2025-04-23 18:00:00
I was doing a few Burp Suite labs on Hack The Box earlier today. I noticed that one particular test with Intruder kept getting stuck after the second attempt. Only after restarting the lab VM on a new IP did my test start again, only to get blocked again.
It was only later, when I looked at my phone, that I put one and one together.
The lab VMs are not behind Hack the Box's VPN, they're public on the Internet. Thus my tests weren't going through the lab VPN, but they were going straight through my router.
The router with an IDS+IPS.
Unifi was blocking my "hacking". :D
kilala.nl tags: sysadmin,
View or add comments (curr. 0)
2025-04-06 11:11:00
In Dutch we have an acronym SOG (studieontwijkend gedrag), which we have dutifully verbified into SOGgen.
Hanze Hogeschool even made a sketch about it.
In English it's transliterate into SAB and SAB-ing: studies avoidant behavior. But you all would better know it by its common name: procrastination.
Heck. I'm doing it right now!
In January I jumped on the wagon to work towards two heavy exams: CPTS and OSCP+.
January and February I went at it at the strongest pace I could hold up, but in March things started falling apart. Between three customers, preparations to teach three classes, our own household, studying and a terminally ill cat I was over-working myself.
Around that time I also hit the Active Directory section of the CPTS study materials. I feel that Hack The Box have made that section too large, insofar that they should have divided it into multiple sections. In its current shape it can feel insurmountable in how large the body of knowledge is. It just feels endless, where other sections had you power through in a day or two.
Halfway through March I decided to cut back drastically on studying. It took many nudges, including a tarot spread (yes, I'll talk about that another time). So I've taken quite some time for myself, to read and relax.
Admittedly, it's hard to get back into the saddle. And I really should. Just not at my original breakneck pace.
kilala.nl tags: work, studies,
View or add comments (curr. 0)
2025-02-28 21:16:00
I was today-years-old when I realized something about SSH that I hadn't realized before.
A student of mine was using SSH to connect between two Linux hosts and he wondered if it's possible to temporarily pause or interrupt the SSH session, so he can run a few commands on the source / originating host.
I thought, surely there must be! And there is! I just never realized before. :)
Way way way back, twenty years ago, we used Cyclades terminal servers at ${Customer}. Nifty rackmounted boxes that hook up to the network and provide SSH access to 24 or more serial ports.
I remembered from back then that SSH had a command to immediately kill an SSH connection: ~.
The tilde being the stop / escape character for SSH and the dot being the kill command. You could also quickly type ~? in an SSH session to pull up a menu.
To answer my student's question, I hopped into my Fedora box from Windows with SSH and then did another SSH to Ubuntu. That's one SSH after connecting using another.
You can stack multiple tildes to indicate which SSH client you're talking to. Typing ~. kills the Windows to Fedora connection, while ~~. kills the Fedora to Ubuntu connection.
Looking at the ~? menu I noticed a few neat options, including ~^Z.
In Unix terminals, ^Z (ctrl Z) is used to send a suspend / SIGSTOP to your running process. So indeed, the following happened:
tess@ubuntu $ hostname
ubuntu
tess@ubuntu $ ~^Z
bash: suspended ssh
tess@fedora $ hostname
fedora
tess@fedora $ fg
tess@ubuntu
It works! :D
kilala.nl tags: work, mentor, studies,
View or add comments (curr. 0)
2025-02-27 11:21:00
The cards shown in the image above are from the Eldritch Overload tarot deck, by weird.works.
Last summer I did some soul-searching, some introspection, to figure out which direction I could or should take my career. I learned a lot about myself, by asking myself a few simple questions and then mind mapping my answers.
At the time I, once again, determined that Discord is a big pitfall for me (as is Reddit). So this week I quit Discord cold turkey; it's done me a lot of good!
Another big issues which I found for myself is trying to do too many things at the same time. And I'm doing it again!
I'm currently teaching three classes and juggling three different consulting customers. I also have our household and my business to run and I have my own studies to keep up with.
Today I turned to another introspection tool: tarot.
I'm not one for mysticism or esotery (that changed since my early late teenage years), I don't believe in some unseen force telling me stuff through pieces of cardboard. What I do find in tarot, is another way of asking myself questions. These cards and their suggested meanings provide me another point of view on a situation.
