Certification finished but the journey has just begun

So Tuesday I sat my Certified Ethical Hacker exam after about three months of study.  I felt well prepared but was surprised about how easy the exam really was.  I sat down and started the exam at 0930 and by 1010 I had my passing score.  I think the key to success was several thing:  1)  creating a lab and actually playing with the tools every night.  This was by far the most fun part of studying for the exam.  I used Virtualbox as my virtualization platform on my laptop.  I then created a couple of virtual machines.  Kali Linux was my pen testing suite of choice.  Most of the tools covered in the exam were on this distribution.  Though I did go and download the Nessus Vulnerability scanner to play around with on top of the Kali distro.  I then downloaded a vulnerable Metasploitable ISO image and created a Windows XP virtual machine to hack apart.  I used a few books to study and learn from that I downloaded to my Kindle.  The Basics of Hacking and Penetration Testing by Patrick Engebretson was a nice, easy introduction to the tools.  The CEH Certified Ethical Hacker All-in-One Exam Guide and CEH Certified Ethical Hacker Practice Exams both by Matt Walker proved to be good guides to the test and were easy reads as well.  That's pretty much it.  And several hours dedicated to studying and playing with the tools every day.  In the end, I feel better for having done it.  Do I feel like a hacking genius?  No, I feel like I've just opened the door to a much wider body of knowledge and my journey into bettering myself as a security professional has just begun.  To that end, I've continued my studies every night, playing with the tools and looking at hacking methodologies to better understand how to defend against them.  I know that was brief and I don't want to downplay the sheer amount of time I dedicated to study and practice.  However, if you use the tools I've outlined here and dedicate time for study, it is not an insurmountable challenge.  Good luck!    

Linux from Scratch Take 2

OK, so I successfully was able to build a working Linux from Scratch distro with LFS 7.4 on 5 December 2013.  Yes, I marked the date as this was the first time that everything came together to enable me to fulfill this goal.  What is Linux from Scratch?  Well, the best way to understand it is to do it.  Go here to check it out.  Probably better if you roll up your sleeves and just go do it.  But in a nutshell it is building your own working Linux system from source code.  It is a really great way to see how the pieces come together to form the whole.  I first ran across the whole Linux from Scratch idea back in 2005 when I was looking for new Linux and Unix distros to play with other than Red Hat and SUSE.  Don't get me wrong, those are fine systems, but I wanted to (and still do) want to find the perfect system(s) to suit my needs and tastes.  That's what I love about Linux, it is fully open.  I can take it apart, analyze the core components from the raw source code and build it how I want and to also figure out what makes it tick.  Yeah, I was the kid that would take apart the clock radio - much to everyone's chagrin.  I was poking about Cheapbytes (I think they are no longer around - too bad I picked up lotsa cool geekery there but OSDisk seems like a nice alternative if you have to purchase copies instead of downloading an ISO off the web) looking for interesting things to try out and saw a book entitled Linux from Scratch by Gerard Beekmans.  I was intrigued - I just had to get it.  I did, but unfortunately at the time, life and other things conspired to keep me from following through on the promise that the book held.  Kids, work, illustration commissions, pets, life in general, etc. managed to take my focus away from my Linux passion and it wasn't until the Government Sequestration and the resultant furlough days that I was forced out of complacency and to a decision point. 

The long and the short of it is that I decided that it was time to come back to my passion for Linux.  I'll admit that I'm no uberLinux nerd that knows every kernel module by heart but I'm getting there.  But I digress, BACK TO THE NARRATIVE!!

So in my newly found free time, I decided to maximize my downtime and use my powers for good (or well, at least constructively).  I divided my time between art, writing, game development, programming, and Linux time.  Yeah, I managed to stay busy and it sure was nice to get some of my tech chops back.  So I pushed ahead with my long time goal of getting my OWN LFS system up and running.  I ran into a few frustrations, switched between 7.3 and 7.4 midway through, and lost the laptop I was working on when a freak lightning storm zapped our house.  However, I persisted and continued to spend my evening TV time, with my new laptop compiling source code and hacking away at my soon to be functional system.  It went smooth for the most part but I did have a few issues at the end trying to get the GRUB2 Bootloader to work and to get the system to boot up.  After almost throwing in the towel, I restarted the VM I was working in and was greeted with the console logon for Johnix (yes, I named it after me - it's my baby afterall, hehe).  I continued on with the Beyond Linux from Scratch to add more functionality to the system and had fun with that and have learned a lot along the way.  I decided that I wanted to add a package manager to try and make life easier.  After much struggle and angst over the course of about two weeks, I was successfully able to get Gentoo's Portage installed.  However, I realize at that point that my once clean and relatively unencumbered system had become a bit cludgy. 

So now here I am, time to go for another pass.  This time with some stated design goals other than just to get a working system.  At the top of the list is to actually document my progress.  Right here on my blog.  Second, I want a smaller host system so that I can wean off of that to the LF system and actually create a Liveboot version of Johnix.  Third, Johnix will be a lightweight system that will be a launch platform for different things.  First on the list is to build in some security tools (lik Kali or Blackbox) but only the ones I use on a regular basis like Nessus, Metasploit, Nmap, etc.  I also want to port it to Raspberry Pi and the ARM architecture to build a lightweight clustered environment leveraging the low cost and small footprint platform.  And I'm sure these things will change a bit as I go.  But the last two design goals will be immutable - to Have Fun and Learn a Lot.  Maybe you will too.

Ciao for now!

Welcome to FooFaLoop!

