H D Moore

Who are you, and what do you do?

My name is H D Moore (since the day I was born, it doesn’t stand for anything). I am a security researcher and the chief research officer for Rapid7. Some folks may be familiar with my work on Metasploit, but these days I also spend a lot of time scanning the internet as part of Project Sonar. My servers send friendly greetings to your servers at least once a week. Howdy!

What hardware & operating systems do you use?

Lots. My normal workload involves crunching a billion records at a time, running a dozen different operating systems, and still handling corporate stuff via Outlook and PowerPoint. As of 2009, I finally made the switch to Windows as my primary OS after being a die-hard Linux user since 1995. That doesn’t mean that I use Windows itself all that much, but I find it to be a useful environment to run virtual machines and access the rest of my hardware with SSH and X11. The tipping point was the need to quickly respond to corporate email and edit Office documents without using a dedicated virtual machine or mangling the contents in the process. The second benefit to using Windows is on the laptop front; Suspend, resume, and full hardware support don’t involve weeks of tuning just to have a portable machine. Finally, I tend to play a lot of video games as well, which work best on overspecced Windows hardware. All that said, Windows as a productivity platform isn’t great, and almost all of my real work occurs in web browsers (Chrome), virtual machines (VMWare for Intel/AMD64 and QEmu for RISC), and SSH-forwarded XFCE4 tabbed-terminals.

The laptop I currently use started life as a banged up ASUS ROG G750 (17”) bought as the display model from a Best Buy. The drives, video card, and memory were swapped out bringing the total specs up to 32Gb RAM, a 512Gb SSD boot disk, a 1Tb backup disk, and a GeForce GTX 770 GPU. This runs the most loathed operating system of all, Windows 8.1 (Update 1) Enterprise, but it has a huge screen, was relatively cheap, and can run my development virtual machines without falling over. It also runs Borderlands2 and Skyrim at maximum settings, critical features for any mobile system. Given that the total cost was under $1,500, it is a great machine for working on the road and blocking automatic weapons fire (as its weighs about 20 Lbs with accessories). I carry this beast around in a converted ammunition bag, sans the grenade pouches.

On the non-portable front, I tend to make Frankenstein monsters by taking HP workstations with bare specifications and then gutting and replacing most of the components. Their 8XX-series workstation chassis are tool-less, support CPU water-cooling, and generally make hardware swaps a breeze. HP’s component prices are astronomically high and I usually source those elsewhere for my builds.

My primary desktop is a HP Z420 with a single Xeon E5-1620 (watercooled), 64Gb of RAM, and 2 x 256Gb SSDs in RAID-0 as a boot disk, with a 4Tb backup drive. I use 3 x 24” IPS LP2475w monitors in a vertical + horizontal + vertical configuration, which matches my typical workflow of an open web browser, a productivity screen (terminal, documents, etc), and another screen dedicated to email and IRC (stacked vertically). Vertical monitor orientations are highly underrated, especially for reading and writing large amounts of content or code. A Nvidia Titan drives these displays and runs oclHashCat and cudaminer for DogeCoin on occasion. This box runs Windows 8 Enterprise most of the time, but I boot into alternative environments as needed. My network connection from this desktop is 2 x 1GbE bonded connection to a “prosumer” switch that connects the rest of my servers. I use a Cherry “clear” switch clacky keyboard (the WASD) most of the time and my original Model-M when I need some ear-splitting noise to emphasize intent (eg. when writing advisories with great anger and furious vengeance).

Most of my archival data storage is handled by a Synology NAS with 12 x 3Tb disks. This also uses a bonded 1GbE pair to the primary switch. The data stored on this system isn’t particularly sensitive (rainbow tables, huge archives of public content, research datasets, etc), but I wouldn’t recommend this platform from a security perspective. Synology tends to be slow to patch and often has bone-headed security issues in their OS builds (enabling the VPN used to enable a backdoor root account).

My data processing, development, and password crunching all runs on a mismatched pair of HP workstations.

The first machine is a HP Z800 with dual Xeon X5690s (watercooled) and 96Gb of ECC RAM. Storage is all over the map, with an Adaptec RAID card, and two RAID-1 volumes (2x2Tb, 2x3Tb), and a RAID-6 volume (4x3Tb). There is also an 8-bay eSATA chassis connected and I use this to hot-swap datasets and generally make copies and backups of whatever I am working on at the moment. Occasionally I stuff the eSATA bay with SSDs when I am working with a system that needs fast random data access but doesn’t fit into RAM. This box runs Ubuntu and handles most of my day-to-day development. I keep a mini-clone of this system as a virtual machine for my desktop and my laptop. The desktop environment is XFCE4, but I primarily interact with it using X11-over-SSH. Network connectivity is also bonded 2 x 1GbE.

