Wednesday, July 26, 2023

Things I have read - 7/26

 https://www.theverge.com/23539460/importyeti-shipping-manifests-american-companies?mc_cid=c91f9a2aff&mc_eid=500ecefb32


A great article on generative AI via TL;DR. 


https://www.nist.gov/itl/ai-risk-management-framework


Youtube training video for InsightVM


Rapid7 Insight VM Training video - https://academy.rapid7.com/rapid7-insightvm-1


Kim Zetter's hard-hitting interview of a member of the group that created new standards for TETRA, a secret communications protocol - https://zetter.substack.com/p/interview-with-the-etsi-standards



Tuesday, July 11, 2023

Follina Tabletop scenario

 In June 2022 I was tasked with creating a tabletop scenario, and specifically that it be realistic. With limited information on what the client needed, my manager asked that the attack path include an attacker exploiting a current vulnerability via a phishing attack to access the client's network. I chose to use the recently-released "Follina" vulnerability. Tracked as CVE-2022-30190, this vulnerability affected Microsoft's diagnostic MSDT tool and potentially allowed for remote code execution.

However, in the vein of my overly complicated and unnecessarily detail-oriented mind, I decided that the screenshots had to be really accurate, and created a mostly functional exploit path for this vulnerability. As far as I can recall, it included a user who clicks on an email to get help from a technician, which downloads and executes an MSDT file. This would show a pop-up that pretends to be an error while the an actual shell gets downloaded and executed. Of course something like Crowdstrike or other EDR tools would probably pick it up, but it was fun to play with anyway, and the screenshots were definitely realistic. Unfortunately the client came back and told us we couldn't do that, so the whole thing was scrapped.

Regrettably I didn't blog about it. 

Monday, June 19, 2023

06/19/23

 Have refurbished my website.


Have been following a reddit user making a convincing long-term case for thermal coal as a potent investment opportunity (3-5 year horizon), as well as copper in advance of inevitable copper shortages, as lithium supply is greatly increasing while copper is not. Today read a comment or linked page that made the argument that ESG works against creating a stable environment and political support for oil companies to invest in wells and supply versus share buybacks or dividends to shareholders.

https://traderferg.substack.com/p/coal-the-beneficiary-of-dumb-energy

Considering this writer references Simon Michaux (author of several extremely well-sourced papers that indicate that there's not even remotely enough green minerals to electrify Europe, let alone transition to green everything), I'm inclined to believe them.

https://www.thegreatsimplification.com/episode/19-simon-michaux

https://www.simonmichaux.com/copy-of-gtk-reports

https://www.iea.org/reports/the-future-of-cooling

https://infrastructurereportcard.org/cat-item/energy-infrastructure/

Also the Low Tech Magazine is now entirely solar powered which is super cool.

https://github.com/lowtechmag/solar/wiki/Solar-Web-Design

Unrelated: https://www.lowtechmagazine.com/2023/02/can-we-make-bicycles-sustainable-again.html



Friday, January 13, 2023

Random thoughts dump

 What if I could design a set of playing cards that contained information about cheap and easy cooking, warming, cooling, and fire, stuff that is incredibly important and should be spread for awareness. Like the concept of a rocket stove, or other information that has evolved over time, that will not be available during a collapse due to lack of information. Basic survival tech, all the amazing innovations of the last 200 years, that could be lost otherwise. 

Make it a pamphlet or something.

Post-Toorcamp packing list review

 Toorcamp was in July, I'm writing this now.

With each Toorcamp my packing list gets better.

The NIGHTMRKT was a great idea. My "pop-up" selling random electronics and other goods was a success. I was advised of two things: don't give things away for free, and to have much better signage, potentially cutesy and pretty for people. Selling vodka tinctures was useless, many people didn't understand the concept, and two days in I was giving them away for free. Also, there's so much alcohol already available for free that no one was going to pay for some random drink. What did go well were the raspberry Pis and decaf teas. Caffeinated teas weren't popular because most people don't drink caffeine late. The population of Toorcamp is definitely aging, hackers are aging, there are more kids and earlier bedtimes. 

Next time, have better signage, like a wooden sign with prices. Sell useful adaptation things and gadgets, like water filters or something. Consider leaning into perfumes. Use a regular propane tank and stove for tea due to better availability. I did make a lot less tea than expected. Definitely have more weed products available.

What worked and what to bring next time:

  • Ziplock bags, regular and silicone/scent-proof
  • Sharpies - useful
  • Sunscreen - it was hot y'all
  • Very Specific stickers
  • Valuable tradeable goods (luci lights, sweet gale, small tea cozy, pirate boxen hacked with other software, mobilizon/sneakernet style). I have some additional ideas, like playing cards with cool adaptation designs or ideas on them, from low-tech magazine and others. You could also do one for gardening.

What not to bring next time:

  • So many batteries
  • Rope
  • Metal straw
  • Hot Hands warmers
  • Very long LED solar string lights (someone always has Christmas lights, there is always power)
  • Sleeping shorts (too cold)
  • Radio (KLOL signal broadcasts only like a hundred feet)
  • Breakfast oatmeal (bagged granola works fine, not here to eat)
  • So much bagged rice (organize group meals next time)