Popular Posts

Wednesday, July 11, 2012

Some light reading?

With all of my traveling lately, I have not been able to work with metasploit as much as I would like.  In my spare time, I have been reading Dale Carnegie's How to Win Friends and Influence People.  This book is extremely helpful for any job life you may have.  I have made notes on the book that includes the main principles from the chapters as well as key quotes I encountered:

(If nothing else, please read the principles listed as they offer the main ideas from the reading)


How To Win Friends and Influence People


Fundamental Techniques in Handling People

Principle I: Don’t criticize, condemn, or complain

“I consider my ability to arouse enthusiasm among my people the greatest asset I possess, and the way to develop the best that is in a person is by appreciation and encouragement.  There is nothing else that so kills the ambitions of a person as criticisms from superiors.  I never criticize anyone.  I believe in giving a person incentive to work.  So I am anxious to praise but loath to find fault.  If I like anything, I am hearty in my approbation and lavish in my praise.
-          Charles Schwab

Principle II: Give honest and sincere appreciation

“In as much as ye have done it unto one of the least of these my brethren, ye have done it unto me.”

“Action springs out of what we fundamentally desire . . . and the best piece of advice which can be given to would-be persuaders, whether in business, in the home, in the school, in politics, is: First, arouse in the other person an eager want.  He who can do this has the whole world with him.  He who cannot, walks a lonely way.”
-          Harry A. Overstreet

“If there is any one secret of success, it lies in the ability to get the other person’s point of view and see things from that person’s angle as well as from your own.”
-          Henry Ford


“People who can put themselves in the place of other people who can understand the workings of their minds, need never worry about what the future has in store for them.”
-          Owen D. Young

If out of reading this book you get just one thing – an increased tendency to think always in terms of other people’s point of view, and see things from their angle – if you get that one thing out of this book, it may easily prove to be one of the building blocks of your career.

Principle III: Arouse in the other person an eager want


Ways to Make People Like You

You can make more friends in two months by becoming genuinely interested in other people than you can in two years by trying to get other people interested in you.

“It is the individual who is not interested in his fellow men who has the greatest difficulties in life and provides the greatest injury to others.  It is from among such individuals that all human failures spring.”

-          What Life Should Mean to You by Alfred Adler


“I am grateful because these people come to see me; they make it possible for me to make my living in a very agreeable way.  I’m going to give them the very best I can.”
-          Howard Thurston on taking the stage before a show

“We are interested in others when they are interested in us.”
-          Publilius Syrus

Principle I: Become genuinely interested in other people

“People you smile tend to manage, teach, and sell more effectively, and to raise happier children.  There’s far more information in a smile than a frown.  That’s why encouragement is a much more effective teaching device than punishment.”
-          Professor James V. McConnell

“Whenever you go out-of-doors, draw the chin in, carry the crown of the head high, and fill the lungs to the utmost; drink in the sunshine; greet your friends with a smile, and put soul into every handclasp.  Do not fear being misunderstood and do not waste a minute thinking about your enemies.  Try to fix firmly in your mind what you would like to do; and then, without veering off direction, you will move straight to the goal.  Keep your mind on the great and splendid things you would like to do, and then, as the days go gliding away, you will find yourself unconsciously seizing upon the opportunities that are required for the fulfillment of your desire, just as the coral insect takes from the running tide the element it needs.  Picture in your mind the able, earnest, useful you desire to be, and the thought you hold is hourly transforming you into particular individual. …Thought is supreme.  Preserve a right mental attitude – the attitude of courage, frankness, and good cheer.  To think rightly is to create.  All things come through desire and every sincere prayer is answered.  We become like that on which our hearts are fixed.  Carry your chin in and the crown of your head high.  We are gods in the chrysalis.”
-          Elbert Hubbard

“A man without a smiling face must not open a shop.”
-          Ancient Chinese proverb

Principle II: Smile

Principle III: Remember that a person’s name is to that person the sweetest and most important sound in any language

“Those people who think only of themselves are hopelessly uneducated.  They are not educated no matter how instructed they may be.”
-          Dr. Nicholas Murray Butler

Principle IV: Be a good listener.  Encourage others to talk about themselves.

