Monday, 17 October 2016

The Internet of Threats

Since late September there has been no shortage of blog posts, articles and comments written about the Mirai botnet DDoS of the security journalist Brian Krebs's website; So one more surely cant hurt!

Much has been made of the threats posed by quickly and cheaply developed IoT hardware. After the slices given to R&D, marketing and others there isn't much of the pie left for security.
None the less, these devices are streaming into (and streaming data out of) consumers homes by the metric truck load.

Not since before the mid 2000's(ish) have so many insecure devices been connected to the internet; arguably back when attacking systems was considerably easier.
The rise of IoT devices is a wonderful throwback to simpler times for hackers of all stripes, where an entire class of networked devices fall into the 'easy pickings' basket; the Mirai botnet is one example of the manifestation of this fact.

IoT by nature is an excellent modus operandi for DDoS as evidenced by the 620Gbps through put achieved by Mirai. It is claimed that the Mirai botnet featured 380,000 devices all of which were popped with a simple dictionary of 62 default creds.

I think its as clear as it has ever been; IoT is going to keep us busy for quite some time.

Saturday, 15 October 2016

3 Weeks until 24 hours (PWK/OSCP)

The clock is ticking until I attempt the OSCP exam. I have 3 weeks of preparation left until I undertake a challenge which I have looked forward to for a very long time. I have taken every opportunity to prepare, including, but not limited to; selecting an exam date featuring my lucky number.

Im now in the process of polishing the lab/course report and having a report template ready to go for the exam. Other than that; I have scripts at the ready and a well rehearsed methodology ready to be deployed.

Inbetween now and the exam I will be attending BlackHat Europe, which surely will serve as a source of inspiration.

All things going well; I look forward to ending the year as a newly minted Offensive Security Certified Professional!