The second machine is a HP Z820 with dual Xeon E5-2687Ws (also watercooled) and 200Gb of ECC RAM. This box has 4x3Tb disks, partitioned into RAID-1 for boot and root and RAID-0 for data access. Using relatively slow drives, the RAID-0 data partition still yields about 600M/s read speeds (sequential), which works really well for large-scale data processing. Between the two CPUs, this machine has 32 hardware threads, and I try to keep the load pegged at 30+ by using it for data mining, password cracking, and various other research tasks. The great thing about having 200Gb of RAM is that even for large processing jobs, code optimization is rarely needed to get the results you need in a usable timeframe. I use this system to prototype analysis tools before actually having to care how well they perform. This box also has a pair of Nvidia GTX580 GPUs for CUDA work and supporting password cracking and mining efforts. Just like the previous system, connectivity is bonded 2 x 1GbE, and it runs Ubuntu as well.

My router runs Ubuntu on an Intel NUC (v2 i5) from a plain old SSD. My home network is split up by VLAN to isolate my wireless and target environments from my work systems. This router connects to a trunk port on my main switch, which VLAN tags traffic from each of ports, including my two internet links. The primary link is a 1Gbit/1Gbit from AT&T and this falls back to a 10Mbit/1Mbit cable link whenever a butterfly flaps its wings in China and the AT&T connection dies. Once Google finishes their Austin rollout, I plan to move to dual Gbit and use some fancy routing policies to load balance these connections and handle upstream failures.

On the furniture side, I use a powered desk that can be raised and lowered, and managed to source an elliptical office chair before Skymall started selling it for four times the manufacturer’s price. I still spend most of my time sitting, but at least I can get my brain moving on a slow day by pedaling along. I tend to dismantle and rip the piezo speakers out of anything near my working area and put stickers over anything that is blinky. I have enough dislike for random blinky and beepy things and that I tend to go medieval on devices when rectifying a distraction.

Outside of production systems, my office is piled high with random ICS, SCADA, and consumer networking devices, many in various status of disassembly. I have a working area for current targets and a “plastic bins of crap” management system for the rest of it. Complimenting this is a shelf full of diagnostic and debugging toys, ranging from JTAG adapters to a milspec thermal camera. I keep DeconGel and other industrial cleaning agents around for when projects go wrong (bits of broken lead solder from older gear, etc). Nearly everything in my office was sourced from and will return to the junk-hacking scrap heap that is eBay (or my local Goodwill, depending if it is useful to regular people). The weirdest functional systems in my office include a working Tadpole tablet running VxWorks 5.5 and a Tru64 system running on a “blue board” DEC Alpha AXP that has manual wire patches to fix its CPU socket.

I tend to use GPE-compatible Android mobile phones with S-Off (for +1 nerd points) and generally break them every 3-6 months, possibly as an excuse to buy the next one. I keep a bin of dead mobile devices around as target practice for Metasploit modules. A large portion of my life is dedicated to memorizing and entering 6-digit MFA codes for a couple dozen applications, something my current phone (a Nexus 5) does a reasonable job of assisting with.

And what software?

I use Chrome as a my primary browser and spend a lot time staring at Pidgin, Skype, Google Hangouts, Outlook, and the rest of Microsoft Office. In terms of getting actual work done, I live in either Sublime Text 3 or XFCE4’s Terminal and VIM. Standard tools include RVM, Ruby, VMWare, QEmu, IDA Pro, and the security triad of Wireshark, Nmap, and Metasploit. Password cracking is still John the Ripper (–fork=32 ftw) for most things and oclHashCat as needed. My shell is **still **Bash (damn you Zsh hipsters, get off my lawn!). Git and Github are invaluable for not just managing code, but tracking projects via Wikis, and generally managing the research process. For data analysis, I love the GNU utilities (sort –parallel -V -S 128, egrep, wc -l, parallel, xargs, etc) along with a couple tools built at work, such as a DAP and Recog.

In my free time, I spend way too many hours playing games that could be most generously described as monkey traps for nerds (MMOs, horribly complex and unforgiving RPGs, etc). If am looking for something that requires less math to play, it tends to be UT2004, Quake3, or Goat Simulator (yes, it’s a thing, imagine Tony Hawk as an invincible goat, without a skateboard, played by a drunk five year-old). That tends to be it from a software standpoint. There are other tools that I pick up for specific jobs, but I like writing my own tools, and anything I have to do at least twice ends up being a Metasploit module at some point.

