Bruce Schneier

In case you didn’t spot it, my imaginary InfoSec arch-nemesis Bruce Schneier was interviewed over at The Setup (The orignal setup site). Go check it out.

Adrian Pastor

Who am I? What do I do?

My name is Adrian Pastor. Online, I use the rather silly moniker ‘pagvac’. At my age, it feels a bit childish to continue using handles, or nicknames as they have always been known in the world of IRC (which is where I started using it). I think I can’t let it go simply because I’ve been using it for so long.

I have been passionate about security since witnessing the execution of an exploit (WinNuke NetBIOS OOB) for the first time circa 1997-1998 at an Internet café in my hometown. The Internet café owner would use it against IRC users who would troll his customers. I still remember being absolutely blown away that someone could remotely freeze a computer.

I’m the CEO and co-founder at MINERVA. We specialize in pentesting, security audits, and training. We pride ourselves in providing a customized service with a friendly and human touch. If you want automated security scanning services we certainly aren’t the right company for you!

I’m also a Founding Member at GNUCITIZEN, a collective of independent security researchers. Perhaps, my best-known work at GC was the discovery of vulnerabilities that granted remote administrative access to the BT Home Hub, the UK’s most popular broadband router.

What hardware do you use?

I was converted to Apple in 2010, quite late compared to most security pros I know. Several of my colleagues at the time would praise how stable and headache-free Macs were. Since this is exactly what I need when consulting for clients, I decided to follow suit. I’ve been a Macbook Pro user ever since. I don’t own a desktop computer. Currently I have a mid 2012 MBP with a 15-in retina screen, 16GB RAM, and 256 GB SSD. In addition to mobility, performance is everything for me, so I usually get one of the best MBP configurations available at time of purchase. I donated my previous MBP to my better half and it still works like a charm despite its 5 years of age!

And what Software?

I’m slowly migrating my security tools from various Ubuntu VMs to OS X, my host OS. While I still use VMWare Fusion for Windows software that is not available on OS X, I realized I was using VMs because of the ability to restore snapshots. This is essentially a glorified backup solution, which I’ve replaced with Time Machine. I have Time Machine configured to use two backup disks. One is Time Capsule, which continuously makes backups seamlessly in the background over WiFi. The other is an external caddy, which I plug into my MBP once a month. I use both backup disks because I worry that either disk will fail and lose critical data. I think of this as a humble version of RAID, which for me is necessary since Time Capsule doesn’t support RAID. I find security tools perform significantly better when run natively.

For security testing, I mostly use Burp (including plugins such as CO2) because of its flexibility and power. I use sqlmap to confirm the existence of SQLi vulnerabilities found manually through Burp Repeater, or automatically with Burp Scanner. Is it actually possible to gain access to the DBMS or is this just a SQL error rather than SQLi? I also find sqlmap useful in assessing the impact of SQLi vulnerabilities. Do we only have SELECT permissions, or can we also UPDATE tables? How about databases we have gained access to? Are they only a select few containing public data, or can we instead access all databases on the DBMS, including those where PII or payment data are stored? sqlmap is great to answer such questions.

If the target site is based on WordPress, running WPScan is a must, as generic vulnerability scanners such as Nessus and Qualys are quite poor at identifying more obscure CMS-specific vulnerabilities.

I also use SoapUI when testing SOAP services, mostly to create template requests which I then proxy to Burp for actual testing. I also use Oxygen to perform manual security reviews of XML schemas such as XSD.

Similarly to Jan Fry, I find SWFScan incredibly fruitful, despite it having been unmaintained for years.

When something more customized is required to identify or demonstrate the presence of a vulnerability, I tend to resort to writing scripts in bash and PHP (executed on the command line, using the ‘php –r’ flag). I also sometimes write in python. I must say I’m pretty terrible at python but I enjoy how elegant the code is because one is “forced” to indent code blocks.

When testing thick clients, I use the usual suspects such as Echo Mirage, DARKER’s Enabler, Sysinternals Suite, JD-GUI, jad, JavaSnoop, Wireshark, and BinScope.

