Ayoi’s

Yeap. i’m wearing a new pair of boots for my office shoes. This pair is to replace the one that has been stolen by some idiots at my house. To be honest, I am not that brand conscious kind of guy as I will wear anything that I deem comfy for me. So wifey bought for me a pair of Kenneth Cole’s boot from Reaction Series (whatever that mean). And this boot was flown all the way from New York / Texas to KL (and of cause from wifey’s “so called business connection).

Anyway thanks to wifey, I think this is the best present for this year

First of all, the picture that I’ve published on previous post.. It was taken back in 1994. When I was still young and a lil bit naive. Just 18 years old ma.. Hehehe..

Anyway past few months, I was invited to give a talk during the UiTM’s i-Hack 2008 event this coming August. I have few topics in my mind and as the majority of the audience will be students, I decided to pick on either Cyber Attack Phases: Why you need to know and Fundamental Security Requirement: The Policies. I’ve worked on the presentation slides on both of the topics and then something came up.

Continue Reading »

Spent most of my after lunch time doing my SANS GCIH Practice exam. It has 150 objective type of questions and must be completed within 4 hours. Initially I want to go through the practice exam in October or November, but then what the heck, I just want to get used with the type of questions, exam format etc so I can make appropriate notes on the subject.

Continue Reading »

not this Brute Force

This is the big question when we try to categorized this type of attacks. Whether this SSH Brute Force attack falls under reconnaissance/scanning/information gathering or already at the exploitation phase which can be categorized as Attempted Unauthorized Access. Some said it should be categorized under Reconnaissance, while others preferred it to be categorized as Attempted Unauthorized Attempt.

Continue Reading »

I think this is one of the most overlooked items when putting machines/systems/application on the wire. Perhaps when we build up as example a machine that will host web applications that will be offered to the public via internet, or for our business partner via extranet and perhaps for internal purpose only via Intranet, we might concentrate on the auditing the source code to eliminate any possible flaws, opened ports, necessary services required to run on the machine, platform harderning and many others.

Continue Reading »

Last few weeks I did a presentation on our department general work flow. I’ve prepared some presentation slides, some handouts indicates the work flow (I try my best to be as clear as possible) and everything was fine at that time. Soon afterward one of my colleagues complained that it seems that the stakeholders affected in the work flow either did not understand partially on my presentation or totally clueless on that. Hence I end up scratching my heads trying to figure out what went wrong (No wonder my CSO is having lesser hair )

Continue Reading »

Well my itchy fingers playing around the courses offered by SANS and GIAC. And then out of curiosity I just access the demo of SANS on Demand for the course 517: Cutting Edge Hacking Techniques. It is just a demo and I can see the glimpse of what the course will cover for 2 days. Basically I think it is extention of the course that I’ve taken, Hacker Techniques, Exploits and Incident Handling where IF I passed the exam, then I will be a GIAC (Global Information Assurance Certification) Certified Incident Handler -GCIH.

So this on-demand course demo let me accessed 2 sets of slides that covers 2 topics and the assessment will be done on the second topics. To be honest, the questions are not that difficult but you might failed the assessment once you DID NOT look carefully.

Oh yeah, you need an account at SANS Portal to access the demo btw.

So hopefully I will get the real certification later on

Oh yeah, while having a light drink with my colleagues discussing about the current problems that we faced and the required solutions, one of my colleagues provide one good story which IMHO enlighten our mood for the day. The story is like this.

He went for interview for a Firewall Analyst at one of the Multinational Companies here in Malaysia. During the interview, he was asked by one of the interviewers this question,

“Besides snort, can you give another example of sensor?”

Continue Reading »

I seldom post any politics related topics in this blog as I am more bipartisan type of guy plus I dun want this blog to be a political blog. But as yesterday, for the first time in Malaysian Political history, a debate session between an opposition political leader and a representative of the government on the issue of fuel hike was held. To be honest, the theme of the debate is about the promise by the opposition coalition that once they assume the federal power then the price of the fuel will be reduced on the next day.

Continue Reading »