Welcome to the inaugural blog post on my new Tech blog FooFaLoop.  So being the inaugural post, this will be decidedly non-techie and an intro as to the nature and scope of what this is all about.  Some of you might have come here and know me for my Old School Gaming fantasy art and advocacy in the so called “OSR”.  Whilst this blog might from time to time cross over with my other blog Ostensible Cat, I intend to keep them quite distinct.    But like Ostensible Cat, the whole point of FooFaLoop is to talk about my child-like glee about things tech. 

As a professional IT Security Manager, I spend much of my time analyzing minutiae, developing policy, analyzing risk, assessing compliance, discussing threats, etc.  While that is part of what I love, it’s not necessarily what I’ll be covering here.  This will be more on the stuff that I like to delve into on my own time.  I have a degree in C++ programming that I’ve let sit fallow for far too long.  One of the major reasons I got a degree in programming as opposed to say, IT Security, is because I truly believe that to be an effective IT Professional you need to have as many tools in your tool belt as possible – even if it might not seem that it directly relates to the job you currently find yourself in at the moment. 

So there was that, but I also have a deep love for Linux.  Something I’ve been fostering since about 1997 or so when I was working as a tech for a large chain store.  I found the whole concept of an “alternative operating system” intriguing.  The more I learned, the more in love I fell with the idea of Linux – even if the reality of it frustrated me to no end.  I picked up a boxed copy of Red Hat and took it home.  Computers were fairly expensive back then, so I was afraid to try it out and screw up my Windows 95 box with its fabulous AOL dial-up.  If you get the idea that I liked Tech but was not steeped in the arcane nature of it, then you’d not be too far off.  I had worked on computers in the Air Force, but when it came to my home system, I was afraid to tinker with it too much.  Mostly because at the time I had to take out a loan just to buy it in the first place.  However, I did pick up another hard drive and decided to give Linux a spin.  That began an on again off again tryst with various flavors of Linux.  I’d install it and be excited about it but then my interest would shift to other things.  But I’d always seem to find myself coming back.  It just seemed too darned interesting.  But then all of my professional jobs were squarely in the MS camp so Linux was little more than a toy for me. 

Now with the advent of cheap commodity computers such as Raspberry Pi or even my new laptop which cost about 5 times less than my original desktop that I bought back in 1995 along with Open Source and easy to use virtualization tools such as Oracle’s Virtualbox software; anyone can do some pretty cool stuff all whilst sitting on their couch catching up with their favorite show.  A whole Linux network virtualized inside of a laptop to include hacking in security tools – yep, you can do that.  Building a data cluster with computers the size of a deck of playing cards – yep, sign me up.  Teaching my nine and six year old children programming skills instead of playing console games – I’m sold.  All for less than $1000 for everything I’ve just mentioned – Great!  And most of the stuff is free – I’m so there. 

So, that’s what this is all about.  Not about any alpha geek chest thumping; not some from the mountaintop proclamations of tech superiority.  No, just some things I find of interest and want to write about.  And probably all the warts and missteps I take along the way.  I mean, no one is perfect and until you make some mistakes, you won’t ever become a better tech geek (or well anything for that matter).  So forgive me if I come across as a n00b with my enthusiasms and silly hair brained ideas and attendant mistakes.  Learn, smile at some of the foolishness and take away from all of this what you will.

Now on to important matters.  What’s up with FooFaLoop?  Why that name?  Or why the name Ostensible Cat even?  Believe it or not there is a reason for these blog names and they are both related.  You see, I live in Italy and rent a house in the hills.  My wife and I had thought about getting pets, but our landlords (lovely people – they have become our “Italian family”) already had pets and weren’t keen on indoor pets.  One of the cats named Micha (“that is essentially “pussy cat” in Italian) would come over to snooze, eat, and just laze around.  However, she is not all that warm and cuddly.  In fact, just try to pet her and you’ll probably pull back a bloody stump.  Something of a demon cat.  So when I was thinking of some characters for a super hero type plot line I was fantasizing about, the name Ostensible Cat just popped into my head.  The supers story never went anywhere (at least not yet) but I really liked the name and wanted to do something with it.  So, when I found that I should probably have a blog for my fantasy gaming art and writing, I thought about the demon cat and the name Ostensible Cat.  If you notice the Ostensible Cat logo is a cat with the moon casting its shadow and that the shadow is that of a demon and not a cat.  Now you know where the whole Ostensible Cat thing comes from.  How did it get associated with my blog?  Dunno – just liked the name and the image and it has stuck.

What in the world does that have to do with FooFaLoop?  The same landlords have a dog named Fufi – who is very exuberant and his whole body wriggles when he greets you.  I like to play on names and started calling him Foofaloop – it just seemed to fit with his wriggling.  When I decided to start a tech blog about the things I was up to with my technical projects, I wanted a similarly oddball name that reflected the sort of playful nature of what I wanted to do.  I also wanted something a little clever and perhaps tied to my other blog if possible.  Clever – well, I thought so – a little anyway.  Foo is a common term for a generic program, function, command or other tech concept that you are trying to implement (kinds the John Doe of tech speak).  Loops are a common programming concept.  Fa is often the sound made when you screw something up.  If you look at the image at the header of this blog, it is an endless loop Foo that prints Fa (in Python) – so FooFaLoop.  And it ties into my real life pets.  And thus both blogs are tangentially related.  And thus my geek passions roll along.  Clever huh?  Well, maybe not, but hey, I gotta give myself some accolades from time to time.  It’s a cold cruel world out there so you have to give yourself a little pat on the back every now and then.

Whew, that’s a lot of words up there.  When all I really wanted to say is hi, my name is John, I’m a geek and I love this stuff.  I hope you do too!