Hey Everybody,
The end of summer is fast approaching, and that means teacher are preparing to get back to school.
Now, if you have a K-12 teacher in your life, you already likely know that this time of year is busy with acquiring new classroom resources, setup, and cleanup before the littles come back, and conferences happen.
Last year, my wife requested that I post her wishlist on here to see if others were interested in contributing supplies for her classroom.
We received a ton of resources, are we're very grateful. I'll be requesting your help again this year.
Here is the list:
https://www.amazon.com/hz/wishlist/ls/15VJ5NDYNE4WG
You've done this once already, why are you doing it again?
If don't have a teacher in your life, you may not know that most schools do not provide supplies for teachers, or the children. That responsibility typically falls on the parents, and if the parents don't follow through, the teachers have to provide for the students. Most of the supplies required for a classroom aren't renewable and need to be re-acquired on a yearly basis.
Imagine if you will, taking a job as a dev, sysadmin, or security analyst, and having to supply your own tools, your own computer, operating system, software, network connectivity, your own printer, printer ink, cables, chair, desk, pencils, pens, notepads, desktop phone (if you don't have a cell), etc.
That's what it's like being a K-12 teacher. Additionally, my wife works in a title 1 school. If you have no idea what that is, Title 1 schools serve primarily poor and impoverished families and communities.You work in tech, why aren't you covering it?
Ah, you may not see it or believe it, but we both contribute to the classroom on a regular basis for arts and crafts projects, additional snacks, additional pens, pencils, crayons, markers, colored pencils, glue sticks, printer paper, ink, a home laminator, and laminator sheets, etc. I'm definitely involved, and that won't ever change.
Some of you may note that there are snacks/food in the list I provided, and that's not an error. Many of these children, if they don't receive school lunches or breakfast, they don't get fed. and given the current political climate in which the administration is doing its level best to supplant resources from every walk of life to just throw them at the rich, free food for children is on the chopping block.
As a general reminder, to date, I've written approximately 2.5 textbooks. The digital editions are always on available on leanpub (https://leanpub.com/u/da_667), and for the past several years, they have always been "pay what you want", even if you can't pay for them at all. I believe in sharing knowledge, that it wants to be free, so even if you can't pay, I still want you to have it. You also know that I'm a prolific blogger on www.totes-legit-notmalware.site, and also on community.emergingthreats.net, sharing in my knowledge very often. I don't ask for anything in return, and that will never change.
I'm also not blind, and I can plainly see that everyone that doesn't fit "the agenda" or who isn't a billionaire is suffering in this year of our lord, 2025. So, I get it if you don't want to donate, or you can't donate. That's fine. I would deeply appreciate you re-tooting this message, so that it gets to more eyes, if that isn't too much trouble.
Thank you very much for your time and your eyes on this.
Time for me to reiterate why I think DOH is fucking garbage. This is the cliffnotes version:
-If you read the RFC, never once is privacy listed as a goal for the protocol
-Ostensibly, you get some privacy on the first hop, but from there, you have zero guarantees on literally anything. You have promises from various companies, but that doesn't mean jack shit.
-I'd like you to consider that cloudflare doesn't have a good track record of policing abuse of their platforms, they tacitly support white supremecists and terrorists, they've been known to forward abuse requests containing personal information of those who have submitted them to their abusers, and they have zero financial incentive to stop the flow of traffic. THIS INCLUDES MALWARE, THERE IS SO MUCH FUCKING MALWARE USING CLOUDFLARE. They are a default DoH provider choice in the major browsers that support it.
-Transaction ID is always set to zero for DoH requests to improve caching. This is actually written into the protocol. Y'all know why the transaction ID/DNS ID exists, right? This opens up attack paths for man in the middle attacks. Think QUANTUM and PRISM-type bullshit, where the answer to your DNS query is changed but you'll never know.
-The only goal of the protocol was to move DNS resolution to the browser, so that the browser is cognizant of how domains are being resolved. Its anti-adblocking tech.
-Think about who the major players are behind DoH - It was driven by Cloudflare, Mozilla, and Google. and while I like Firefox, they all have financial incentive to see how domain resolution is occuring and ensure ads are delivered to clients. Y'all are aware of google's Web Integrity web DRM shit, right? How much you wanna bet that if it becomes a standard, there will be websites popping up whereby resolution via DoH is required for viewing the content? I wonder why that would be?