Principle V: Tal kin terms of the other person’s interests

“Do unto others as you would have others do unto you.”
-          Jesus

“hearty in their approbation and lavish in their praise.”
-          Charles Schwab

“I’m sorry to trouble you,” “Would you be so kind as to ---?” “Won’t you please?” “Would you mind?” “Thank you”

“Every man I meet is my superior in some way.  In that, I learn of him.”
-Emerson

“Talk to people about themselves and they will listen for hours.”
-          Disraeli

Principle VI: Make the other person feel important-and do it sincerely

How to Win People to Your Way of Thinking

So figure it out for yourself.  Which would you rather have, an academic, theatrical victory or a person’s good will?  You can seldom have both.

“Hatred is never ended by hatred but by love.”
-          Buddha

“No man who is resolved to make the most of himself, can spare time for personal contention.  Still less can he afford to take the consequences, including the vitiation of his temper and the loss of self-control.  Yield larger things to which you show no more than equal rights; yield lesser ones though clearly your own.  Better give your path to a dog than be bitten by him in contesting for the right.  Even killing the dog would not cure the bite.”
-          Lincoln

How to keep a disagreement from becoming an argument in Bits and Pieces
-          Welcome the disagreement:  “When two partners always agree, one of them is not necessary”
-          Distrust your first instinctive impression
-          Control your temper
-          Listen first
-          Look for areas of agreement
-          Be honest
-          Promise to think over your opponent’s ideas and study them carefully
-          Thank your opponents sincerely for their interest
-          Postpone action to give both sides time to think through the problem

“My wife and I made a pact a long time ago, and we’ve kept it no matter how angry we’ve grown with each other.  When one yells, the other should listen – because when two people yell, there is no communication, just noise and bad vibrations.”
-          Jan Peerce

Principle I: The only way to get the best of an argument is to avoid it

“Men must be taught as if you taught them not and things unknown proposed as things forgot.”
-          Alexander Pope
“You cannot teach a man anything; you can only help him find it within himself.”
-          Galileo
“Be wiser than other people if you can; but do not tell them so.”
-          Lord Chesterfield
“One thing only I know, and that is that I know nothing.”
-          Socrates

“I have found it of enormous value when I can permit myself to understand the other person.  The way in which I have worded this statement may seem strange to you.  Is it necessary to permit oneself to understand another?  I think it is.  Our first reaction to most of the statements (which we hear from other people) is an evaluation or judgment, rather than an understanding of it.  When someone expresses some feeling, attitude or belief, our tendency is almost immediately to feel ‘that’s right,’ or ‘that’s stupid,’ ‘that’s abnormal,’ ‘that’s unreasonable,’ ‘that’s incorrect,’ ‘that’s not nice.’  Very rarely do we permit ourselves to understand precisely what the meaning of the statement is to the other person.”
-          Carl Rogers on Becoming a Person

When we are wrong, we may admit it to ourselves.  And if we are handled gently and tactfully, we may admit it to others and even take pride in our frankness and broad-mindedness.  But not if someone else is trying to ram the unpalatable fact down our esophagus.

“I judge people by their own principles – not by my own.”
-          Dr. Martin Luther King on his admiration of Air Force General Daniel James

“Agree with thine adversary quickly.”
-          Jesus
“Be diplomatic.  It will help you gain your point.”
-          King Akhtoi of Egypt

Principle II: Show respect for the other person’s opinions.  Never say “You’re wrong.”


