Infosec blog, ramblings about things, generally just wanting to educate, opinions are either my own or used as reference. Might as well assume nothing is true, but with a little knowledge and reference, you should be able to test to prove for yourselves. That's the goal anyway.
When i saw this say cyber security ptsd, i though: wow did someone just recognize that cyber security is wartime activity? or wow, did someone acknowledge that people are often damaged by previous battles so they find it hard to overcome new battles?
Instead this is a high level overview of how people become burnouts if over or under worked.
Lets play a game here, lets pretend you and i are on a 6 man criminal hacking group together. Neither of us are the leader, but we are both considered appropriate for our ideas. My idea is to make conversation in reference sets only and pgp(rsa4096) encrypt files or data shared. To protect our operarions.Your ideas relate to targets, objectives, etc..
We find someone poking in one of our servers. Fuck, is there anything that can dox us? we dont want them knowing we're in and monitoring so lets step back and find a backdoor. Shit. we had to break in almost the same way as him and escalate up. He's probably setup everything he could by now. "find every inode change for the past 48 hours!" there it is, the orders given. We have to do analysis on a changing machine, while its changing, because some fuck nut forgot to patch services with the latest updates. We quickly throw together two bots, one to observe and remotely report (stdout piping) inode changes, another to pull every file as it is with md5s, sha1s, and the full file contents. Hell, half the team is googling inodes. Fuck. Because this isnt just a bot server but an operational server, we are both getting yelled at and spammed by everyone for how the fuck did we let it happen. At the end of the day, 3 days later, our attacker was just some faggot copy pasting. didn't even know what he was looking at. we destroyed the entire infrastructure and rebuilt, with our same roles. operations became more about tunnels, allusion, encryption, and responsive attacks (socket binding abuse, socket service takeover). Our objectives became to always have reversion and attack back structured plans. Our services became ran through a vm, on a server, through tor, through botnet proxies, then finally to a proxy host acting as an inproxy into our network. We did this because some kid found a single hole and used it. We later had members go back and dox, swat, and destroy that person. He didnt even know why he was going to jail.
When people mention the idea of cyber security ptsd, lets take our little example there and apply it to 5 of 6 members now work in security. 2 of 6 still communicate, sometimes. Everyone wants to forget. wartime tactics destroy innocent people and damage the people involved.
But i guess the purpose of the link is to shed light on soc activities and how it can be bad if alert fatigue sets in. Instead of opting to be in a more active environment where people sitting on ass become targets: lets say they need coffee and snacks. Lets say they're fine with youtube on one screen and 30 ignored alerts on the other.
Today I just want to rant about some lessons I've learned recently. For starters, on a philosophy level there will always be a sense of each student teaches the next generation. This has remained for a fair amount of time and today I see few people recognize this. Therefor I find it is my duty to inform anyone who bothers to listen. It's becoming more and more noticeable that people will get praised for doing truly minimal work, if they simply keep at it until they do it. While others get no praise trying to go and do more than whats needed. To me, hard work isn't busting your ass on a computer for 13 hours, it's redoing a metal root in the middle of summer for 13 hours. So I find that praise for minor accomplishments mean very very little to me, but apparently means something to others. I've witnessed other people with a real work ethic get into these situations too as of late. In the end, duty becomes more meaningful than work if work is just business. The lesson…
Okay, so I know I've discussed it before a few times, but it really annoys me when kids are all uppity about wanting to be gangsters, or their idea of gangsters rather. Yes, now days thugs come in dweebie little twitter thugs posting on zone-h thinkin' they're the hottest act around, all the way to hoodlums arrested 6 times for armed robbery of the exact same store. lol. If this is your idea of gangster life, you're in for a rude awakening. For that matter, if everyone over 30, including every other thug who's ever walked your neighborhood, avoids you and your friends like the plague, you're in for a rude awakening. So lets discuss syndication as it applies to criminal world, and compare those ideals to the "thug life" trivialities.
I would like to start with the obvious errors first, gangsters versus thugs. Gangsters are people who join together for an organized effort, a gang of people if you will, and focus their lives heavily on their group. A thug…
I would like to express a few minor words in the only format I know how. Plain text. If you're here for infosec stuff, I'll get to that towards the bottom. Philosophy before technology.
When talking with people recently, a feat I rarely perform anymore, I found myself questioning why they would consider me smart. I have no college degree, I am not a master in some form or fashion. I'm just another kid who studied the world around him. In retrospect, when you know more than the people around you, one topic or many, you appear wiser than you are. As for me, I see that the only way to live life is without the mindset to mimic or clone. People say the smarter many can use less words and in this I am vastly closer towards idiotic. But I have a problem with leaving things unexplained. In one example, I was asked to explain an issue. To most this seems like no problem, they just explain what they know. For me, I explain what I know and how I know it, ways…