WSR: #24: July 11th - 17th 2022
GCIA, Selfhosted Backup Server, and Scapy
Published: July 17, 2022
Reading Time: 6 minutes
This Week’s Recap
- Spent some time going through GCIA material. This is a class for my masters program so I need to actually learn this material to pass the test. More importantly though, I really just want to understand it at a deep level since it’s such a foundational topic.
- Today’s material is learning about each section of a packet/frame. I’ve gone over a lot of this before but it never really stuck. This time I’m actually very interested to learn about it because I know its pretty much required knowledge if you want to begin using scapy. Which I very much want to do.
- Watched BHIS Talking Bout Infosec news
- Finally set up a backup server in my homelab. I have looked into NAS solutions for a long time but honestly I really don’t need anything that
bloatedfancy . All I wanted from a backup server was the following:
- Locally hosted
- At least 2TB (I have 8TB but I might configure it for raid at some point which would cut that in half)
- It needs to be a simple Linux directory server. I want to just be able to ssh into the server and manage files like I do on all my Linux machines. I don’t want any bizarre file structures or weird rules I have to follow. The more simple the better.
- It needs to have a web GUI that I can use to view files (particularly pictures/videos/pdfs/etc) without having to download them to my local machine.
- I decided to go with the aptly named FileBrowser. Which is a pretty lightweight program that does exactly what I need it to do. Now all I need to do is write some scripts using rsync to automatically backup files from my laptop and desktop. This is the end result which I am very happy with:
- Watched @rook’s “The Totally Not Dry Subject of Linux File Permissions” which was a fantastic review of Linux file permissions.
- Spent most of my free time today going through my GICA material.
- Currently learning about how RFC 793 for TCP messed up the specifications for the URG header and now it can lead to IDS/IPS evasion and it literally the scariest thing.
- From my understanding, depending on the interpretation of the RFC, certain bits will/will not be dropped. Imagine a scenario where you’re trying to bypass a IDS/IPS. Assume this IDS/IPS has a rule that alerts on seeing the traffic containing the word “EXPLOIT”. What an attacker could do is craft special packets with the URG flag set. If the IDS/IPS uses one interpretation of RFC 793, and the host uses another interpretation of the RFC, the first packet could send the data “EXP” and the second packet could be sent with the data “aLOIT”. Assuming the correct conditions, the IDS/IPS would might see “EXPaLOIT” (which does not fire an alert for “EXPLOIT”) but the host might see “EXPLOIT”. This is wild and makes me REALLY want to do a deep dive into scapy to learn more about this.
- Also spent some time cleaning up my file system so that I wasn’t backing a ton of garbage that I don’t really need saved.
- Also spent some time deciding what type of back ups I want.
- Once again, I spent most of my time going through GCIA material. I finished book 2 which covered a lot of the transport layer protocols (TCP,UDP, ICMP, etc). Also got a pretty good look at IPv6. I have heard some people talk about how IPv6 failed because we figured out how to NAT IPs. I’m glad this course put that myth to rest. The biggest advantage of IPv6 is not the increased address space, its the fact that IPv6 is just so much more efficient.
- In my ongoing effort to self host most of the sites I use, I messed around with setting up Gitea but ended up borking some of the configuration so I’m going to reinstall it later. Gitea is a version control software similar to github or gitlab.
- Also, I tried setting up Gitlab but it has so many more features than I care to look into. I just want something simple to host/version control my bad python code.
- I think I’ve narrowed my rsync command down to just grab the stuff I actually want backed up.
1rsync -azvhP -e "ssh -i [redacted] -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" * ~/.[^.]* --exclude='[redacted]' --exclude='[redacted]' --exclude='[redacted]' --exclude='[redacted]' --exclude='[redacted]' --exclude='[redacted]' --exclude='[redacted]' --exclude='[redacted]' --exclude='[redacted]' --exclude='[redacted]' --exclude='[redacted]' --exclude='[redacted]' --exclude='[redacted]' --exclude='[redacted]' fileguy@fileserver:/home/fileguy/backups/smores/
- Watched a bunch of @scriptkiddiehub’s videos
- Once again spent all day learning material from GCIA. I am genuinely so fascinated by the material that spending 6+ hours going through this material is actually really really fun. The way I like to study (assuming I don’t have an upcoming deadline) is to read about something and then go practice it in a lab. I probably spent 2 hours just messing around with scapy after reading about it in the first chapter of GCIA book 3. Anyway, I finished book 3 and will probably dream about writing/reading snort rules tonight.
- I’ve realized that one thing I underestimated in my time doing offensive security is the power of understanding how the blue team works. The biggest take away I’ve gotten from SANS classes is understanding how things should work so that you can easily bypass them.
- Created a new
devmachine on my homelab (just a LXC container) that I can quickly spin up and blow away when testing. This is what I used for testing Scapy and Snort rules.
- Uploaded this blog
- Planning on getting through book 4 of GICA material but might just end up doomscrolling twitter. We shall see.
I’ve realized recently that I (and probably many other more technical people my age) am lacking a lot of realistic project management experience. This mostly stems from the fact that up until now, the majority of projects I’ve worked on have been fairly linear:
- Start project
- Define goals
- Break down goals
- Chip away at each goal
Now that I’m taking on more and more complex projects, more of my time needs to be spent planning out what needs to get done, opportunity cost of doing X before Y, etc
These next few months will be crunch time. In no particular order, I’ve got the following certs/training going on: 90 day OSCP lab time, GCED, a exam voucher for CISSP, GDSA books I’ve had for a month but haven’t had time to even look at, GCIA exam, Deadwood2022 which I signed up to volunteer at, and probably more that I’m forgetting. That is just what’s on my training calendar. Don’t even get me started on personal projects I want to do
Have any questions
Do you have any questions? Feel free to reach out to me on twitter. See you next Sunday. :)