Wow, 12 weeks has just flew by without an update on here, that is just shocking behaviour! On the other hand, work has been busier than any other period I can remember, and I have been here a LONG time. I am not sure if that means it really has been crazy busy, or if my memory is failing, and it was far more busy before but I just cant remember it
I attended an online Metasploit/PenTest training course run by Georgia Weidman (www.bulbsecurity.com), which was very helpful for my aging brain and skillset My laptop started playing up in the middle of the training (it crashed, twice!), but thankfully Georgia supplied all the attendees with a video of the training session which I really need to go back and look at again real soon. I built my own Linux based VirtualBox server at home to host various target/victim systems, and I would like to get some use out of that some time soon.
In addition to the IPv6 work we are all having to feed into our schedules and work flows, there was the slight issue of having to migrate our multi-site firewall policies from a old out-of-support version to the latest one that supports IPv6 as a core feature, rather than appearing to be a last minute add-on to keep the customers happy. After 8 weeks of banging my head against the issue of getting it to upgrade and migrate, plus 2 weeks with our support team and the vendor, we finally found a process that worked (at least in the tests we ran). Last Saturday was the day scheduled for the real upgrade, and it was a bit of an anti-climax. No issues, no tears, no upsets, it just worked… Yay!
So, next is hardware refresh on the multi-site firewall firewalls. They are not aging 486 units or anything, but if we are upgrading (and the budget is there), its worth spending the money on new hardware. As usual, the first test subject is always the office where I work, in case it all goes horribly wrong (i.e. I can run into the server room and fix it locally if I get locked out over the network). I dont expect that part to be a problem, as I have already helped with an install of the latest version on new hardware to create a High Availability cluster. I just have to ensure that the pre-config is done correctly.
And looming large on the horizon is DEFCON 21, which will take 3 weeks out of my schedule. I managed to get 6 days holiday signed off while I am out in the US, so with weekends included, I get 10 days to spend on the road for what will be my longest roadtrip before I arrive in our office in San Diego for a couple of days. Trip details to follow soon on here, once I have nailed down my schedule (as much as I can, given the unpredicability of a road trip!). I am feeling much better this year compared to last, so may actually get to talk to strangers, get involved, interact with people. Hell, I even have a mohawk for this year’s DEFCON (my idea) which will be colored blue and green soon (my 3 year old son’s idea). I couldnt have even contemplated doing such a thing last year. The introvert in my head would have just died, whereas this year, the introvert certainly has a much quieter voice when it comes to decision making. The thought of mixing with several thousand people doesnt scare the hell out of me like it did in previous years, lets hope that thought pattern remains while I am actually there. I have a long list of people I would like to catch up with, but with DEFCON being as large and chaotic as it is, I think anyone I do get to see will be mostly by accident. And then there is the DEFCON shoot to look forward to as well. This year I will be bringing some “special” targets to place downrange for everyone to use and abuse during the shoot. I think they will be appreciated by most (if not all) attendees
After DEFCON, I also get to attend 44CON in London, and also DerbyCon in Louisville, Kentucky (the latter is funded by using some of my long service award fund!). Its a CON summer for me As they are both smaller CONs, I should have a better chance of meeting those people on my list at these CONs than at DEFCON. I also hope get to learn some new things that should scare the life out of me and other people. I hope my kidneys wont hate me for the abuse they will have to put up with over the course of 3 CONs in 2 months.
October will be a slightly less hectic month, no conferences to attend, maybe a weekend at Kelling Heath star party, then back to nornal work and normal schedules for firewall upgrades, plus maybe get some time to learn some more InfoSec stuff, and possibly fiddle with the large collection of electronic gear I have accumulated over the months that is sat on my shelves, collecting dust.
Or maybe I will just be a lazy git, and watch episodes of Archer while geting very drunk…. it could go either way right now