-Flow analysis easily reveals which HTTPS traffic is likely to be DoH traffic. You can't hide connection metadata.
-Several tools have been developed to used DoH as C2, and even file storage, if you're brave enough.
I would also like to note that all of these points apply to the "privacy minded individual", and not necessarily to "Enterprise Ops/Security".
When I first started talking shit about DoH being bad, I got told that I'm not cypherpunk. Sounds pretty fuckin' cypherpunk, giving corporate entities who have proven they give zero fucks about you even more of your data.
But I digress. From the point of view of systems administration and support, its also a fucking nightmare for enforcing policy, and troubleshooting connectivity problems, because the web browser now believes it has the right to be handling DNS resolutions independent of your operating system settings.
On top of that, you have no idea what domains are being resolved, how they're being resolved, or where to even start to troubleshooting the problem.
From a network security perspective, its pretty much the same can of worms. DoH providers are allowed to have your DNS queries, but you aren't allowed to have that for trying to figure out if any of your hosts are infected, and calling back to a C2 somewhere in the middle of Russia.
DNS logs have always been a troubleshooting tool. The fact is, you're making them opaque, and given them to an external entity. "Its always DNS" is a joke until it isn't and you have to figure out whats wrong. Only the DNS queries are opaque now, making this shit much more difficult than it needs to be.
Time for me to reiterate why I think DOH is fucking garbage. This is the cliffnotes version:
-If you read the RFC, never once is privacy listed as a goal for the protocol
-Ostensibly, you get some privacy on the first hop, but from there, you have zero guarantees on literally anything. You have promises from various companies, but that doesn't mean jack shit.
-I'd like you to consider that cloudflare doesn't have a good track record of policing abuse of their platforms, they tacitly support white supremecists and terrorists, they've been known to forward abuse requests containing personal information of those who have submitted them to their abusers, and they have zero financial incentive to stop the flow of traffic. THIS INCLUDES MALWARE, THERE IS SO MUCH FUCKING MALWARE USING CLOUDFLARE. They are a default DoH provider choice in the major browsers that support it.
-Transaction ID is always set to zero for DoH requests to improve caching. This is actually written into the protocol. Y'all know why the transaction ID/DNS ID exists, right? This opens up attack paths for man in the middle attacks. Think QUANTUM and PRISM-type bullshit, where the answer to your DNS query is changed but you'll never know.
-The only goal of the protocol was to move DNS resolution to the browser, so that the browser is cognizant of how domains are being resolved. Its anti-adblocking tech.
-Think about who the major players are behind DoH - It was driven by Cloudflare, Mozilla, and Google. and while I like Firefox, they all have financial incentive to see how domain resolution is occuring and ensure ads are delivered to clients. Y'all are aware of google's Web Integrity web DRM shit, right? How much you wanna bet that if it becomes a standard, there will be websites popping up whereby resolution via DoH is required for viewing the content? I wonder why that would be?
-Flow analysis easily reveals which HTTPS traffic is likely to be DoH traffic. You can't hide connection metadata.
-Several tools have been developed to used DoH as C2, and even file storage, if you're brave enough.
#introduction #introductions #reintroduction #reintroductions
holy shit, I step out for dinner and theres /more/ of you following me. I gained nearly 200 followers in a single day.
As always, welcome to infosec.exchange.
I'm assuming if you found me, someone misguided you, or you are aware of the image macros and spam that rule my feed. I always aim for that SSS rating:
Suffering
Shitposting
Security news
My background is, of course, in cybersecurity. I have a bit over a decade of experience in infosec in general, with the vast majority of that spent on the blue team, and in private sector, but with a little bit of time on the red team in the intel community.
My specialization is network security monitoring. Some call it NIDS, some call it DPI, some call it IDS/IPS, a few call it NGFW and NGIPS to sound sophisticated, but I stare at pcaps, do pattern recognition, and write signatures or rules for Snort and Suricata to detect anomalous traffic that repeat unique patterns. That's my job in a nutshell.
IDS/IPS work requires a broad understanding of network protocols, and sometimes, some guesswork and a lot of sandbox runs when you're encountering C2 traffic to figure out the constants and variables.
I also wrote a book on creating virtual machine labs for learning IT and infosec concepts. I'm not gonna tell you to buy my shit, especially when you can get it for free if you really want it. Check out the other pinned toot for details.
