Status Report

September 11, 2023

Status Report

It feels good to be where I am. Over the past few months, I have been running a cybersecurity internship program. Last week that finally came to an end. It was a great learning experience for both the interns and myself. We got to see a lot of cool things and I think everyone grew. Now that there aren't interns to take up my time, I have been able to dive back into my projects and research and I feel so happy again. I am really starting to wrap up some outstanding projects.

Defcon: I attend Defcon 31 this year and learned a lot! It was a great experience and I am very happy to have gone. I created a presentation for work after cleaning up all my notes and had a really learned a lot. Now, I have a list of action items that came from the conference and my talk! Things like detection engineering and actually utilizing some of the tools that I was exposed to. I think my favorite talk was the Electron app TCC vuln that was disclosed.

Some other bits and bobs:

Tomorrow will be one year at my company and I AM SO HAPPY. Being a security analyst is something I've come to enjoy very much.
I managed to break my OpenVAS install after upgrading PostgreSQL. I ended up needing to update /etc/postgresql/14/main/postgresql.conf back to my originally configured port and restart the daemon. I also had to reassign the versioning that PostgreSQL was running in, because that failed to change properly after the upgrade as well.
I've gotten more into detection engineering as of late. We utilize Elastalert to send detection alerts to a Slack channel that has been built. This is a nice tool that can provide me information Sentinel One can't easily notify us of.
While it's nothing new, I've also been doing research into the Zerologon vuln for DCs. I am going to be downloading copies of some of our DCs and testing to confirm if we our patch is actually working as it should.
Our web app pen test is going to be wrapping up soon, where I will get a good look at where we stand from a security perspective on our app.
I've gained more forensics experience with analyzing PDFs and malicious word docs that have come in via email. It hasn't been anything too flashy just yet, but still a great experience.

For the rest of year, I have some goals set that I plan on achieving: – GCP training – GREP Cert – Better detections and more coding – BSides Philadelphia – One more good write up in 2023 about something valuable I learned. – My idea is a write up on how to efficiently exploit something like PDQ after post compromise.