This post has notes on how I added a macOS machine to my security homelab. Install macOS to Proxmox Follow this guide to install macOS onto a Proxmox cluster. This will result in an x86 based VM. I plan on looking into an ARM node in the future. Reference this page if you don’t want to extract OSK yourself. Additional note, this installed to local-lvm, not my GlusterFS storage. Bind macOS to Active Directory Since the rest of the lab is a Windows Active Directory domain, I wanted to join the macOS VM to the domain so domain users could login. Follow the guide here for high level guidance. Ventura changed the look of the Directory Utility but the overall concepts are the same. In Directory Utility, tick the option to “create mobile account at login” and add the “Users” OU to allowed administration. ...

Bomber Mafia: A Dream, a Temptation, and the Longest Night of the Second World War Betrayal in Berlin: The True Story of the Cold War’s Most Audacious Espionage Operation Farm and Other F Words: The Rise and Fall of the Small Family Farm There Is Nothing For You Here: Finding Opportunity in the Twenty-First Century The Code Breaker: Jennifer Doudna, Gene Editing, and the Future of the Human Race The Splendid and the Vile: A Saga of Churchill, Family, and Defiance During the Blitz My Life in Full: Work, Family, and Our Future Eisenhower in War and Peace This is How They Tell Me the World Ends: The Cyberweapons Arms Race 32 Yolks: From My Mother’s Table to Working the Line Noise: A Flaw in Human Judgment The New Geography of Jobs You Are Worth It: Building a Life Worth Fighting For American Made: What Happens to People When Work Disappears The Caine Mutiny The Everything Store: Jeff Bezos and the Age of Amazon Facing the Mountain: A True Story of Japanese American Heroes in World War II Leadership in War: Essential Lessons from Those Who Made History The Day of the Jackal Caste: The Origins of Our Discontents Heroes: The Greek Myths Reimagined Troy: The Greek Myths Reimagined Ludicrous: The Unvarnished Story of Tesla Motors Of Mice and Men How the World Really Works: The Science Behind How We Got Here and Where We’re Going Musashi Why We’re Polarized The Road Taken: A Memoir An Ugly Truth: Inside Facebook’s Battle for Domination The Making of a Manager: What to Do When Everyone Looks to You Threat Hunting with Elastic Stack The above are Amazon affiliate links. As an Amazon Associate I earn from qualifying purchases.

In March of this year, I successfully defended my dissertation An Application of Machine Learning to Packed Mach-O Detection. After four years, I completed a PhD in Cyber Operations from Dakota State University (DSU). In this post, I want to reflect on this journey, what I learned, and thoughts on the program. Curriculum The DSU PhD in Cyber Operations consists of core technical classes, core research classes, electives, and the dissertation. When I started the program, it was actually a Doctor of Science (DSc) vice a Doctor of Philosophy, but the South Dakota Board of Regents approved the transition to PhD relatively soon after my acceptance. ...

The Silk Roads: A New History of the World Touching the Dragon: And Other Techniques for Surviving Life’s Wars Long Walk to Freedom: The Autobiography of Nelson Mandela The Coaching Habit: Say Less, Ask More & Change the Way You Lead Forever How to Be an Anti Racist You Never Forget Your First: A Biography of George Washington The Order of Time The Topeka School: A Novel The Space Barons Small Wars, Big Data: The Information Revolution in Modern Conflict The Threat Intelligence Handbook The Security Engineer Handbook A Promised Land We Are Bellingcat: Global Crime, Online Sleuths, and the Bold Future of News The New Jim Crow: Mass Incarceration in the Age of Colorblindness This Is What America Looks Like: My Journey from Refugee to Congresswoman No Time for Spectators: The Lessons That Mattered Most from West Point to the West Wing Cannery Row Born a Crime: Stories from a South African Childhood How to Avoid a Climate Disaster: The Solutions We Have and the Breakthroughs We Need These Truths: A History of the United States Grant The Stranger 2034: A Novel of the Next World War A Separate Peace The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics Leave Only Footprints: My Acadia-to-Zion Journey Through Every National Park American Kompromat: How the KGB Cultivated Donald Trump, and Related Tales of Sex, Greed, Power, and Treachery Country Driving: A Journey Through China from Farm to Factory Mythos Playing to Win: How Strategy Really Works Blue on Green The Making of a Miracle: The Untold Story of the Captain of the 1980 Gold Medal–Winning U.S. Olympic Hockey Team The Last Rhinos: My Battle to Save One of the World’s Greatest Creatures The Spy and the Traitor: The Greatest Espionage Story of the Cold War Boom Town: The Fantastical Saga of Oklahoma City, its Chaotic Founding… its Purloined Basketball Team, and the Dream of Becoming a World-class Metropolis Fulfillment: Winning and Losing in One-Click America The above are Amazon affiliate links. As an Amazon Associate I earn from qualifying purchases.