In my spare time, I like to be a part of the life of my wife who is a first-grade teacher, and my two beautiful and very happy bassett hounds. I also play a lot of video games (I enjoy rogue-likes, rogue-lites, turn-based strategy, RPGs, and generally most indie titles), red a lot of manga, and watch a lot of anime (My favorite genre/trope is typically isekai. I love escapism, made rises to power, and seeing how creative storytellers get with the mechanics of the world that they just dropped someone into who is over or underpowered as hell). I grew up in MI, left, and came back. Its very likely I'll die here. I love this place, especially the northern parts of the state, and one day dream of owning land or maybe even a very modest vacation home somewhere in the north reaches. Maybe someday, but I digress.
I have a reputation for being a prolific shitposter, but generally that's because life is way too fucking short to take seriously. Some people got a laugh out of it, some didn't. If I'm too high volume, I apologize. I won't be offended if you unfollow, block, mute, whatever. You do what you have to.
In spite of all the noise, I'm somewhat enthusiastic about security and NSM (network security monitoring) in general, and happy to answer questions if i can, and if I can't try to point you to better sources of information.
That's enough about me. I'm gonna have you play a game. Playing this game is entirely optional, but I wanna know more about you. If you drop me a follow, or have dropped me a follow, please tell me why. Thanks.
I mentioned in my profile and on my introduction that a wrote a book -- Building Virtual Machine Labs. Then a few years later, I wrote a second edition that is considerably more comprehensive.
I self-published via amazon's KDP, and via the online platform, leanpub. The dead tree format on amazon comes in two parts, because my book is over 1,000 pages of content. Its a bit pricey, but trust me, I'm not making much of a profit margin.
The digital edition on leanpub on the other hand? I made it pay what you want. You have no money? You wanna try it before you buy it? You were planning on pirating it? Thats all fine. I would rather you get the content from a reliable provider than try and download it from a sketchy site.
My book covers the basics virtualization
-Hosted vs. Baremetal hypervisors
-Virtual network segment types
-Virtual switching
-Hardware resource requirements and resource balancing
-Acquiring hardware
-Choosing (one of a choice of five) your hypervisor
-Configuring a baseline lab environment on one of those five hypervisor
-Configuring core network services (DHCP, DNS, NTP, Squid Proxy) and network firewall policy for your lab environment
-Routing and remote access for hosted and/or baremetal lab environments
-Installing and configuring Snort3 or Suricata
-Installing Splunk Enterprise
-Ideas on how to expand your lab beyond the baseline we build in the book together
-Extra content (password manager recommendations, etc.)
This thing is fully illustrated, and is 90% of the reason the book is so huge, because I wanted to accommodate visual learners. Buy or don't, but maybe share it with your friends trying to hope into IT/Infosec, and looking for homelab advice.
Digital (PDF) edition (free/pay-what-you-want):
leanpub.com/avatar2
Black and white print:
vol I: https://www.amazon.com/dp/B09GXHNJFC
vol II: https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/B09GXPMY9M
Color:
vol I: https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/B09GXD7QL8
vol II: https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/B09GZJPYFX
RE: https://infosec.exchange/@da_667/115017234519095325
so many boxes arriving today. You all have been very generous to us, and we're both grateful and would like to thank you on behalf on the incoming first graders to my wife's classroom.
fuck it, word2008 it is.
Intern is draining my will to live. Reply with image macros and shitposting, please.
Guys I feel kinda bad for posting this now. He just said that I'm officially his mentor here. Not gonna lie, while it's been difficult, but hearing that warmed my cold, black BOFH heart.
Which then immediately collapsed into a black hole when I read up on this CSRF and arbitrary file upload vuln combo: https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/
Intern is draining my will to live. Reply with image macros and shitposting, please.
If you don't want to contribute to this list, but you want to know more about how you can help your local schools, I highly recommend checking out donorschoose.org as well. This might also be a good link to hand out to your employer to see if your corporation is willing to donate to your local schools, or match your donations.
I just wanna say thank you in advance for the contributions you've supplied. In spite of 2025 being what it is, we've already gotten multiple items on our wishlist taken care of. I'm always enamored by the generosity of my peers in this community. Me and my wife offer our heartfelt thanks for your support on behalf of the children in this year's first grade class.
The best part about AI is that there isn't a works cited. "How the fuck did you come to this entirely wrong conclusion?"
"It came to me in a dream."
da_667