3: If You’re Wrong, Admit It

“All if this has been my fault, I and I alone have lost this battle.”
-          General Robert E. Lee

“Come to think it over, I don’t entirely agree with it myself.  Not everything I wrote yesterday appeals to me today.  I am glad to learn what you think on the subject.  The next time you are in the neighborhood you must visit us and we’ll get this subject threshed out for all time.  So here is a handclasp over the miles, and I am,”
-          Elbert Hubbard in response to a gentleman that disagreed with his article

By fighting you never get enough, but by yielding you get more than you expected
-          Old proverb

Principle III: If you are wrong, admit it quickly and emphatically

“If you come at me with your fists doubled, I think I can promise you that mine will double as fast as yours; but if you come to me and say, ‘Let us sit down and take counsel together, and, if we differ from each other, understand why it is that we differ, just what the points at issue are,’ we will presently find that we are not so far apart after all, that the points on which we differ are few and the points which we agree are many, and that if we only have the patience and the candor and the desire to get together, we will get together.”
-          Woodrow Wilson

“It is an old and true maxim that ‘a drop of honey catches more flies than a gallon of all.’  So with men, if you would win a man to your cause, first convince him that you are his sincere friend.  Therein is a drop of honey that catches his heart which, say what you will is the great high road to his reason.”
-          Lincoln
Principle IV: Begin in a friendly way

“He who treads softly goes far.”
-          Ancient Chinese proverb

Principle V: Get the other person saying “yes, yes” immediately

“If you want enemies, excel your friends; but if you want friends, let your friends excel you.”
-          La Rochefoucauld

Principle VI: Let the other person do a great deal of the talking

“In every work of genius we recognize our own rejected thoughts; they come back to us with a certain alienated majesty.”
-          Ralph Waldo Emerson
Principle VII: Let the other person feel that the idea is his or hers

“I would rather walk the sidewalk in front of a person’s office for two hours before an interview than step into that office without a perfectly clear idea of what I was going to say and what that person – from my knowledge of his or her interests and motives – was likely to answer.”
-          Dean Donham
Principle VIII: Try honestly to see things from the other person’s points of view




“I don’t blame you one bit for feeling as you do.  If I were you, I would undoubtedly feel just as you do.”

Principle IX: Be sympathetic with the other person’s ideas and desires

Principle X: Appeal to the nobler motives

Principle XI: Dramatize your ideas

“The way to get things done is to stimulate competition.  I do not mean in a sordid, money-getting way, but in the desire to excel.”
-Charles Schwab

“All men have fears, but the brave put down their fears and go forward, sometimes to death, but always to victory.”
-          Motto of King’s Guard in ancient Greece

Principle XII: Throw down a challenge

Principle I: Begin with praise and honest appreciation

Principle II: Call attention to people’s mistakes indirectly

Principle III: Talk about your own mistakes before criticizing the other person

Principle IV: Ask questions instead of giving direct orders

“I have no right to say or do anything that diminishes a man in his own eyes.  What matters is not what I think of him, but what he thinks of himself.  Hurting a man in his dignity is a crime.”
-          Antoine de Saint-Exupery

Principle V: Let the other person save face

“Praise is like sunlight to the warm human spirit; we cannot flower and grow without it.  And yet, while most of us are only too ready to apply to others the cold wind of criticism, we are somehow reluctant to give our fellow the warm sunshine of praise.”
-          Jess Lair, I Ain’t Much, Baby-But I’m All I Got
Principle VI: Praise the slightest improvement and praise every improvement.  Be “hearty in your approbation and lavish in your praise.”

Principle VII: Give the other person a fine reputation to live up to

Principle VIII: Use encouragement.  Make the fault seem easy to correct

Always make the other person happy about doing the thing you suggest.

The effective leader should keep the following guidelines in mind when it is necessary to change attitudes or behavior:

1.       Be sincere.  Do not promise anything that you cannot deliver.
2.       Know exactly what it is you want the other person to do.
3.       Be empathetic.  Ask yourself what is it the other person really wants.
4.       Consider the benefits that person will receive from doing what you suggest.
5.       Match those benefits to the other person’s wants.
6.       When you make your request, put it in a form that will convey to the other person the idea that he personally will benefit.

Principle IX: Make the other person happy about doing the thing you suggest

This is all so overwhelming...

If you have spent any time looking into information security I'm sure you've had the same thoughts I have had.  

"Oh malware is cool."  