Situation A remote code execution (RCE) bug was found in log4j. CVE 2021-44228 has been assigned to it. The vulnerability lies in how log4j interprets Java Naming and Directory Interface (JNDI) URLs. JNDI lets an application look up a service. An attacker can craft a string that looks like “${jndi:proto://host/a}” where proto is ldap or rmi, and log4j will connect to the host to retrieve a, which would specify how to process the log entry. However, a can instead provide Java bytecode that log4j will execute. ...

Security Onion on Proxmox I originally set up my homelab using Ovirt, but have since switched back to Proxmox. The reason for that is that the version of qemu that Ovirt ships with does not support the “applesmc” device that is needed to run macOS guests, whereas Proxmox does. Another benefit is that Proxmox supports running containers, while Ovirt required full virtual machines, and Proxmox is overall much faster at every day tasks like starting or migrating a VM. I kept the same infrastructure as before, including using Gluster as shared storage amongst the compute nodes. ...

In a recent demonstration of cyber and electronic warfare capabilities, I had the opportunity to enable access into a network by exploiting a computer remotely through a cell phone. In this blog post, I’ll document some of the challenges that were encountered and how they were overcome. Scenario The scenario for this demonstration was: an offensive cyber operations team wants to gain access into a targeted computer network which includes a wireless access point. The targeted network is firewalled and NAT’d, and social engineering techniques such as spear phishing have been unsuccessful. In order to gain access into the network, a human source is used to approach the facility that houses the network (think a residential building) and gains close enough proximity to sense the radio frequency (RF) emissions from the facility. ...

In a previous post I wrote about investigations that I performed on DNS over HTTPS (DoH). That research was performed as part of Cyber Security Research. During Security Tool Development, I expanded on that research by implementing a Python script which creates DNS wire format packets from a DoH packet capture. This post describes how that script was made and how it works. Updates to gen_doh.py In addition to the use of sslkeylog which was discussed in the previous post, I needed to update the client_protocol.py file. Line 45 of that file contains: ...

Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World American Revolutions: A Continental History, 1750-1804 For Whom the Bell Tolls Benjamin Franklin: An American Life Rise and Kill First: The Secret History of Israel’s Targeted Assassinations Places and Names: On War, Revolution, and Returning Better: A Surgeon’s Notes on Performance Alone at Dawn: Medal of Honor Recipient John Chapman and the Untold Story of the World’s Deadliest Special Operations Force Call Sign Chaos: Learning to Lead The Moment of Lift: How Empowering Women Changes the World A Gentleman in Moscow: A Novel Heartland: A Memoir of Working Hard and Being Broke in the Richest Country on Earth Why We Sleep: Unlocking the Power of Sleep and Dreams Talking to Strangers: What We Should Know About the People We Don’t Know The Strange Order of Things: Life, Feeling, and the Making of Cultures Sea Stories: My Life in Special Operations Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers The Righteous Mind: Why Good People Are Divided by Politics and Religion Never Lost Again: The Google Mapping Revolution That Sparked New Industries and Augmented Our Reality Mastery I’ll Be Gone in the Dark: One Woman’s Obsessive Search for the Golden State Killer The Body: A Guide for Occupants Snow Crash White Fragility: Why It’s So Hard for White People to Talk About Racism Catch and Kill: Lies, Spies, and a Conspiracy to Protect Predators Burn-In: A Novel of the Real Robotic Revolution On Corruption in America: And What Is at Stake With the Old Breed: At Peleliu and Okinawa The Art of Intelligence: Lessons from a Life in the CIA’s Clandestine Service Active Measures: The Secret History of Disinformation and Political Warfare The President Is Missing: A Novel The above are Amazon affiliate links. As an Amazon Associate I earn from qualifying purchases.

The Cuckoo project provides a safe environment in which to execute malware (also called “detonating”). I will be using Cuckoo as part of a malware analysis class. There are several guides that you could follow to setup Cuckoo, but almost all of the ones that I found used VirtualBox as a hypervisor. Since I have a homelab running on KVM, I wanted to install Cuckoo to use that as well. There is no groundbreaking information in this post, but it consolidates information that I had to find from several different sources while troubleshooting. ...