I posited the following:
"I feel that I must learn and study, to keep up with the times, to keep my career and employability viable. I even started making less billable hours to make more time for studying! I'm generating a lot less income, while trying to rush for certifications. This isn't a problem yet, but can I keep up with this?"
I pulled the cards shown at the top of this post:
The Eldritch Overload cyberpunk tarot deck is lovely and the accompanying guide is both gorgeous and helpful.
My interpretation of these pulls:
Taking an hour to mull things over, I decided that:
kilala.nl tags: life,
View or add comments (curr. 1)
2025-02-23 10:23:00
I'm on various IT-learning Discords, to my own detriment sometimes, that's no secret.
On one of the servers, three or four of us experienced folks have been coaching one particular learner who's been on A+ 1101 for six months now. Along the way, the student has had a much lower pace than the average student and almost every topic leads to days-long discussions on intricacies or on misunderstandings of the topic.
It's to such a point that some of the new faces (whom join the server every week) utter things like "surely you're trolling" and "you can't be serious".
Among the seniors we've discussed the matter and we're sure this learner is not a troll. Instead there are a number of clues that point at either a learning disability, neurodivergence or simply a somewhat lower cognitive capability. These include:
Recognizing such indicators is one thing, knowing how to deal with them is another thing entirely. Unfortunately we're not quite equipped for it.
For one, each of us is just another visitor of the Discord server. We do this in our spare time, to help others and to have a little fun along the way. It's not within our capabilities to spend 4+ hours every day providing 1:1 coaching to this learner.
Sub-optimal factors for the learner:
I have theorized that the learner in question surely would be better served by attending a "real" school: brick & mortar buildings, full-on interaction between students and teachers, a teacher who can immediately notice that a student is struggling. Unfortunately, going to such a school is not always an option given factors like location, region, personal budget and their social situation or upbringing.
It's been an interesting journey.
Just today I've had to remind some of the others in the server that not every brain operates in the same fashion. Case in point:
View or add comments (curr. 0)
2025-02-12 19:52:00
On the CompTIA Instructor's Network, Greg wondered whether DOGE (the newly minted NGO in the US) is actually a threat to national security. A lively discussion broke out, where Hank remarked:
"In this case, I am not sure how to discuss the technical issues without politics."
I suggested that we can discuss the issue, from the point of view of the aspects of infosec which we teach: Risk management. Threat modeling. Assumed breach. Access controls. Data destruction.
So here's a threat modeling exercise:
The case:
Question to the students:
Which security controls can we put in place to disrupt the threat actor's activities and to prevent or mitigate the threat actor's interests and activities?
View or add comments (curr. 0)
2025-01-24 20:41:00
Three weeks ago I mentioned that I'm going for my OSCP certification, again.
Since then I've been working my way through the Hack The Box Academy pentest learning path. On the one hand to refresh what I already know, on the other hand to learn some new tricks... And in general to get back into a regular process loop of research-enumerate-attack-privesc-loot.
Overal the HTB course has been pretty great!
I've recently also taken a look at Try Hack Me (though not as extensively as HTB) and I like the THM interface a lot less than HTB. In almost every aspect (UI, writing, examples and labs) I like HTB a lot more than THM.
There's one module where I feel HTB could've done things differently: Password Attacks. In that module, they could give just a little more guidance in the brute forcing exercises, to ensure students don't have to spend 2+ hours waiting for a test to run.
I know: it's realistic! In real life you could have a cracker like hashcat run for days without results. You could have a brute forcer like Hydra come up dry after six hours. But when you're going through a training and most sections in a module take 30 minutes, it really grinds your pace to a halt when one section takes 2+ hours, just because you're waiting.
When the example files give you 100 users and 200 passwords, even without permutations that gives you 20.000 login attempts to try. Adding the custom permutation rules the HTB lab suggests, you're looking at 94k possible passwords, so nine million login attempts.
For a lab, that just doesn't fly. For the final exam? Sure! But not while you're trying to learn and practice.
kilala.nl tags: studies,
View or add comments (curr. 0)
2025-01-20 20:59:00
A few days ago I was moping about how slow my laptops and other computers are too slow for password cracking. Someone tipped me about vast.ai, which offers GPU-workloads in the cloud.
It cost me $0.04 to rent fifteen minutes of time on someone's 4090. The actual cracking took less than a minute, the other fourteen were spent moving in my password list and the hashes.
This is great :D
kilala.nl tags: work, studies,
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.