Build security reviews would be way more time consuming if it weren’t for SureCheck.

While there are other security testing tools I use, I would say the aforementioned are the ones I use most.

In terms of privacy protection, NoScript for Firefox, and AdBlock and Ghostery for Safari are must-have extensions and plugins, respectively. When using public hotspots, I use a home-grown Automator application that changes OS X’s proxy settings to use SOCKS over SSH using public key authentication. I have a shortcut for this application on my dock. As soon as I click it I have my poor man’s VPN up and running without entering any passwords since I’m using a passphrase-less private key to connect to the SSH endpoint. The endpoint is just an Ubuntu Server VPS with no sensitive data stored on it, nor superfluous daemons.

What would be my dream setup?

To be honest, because I move fairly often, I’m really pleased with my current setup as it’s so mobile. Whenever I need access to servers, I simply enrol in a new VPS subscription. That being said, creating a serious password-cracking ‘station’ has been a dream of mine for a while. I’ve always been a bit obsessed with password cracking for some reason. The main reason I have not taken on such project yet is because I perceive anything heavy and voluminous as more junk that will only make my next move more miserable.

da_667

Who am I? What do I do?

My name is Tony Robinson. On the twitters and the infosec community I’m known as da_667. I’m a Senior Security Analyst at a rather large company. At the end of the day, I manage the IDS for the company’s corporate data network and interface with monitoring, incident response and forensics frequently.

My focus is in packet analysis, IDS and NSM in general, but also like to do malware analysis whenever I’m given something fun to play with.

What hardware do you use? And what Software?

A lot of my heavy lifting I do at home. I have a Whitebox supermicro server I built as my multi-purpose VM lab. I’ve named her Valhalla. She handles everything I throw at her.

Hardware Specs:

  • 32GB ram
  • 2x1TB HDD (no raid 0 because VMWare lied to me and told me the controller was supported. Well, maybe for JBOD, but not for RAID arrays :( )
  • 1x128GB SSD (for caching VM data, etc.)
  • 1 Intel Xeon Processors (3ghz, 4 cores w/hyperthreading)

Software - VMware ESX 5.1 running:

You might be wondering why I run two PF Sense firewalls and it’s not for CARP/HA. One firewall is segmentation from my physical home network to the virtual networks, while a second is an Extremely strict firewall to my “containment lab”, which contains VMs hosting malware analysis tools that I use for malware analysis and detonation/observation.

In addition to this, I have a gaming desktop running Win7 to run vSphere client and mremoteng to manage all these things. I also have a Macbook from my workplace for doing heavy lifting while I’m on the go:

  • 768 GB SSD
  • 16GB RAM
  • Core i7 (quad core w/ hyperthreading)
  • Running OSX and VMWare Fusion with another huge array of VMs.

What would be my dream setup?

Well, I’d love a VM server that had a supported RAID controller. At which point, I’d probably drop 2x 128GB SSDs in the box for a RAID 1, and 2x 2TB platter drives for a storage array in RAID 1. Mo’ RAID means Mo’ uptime.

Is there anything I do to streamline my workflow?

For my VM lab at home, I manage my VMs from a Windows box with vanilla vSphere client, and a special piece of software called “mremoteng”. This software has been the single best thing for managing multiple VMs I could have ever asked for. Support for RDP, ICA, Telnet, SSH, tabbed sessions, multiple sessions, and full session configuration for Telnet/SSH via PuTTY sessions (this means support for private keys via putty’s key management tools, etc.). If you manage a large mix of virtual machines on ESX, use mremoteng, it’s friggin awesome.

The other bit of general advice I can recommend: a lot of my testing VMs need to be rebooted frequently. Maintain good snapshots, ensure you have an NTP server configured, and EVERY time you revert a Linux VM, stop the ntp service, run ntpdate to sync to your ntp server, then restart ntp. You’ll thank me later. Some things act VERY odd if the date/time on the VM is too far out of sync. Alternatively I think there are options to sync your VMs to the system’s time.