What would be your dream setup?

I pine for a dual-OS environment that didn’t require compromises on performance or security. I would love to be able to have a locked-down Windows install for work, another for video games, and a Linux desktop for everything else, all tied to the same keyboard, mouse, and displays. I tried solving this in the past through a hodgepodge of virtualization, KVMs, and software tools like (the probably still buggy) Synergy2, but nothing that exists today matches my requirements. There are hardware solutions that get close, but they sacrifice basic things like copy and paste to get there. PCI passthrough still doesn’t cover the gaming uses cases for GPUs properly. If I had one wish, it would be solving the dual/triple environment problem. In a perfect world, something like Qubes OS would enable PCI-passthrough on GPUs and make a complex, multiple operating system environment secure and performant.

On the laptop front, I would love for someone to emulate the now-defunct Sony Vaio Z series laptops, but deliver a coder-friendly keyboard and a Linux-friendly hardware configuration. The “chiclet” keyboard of the Vaio Z2 made me want to HULK SMASH trying to write out anything significantly complex. My hands look like they belong to a rejected claymation model, so tiny keys don’t work so well. The Eurocom Xeon “laptops” look nice, but given enough network connectivity, I can always rely on cloud and home-hosted servers for when I need a lot of processing power, and I don’t necessarily need a high-cardio workout just to move my laptop through an airport.

Server-wise, RAM is relatively cheap, but servers that are quiet and have ridiculous numbers of DIMM slots are far between. The perfect server has 1Tb of RAM to use as a working memory and a 10Tb+ of SSDs for storage and snapshotting. CPUs are basically “fast enough” given a parallel-friendly load, but a quad-Xeon with 20 cores per CPU (like the E7-8870) could definitely improve my workflow. Doing all of that on a budget is definitely a challenge and even clustering smaller systems tends to get expensive on one axis or another (energy, heat, repairs, etc).

Regarding mobile devices, I am pretty happy with how fast the industry is moving, although I wish AOSP and other pure open source efforts would pick up more mindshare. The amount of data leakage on mobile devices is just frightening and there are very few things the average consumer can do to reduce these leaks without giving up on modern conveniences. Phones are finally fast enough that you can do interesting things with them, but I still miss tactile keyboards, and most mobile devices are really designed for consumers of content, not creators. My perfect phone would run a quad-core CPU at 2Ghz, have a slide-out keyboard, have 4Gb of RAM, support dual-SIM, and provide at least two SD card slots along the edge for easy data management. For a cherry on top, the baseband and operating system would be open source, easy to audit, and make it simple to prevent data leakage from untrusted applications. As Microsoft seems to have figured out with Windows 10, people want their mobile devices to be useful computers, and not their computers to act like brain-dead mobile devices.

In terms of furniture, I tend to change my setup pretty often, or at least adjust my desk height, and swap between standing, sitting, and pedaling the elliptical while I work. I wish there was a curved 80” monitor and software to handle the mapping properly, while still allowing unique sections of the display (tiled or otherwise) to be dedicated to an application. I spent a lot of time moving windows around and trying to optimize my workflow across three monitors. I couldn’t do it with a single monitor without significant help on the software side (ratbox for Windows or the equivalent). Maybe VR headsets will eventually be a viable option, but they still have a long way to go on the resolution front.

Uri

Who are you, and what do you do?

My name is Uri and I am a red teamer. I run a red team and I am one of the writers at redteams.net. I specialize is the more hands-on and offensive parts of information security: covert digital direct action, disruptive digital warfare and digital special reconnaissance.

What hardware do you use?

Well, my job makes me spend a lot of time on the road and on the field, so mobility is crucial for me. However I still have an office where I need to have access to a lot of data.

When I’m in my office I use a 2013 iMac 21 for most of my work. I also have an Apple Thunderbolt Display for my main road laptop, a 2013 MacBook Air 11 with 64gb storage.

Information is being stored on several WD network drives where we have configured them to serve files on a wireless network using Apple Airport Extreme.

When I am on the road I use most of the time my MacBook Air 11, however some projects I can go with only the iPad Mini. These are usually quick recon projects or wardriving. The extra storage is handled by a couple of tough LaCie’s Thunderbolt drives.

For a phone I use both an iPhone 5s and an iPhone 6.

And, let’s not forget: a Field Notes notebook and a SureFire Pen II. Sometimes that’s all you need.

And what software?

I’m a very minimalist software guy so I try to stick with the default OS tools. Main OS is the Mac OS X and iOS. However, I have a VM running Kali Linux for the penetration tests tools.

