch the GPYC. With that being said, this is a difficult course and I’m struggling to retain a lot of the information as opposed to other exams where you can just memorize concepts.
- Took the first GPYC practice test and Got a 67%. Technically this was passing but it’s way too close for comfort. I also think that two hours for a 75 question exam where you need to read code and decipher what the output is quite a challenge.
7/5/2022
- Didn’t want to look at any python today so I just started going through the GCIA books instead. Probably not the best idea considering I have the GPYC exam coming up but I really didn’t feel like looking at python so ¯\(ツ)/¯
7/6/2022
- Watched Getting Started with eBPF for Monitoring by @Hal Pomeranz which was a fantastic introduction to eBPF. Some of my takeaways from it:
- eBPF is essentially mandatory logging for Linux that logs syscalls. This means you can log for when users do things such as read /etc/shadow, escalate to root, spawn shells, etc (You can configure eBPF to look for nearly any system events)
- Learn more about eBPF
- BCC is an amazing tool for eBPF based IO analysis, networking, monitoring, etc
7/7/2022
- Went through the GPYC again. Created an index using a program I wrote called SANS terminal Indexer which (somewhat ironically) I wrote a few months ago in python.
7/8/2022
- Took the second GPYC practice test and scored slightly higher with a 74%. Not super happy with this score but this is one of the hardest exams I’ve taken since all of my python experience is self taught and sporadic.
7/9/2022
- Filled out each day of this blog because I forgot to earlier.
- Watched Episode 3 of the Cybersecurity Web Podcast from David Alves and Lily Clark. I will say that it is very refreshing hearing an interview that isn’t just “What certs do you recommend”, or “How do I get into pentesting”. Highly recommend listening to the rest of the podcasts (Especially episode 1 :) )
Some random thoughts
- I have a ton of content ideas but no time to create it. I am thinking of taking one day in the next couple of weeks and recording a ton of content to upload.
- I REALLY want to create a bunch of projects in python but again, all my time is currently going to work, my masters, and IRL stuff. Some of the project ideas I have are:
-
I have an idea for a proof of concept C2 communication method that could be used to exfiltrate data without sending any data over the wire. It’s totally impractical and probably would be easy to catch if someone was looking but it would still be cool to get a POC out on github.
-
Re-writing my website automation tools in python to make it even easier to get content up on here. It’s fairly easy right now but there are some bugs and kinks I would like to work out and make it a little more clean. Right now most of my “automation” is a cobbled together Bash script that was one of the first things I ever wrote in bash.
1#!/bin/bash
2if [ $# -eq 0 ]; then
3 echo "enter path to blogpost as argument"
4 exit 1
5fi
6# Rename files in attachments
7cp $1/attachments/* static/
8cd static/
9# For each file with a space in it, change it to a -
10for f in *
11do
12 new="${f// /-}"
13 if [ "$new" != "$f" ]
14 then
15 if [ -e "$new" ]
16 then
17 echo
18 else
19 echo moving "$f" to "$new"
20 mv "$f" "$new"
21 fi
22fi
23
24done
25# Go back to mysite
26cd /home/smores/Documents/mysite/
27# Copy all markdown files to content/roundup
28cp $1/*.md /home/smores/Documents/mysite/content/roundup/
29# Regex
30sed -i 's/\[\](P/\[\](\/P/' content/roundup/*.md
31sed -i 's/-/-/g' content/roundup/*.md
32echo -e "\e[32mCopied blog to the correct folders!\nStarting Hugo Preview!\e[0m"
33# Start preview
34hugo server -D
35
- I also really want to post more “research” on thing that I’m looking into. For example, I really want to learn more about eBPF. Would posting a “Here is everything I learned about eBPF in the last 6 months” be something worth reading for others? I’m not sure. Let me know what you think
- I will be doing a deep dive on Scapy soon. There is not much “Here is how to use Scapy” videos/books/courses so it should be fairly interesting to learn
- I have a REALLY long list of things I need to automate. Ideally I want to take a weekend and just automate everything on that list…
/endRandomThoughts
7/10/2022
- Took the GPYC exam and PASSED with an 71% (Passing is 67%). This was a BRUTAL exam. Super excited but I have to immediately shift focus to learning GCIA material now :)
- Posted this blog
Have any questions
Do you have any questions? Feel free to reach out to me on twitter. See you next Sunday. :)