"Penetration tests are straight from an action flick."  

"I worked in an IT department...so my job title can be something like systems administrator...maybe throw in assistant or something."

"I've built a few computers, I can handle any job."

Well I've learned that I don't have even basic understandings on some of these areas.  Following professional blogs and other forums is a good place to start.  It appears that being a systems administrator requires a lot more basis for starting than I anticipated.  I have worked with group policies and some Symantec virus protection management software but there is so much more that I find myself googling on the side.

There are many different areas of information security and I'm going to provide some of the most useful links I have found so far and what they pertain to.  Currently, I have two chrome windows open with about 15 tabs each.  Obviously this is too much information to filter through and understand at one time so this is also a bookmark for myself.


/r/malware - Since I have started looking into malware analysis I have learned that you can't understand anything until you experience it.  Everywhere you search online will suggest finding malware samples and offer tools or guides for analysis the sample and learning from it.  One negative side to this Reddit is that it only has 2,600 readers.  This reddit does offer good information but if you need answers here, it will probably be a while before you get a response.

This post offers a great starting place to pick up some samples as well as find guides and tools for working with the samples.  WARNING*  When working with malware and through infected sites always be sure to use a virtual machine to protect yourself.  This is paramount to you and your machines safety. /warning

A lot of the stuff I have read also hints at reverse engineering.  I only know some Java and have no idea where to start on reverse engineering.  I keep reading C and C++ and Assembly and have no knowledge of these languages currently.  /r/ReverseEngineering has created a great thread on introducing this idea to beginners.  This thread introduces the tools used and training resources for learning to use them properly.

For Systems Administrators, here is a good post on useful tools.

I have definitely bitten off more than I can chew by continuing to find useful resources I want to learn and understand better.  I'm trying to focus on penetration first but the rest of these topics will be hit in later posts.

Auditing Companies

While browsing the forums, I have come across some informative, and sometimes hilarious, reports of auditors working with clients.   This first post is about an employee and the horrible interactions he has with the security auditor.  Although this auditor and his company were not named, I'm sure the story has affected both him and his company.  It is important to understand what you are talking about when working with clients and this is perfect example of what not to do.

The following companies Sunera, CoreSecurity, and SecureState were all recommended on the forums for running efficient, informative audits.  I have not heard of these companies before but will look into them and try to find some more information or articles about their audits.

Pwn Plug

Wired has written up a really interesting article on a new device called the Pwn Plug that allows easy access to networks.  The device allows companies to run their own penetration tests remotely making this product quite beneficial to IT departments that formerly had to send professionals to the locations for audits and troubleshooting. The article follows a pen tester that is able to infiltrate four banks, one-after-another, before the headquarters ended the test.  This product has a lot of potential for both sides of the ethical hacking line and should be monitored closely.

Wednesday, June 20, 2012

Getting Started

There's a lot of exposure to security right now.  It's an extremely hot topic and someone wanting to learn more about this field may have trouble knowing exactly where to start.  And even after you start to learn how exactly do you plan on implementing your new-found skills?  There are a lot of legal obstacles when it comes to information security.  You will be learning how to break into secure networks and, in some of my studies, learn how to analyze and develop malicious code.  This field requires a high degree of ethics and values that the individual person must understand before beginning the dive into information security.  Especially in a world where everyone online has the ability to be completely anonymous.

Aside from my work on network security, web app security, and malware analysis, I will also be reading through some general business and "better yourself" books.  It is my goal to be a better person both in my career and as a family man and friend to many.  I have just finished listening to the Good To Great audiotape and after finishing it the other day, I really had no idea what I had just listened to.  Of course there was a recap at the end of the book, but what exactly was the flywheel concept, what is the hedgehog concept and how do I create my own.  I plan on looking back through the book and making notes on these important concepts so that I have a reference for myself.  I really enjoyed the book and am now reading Social Engineering: The Art of Human Hacking and How To Win Friends and Influence People.

This is just the first post of many that will document my professional development and my hope is that it will aid you in your own development.