Some of the non-standard tools I use are: Notational Velocity for note taking, DropBox for some backup, 1Password for password management and Xcode/GCC for code writing. Most of the tools are configured in a way that I can access the data on all my devices, either by using iCloud or by using DropBox.

I do have a lot of small, single purpose tools that I wrote myself. I started as a software developer and I still enjoy hacking some good code when I need to. That has left me with a lot of small tools that, true to the Unix way, can interact with each other. Mostly command line, since I live in the command line a lot.

What would be your dream setup?

I’m very happy with my current setup, but ideally I would want:

  • an 11-inch MacBook Ai with 1TB flash storage, 16Gb RAM, quad-core processor
  • Apple Thunderbolt Display
  • Keyboad + Trackpad
  • 2x 2TB SSD drives
  • Harman Kardon SoundSticks III 2.1 Channel Sound System
  • iPhone

Once I have this, I would get rid of the iMac, iPad and pretty much just be mobile most of the time and plug the MacBook Air in when I am in the office. I just need the MacBook Air to become a little more powerful than it is today and I am doing it, simple.

Editor’s Note…

If you are interested in becoming a red teamer, go check out the Red Teams blog, it’s a fantastic resource with a wealth of information, including tips on getting started as a red teamer and recommended books to read. Be warned though, if you visit the site often enough, whether or not you are a red teamer, you may end up wanting to buy a GoRuck… as I did… And it’s awesome.

Daniel Miessler

Who are you, and what do you do?

My name is Daniel Miessler, and I am an information security specialist and writer based out of San Francisco.

What hardware do you use?

I have a Bretford Liquid Workstation desk, which I purchased in 2003, and a Herman Miller chair I got at the same time.

I run a 2012 Macbook Pro as my main workstation at home with two Thunderbolt displays combined with the built-in display, and I take it with me as my laptop when I’m mobile.

For my home servers I have two high-end HP Workstations running ESXi and HyperV. On these systems I have a combined 152GB of memory and 44 functional cores, which I use to run a few different firewalls, multiple Linux servers, and a whole ecosystem of Windows boxes - including a 2012 domain with three DCs - plus whatever seems interesting at any given moment.

For internet servers I use Linode.

For my mobile phone I’m using an iPhone 6 Plus. I’ve been on iPhone since 2007 when the first one launched.

My internet is through Webpass, which provides bi-directional 100Mbit connections for $38/month. Very pleased with them.

I also use an AppleTV as my home media system, but it only gets turned on every few weeks. I’m using it mostly to rewatch Dr. Who.

I use a Synology NAS for local file storage, and I have a couple of WS-C3560C Cisco switches for networking.

And what software?

For OS I use OS X as my main operating system at home, and I have converted over to CentOS for all of my Linux use. Here’s the rest of my web stack.

I use a combination of Apple Notes and Reminders as my note taking system, and I am always with blank 3x5 index cards and a space pen to help me organize my thoughts in the vein of GTD.

My main apps on my Mac are CS6 for most photo-related work, VMware Fusion for running Windows 8.

I use Droplr for file sharing, which allows you to take screenshots, send files, and share all manner of things through custom URLs off of my site. Be sure to enable the more secure URLs, though. : )

I also use and recommend Fl.ux, which sets the display temperature of your displays based on ambient light and time of day.

What would be your dream setup?

My long-term dream setup is fairly ambitious, and involves using a single integrated platform for everything. Storage would be both locally available and globally backed up in the cloud, and it would be seamlessly available from any system I was properly authenticated to. And when I disjoined that system from my ecosystem, all data on that system would be destroyed.

But that’s a ways off. A more current and attainable configuration would be something like the following:

  • Latest 15” MacBook Pro (refreshed every two years)
  • Three (3) Apple 4K Monitors at around 40” per (when they come out)
  • A 70” 4K Apple TV (when it comes out)
  • An 8-bay Synology NAS with 8 4TB drives (32TB)
  • Google Fiber giving 1 Gbit/second symmetrically
  • A regular sync of my NAS backups to the cloud for fault tolerance
  • The ability to host my site at home in my own DMZ instead of with Linode. Home internet connections just aren’t built for that yet

Ultimately I’m pretty happy with my current configuration, but I’m looking forward to coming improvements.

Editor’s Note…

I highly recommend checking out Daniel’s website, he’s a prolific blogger and has some excellent study or “primer” pages where he goes into depth on a given subject. Lots of great information for InfoSec professionals. I have also found his SecLists project to be incredibly useful during security assessments.