Is there anything you want to plug?

If you need a quick way to set up a Snort IDS sensor for a wide variety of Linux distributions, consider using my pet project autosnort :)

Would like to give a shout-out to my local hackerspace Unallocated Space and thank “The Security Setup” twitter account for the opportunity to talk about my setup :)

Raaka

Who are you, and what do you do?

I am Raaka aka Ravi Kiran, I am an information security engineer for a small company in Hyderabad, India and I am the creator of HackerStrip.

I mostly deal with IDS, Linux hardening, Hypervisors, OpenStack and vulnerability analysis.

I spend lot of time reading security blogs, comics watching Animal Planet, also I am a long distance runner.

I currently live in Indonesia where the Internet is pretty bad.

What hardware do you use?

My everyday machine is a MacBook Pro 13inch 2014 model. I also have a Mac Mini 2014 which runs Open Stack on it and an Intel NUC with connectify.me and Bit Torrent.

And what software?

Most regularly I use IDA Pro, OpenStack, VMWare and VirtualBox, Adobe Photoshop for creating HackerStrip, Wireshark, T-shark and good old Nmap.

What would be your dream setup?

Like a few guests, I like a portable setup. From the technology that is available now, I really like the look of the Razor Blade 14inch and the high-end Mac Pro 2014 with XEON and 32gb RAM :).

Editor’s Note…

Check out Raaka’s awesome HackerStrip website and if you like what you see, please go and support his IndieGogo Campaign.

Alex

Who are you, and what do you do?

My name is Alex and I am a social engineer and pentester. Our main services are web app, VPN and WLAN pentesting, social engineering workshops, live hacking and cybersecurity checks. Besides that I am also working on a few different online companies, but these are right now in the startup phase.

What hardware do you use?

I don’t use much hardware at all. In my office I use an old AMD 1090T with a 128GB SSD for my OS and a Samsung 750GB HDD just to store some data. A normal keyboard from a local store for under 10$ and a Logitech mouse. I also have a Cyborg R.A.T 5 but I don’t use it very often, I just bought it a few years ago for gaming on my laptop. The office computer also has 8GB of RAM with is more than enough for what I use it. Overall I just do research on this machine in combination with a 22” Samsung monitor.

My laptop is an ASUS with Intel Core i7, 8GB RAM and 1TB hdd I just bought it like that in the store and I am very happy with it. Nothing special about it.

For backup I use 3 different 2TB external HDDs. So I will backup on HDD 1 on Friday, the next week on HDD 2 and so on…. important files are also saved in the cloud, encrypted with Boxcryptor.

I also have 2 tablets, a Google Nexus 7 and Samsung Tab 3 but those are just for surfing the web and looking up infos when I am not in the office.

For a phone I use a Samsung Galaxy S4 and Xcover 2.

And what software?

On my office computer I run Elementary OS with just the default tools. My main tool there is my browser which right now is Firefox and Thunderbird to handle a few mail accounts.

Some Addons I use are: NoScript, LastPass (to handle all my passwords), Adblock, HTTPS Everywhere and a Download Manager.

The host OS on the laptop is Win 8.1 with just a few tools like Microsoft Office Suite and VirtualBox. Other useful tools are:

  1. Samurai WTF (VM)
  2. Kali (VM)
  3. Mantra Browser
  4. Tweetdeck
  5. Notepad ++
  6. BoxCryptor

I also use mega.co.nz to store some data which I need to access at any time.

What would be your dream setup?

I looked at a few different laptops and tried them but nothing was as good as I wanted it to be, but ideally I would want:

  1. Microsoft Surface Pro 3 which 1TB flash storage, 16gb RAM and a quad-core processor
  2. 2x 27” LED monitor
  3. Keyboard and mouse
  4. 3 x 3TB SSD Drives
  5. Surface Pro 3 Docking Station
  6. Samsung S5
  7. 5x USB 3 Sticks with 32GB