This Side of Paradise

So, after more than 6 years, I finally retired my research laptop - ‘Arena’. This was literally an arena for me as a test lab and was the start of a long and frustrating road to learn many things. Over the last 1.5 years, I started thinking of replacing this with something that matched my current requirements: something with thunderbolt - the one cable connectivity to a monitor is just too awesome. traditional laptop form factor - A good amount of usage currently is without the use of a table/chair, and with me sitting on the ground sometimes. The surface was impossible to use when not seated on a table. a better display - the surface display was smaller, reflective, and (OMG) the bezels! better computing horsepower - needed a much better CPU than a ‘U’ series processor and a lot more than 16 GB RAM. Repairability - I tend to keep these devices for a long time (definitely more than 6 years), so the ability to perform repairs and upgrades is very important. Impossible to do on the Surface. With that said, the choices boiled down to a few contenders:

Of late, I have been working on immersive labs for quite some time, and I’ve managed to complete around 60 odd challenges (With a few more in progress). Since the challenges are not retired, I cannot publish solutions to the challenges on the public internet - hence, I’m creating this index page to list down the interesting challenges I’ve completed. Each of the entry below has a corresponding blog post that has not been published. I’ll publish it when the challenge gets retired.

Flare-on is a premier windows based reverse engineering CTF that has been running for 10 years now. I’ve attempted the challenge every year and I’ve not been able to go past the first challenge (which is usually a warm-up that takes about 15-20 min to solve). However, that changed this year, when I solved two (yes TWO! 😁) challenges. By the time I reached the third challenge, I had read enough about it from people who had solved it that it was way above my skill levels at this point of time. So, I’m officially throwing the towel for this year. Hopefully, I will be able to get beyond the second challenge next year.

So, LastPass posted a blog post last night with further details on the breach that occurred in Aug 2022. It’s a lot worse than what was thought. To summarise: “Some source code and technical information” was stolen from a development environment. We should assume at this point that the threat actor has access to the entire code base. The above information was used to social engineer a developer to obtain credentials and keys to access their cloud based backup storage (presumably an S3 bucket?) The threat actor was able to use this information to obtain basic customer information and unencrypted metadata. This includes names, billing addresses, mobile numbers and the IP addresses that were used to access the LastPass service. The entire customer data was copied as well - this included unencrypted data like website names and encrypted data (thankfully) like user names and passwords. The blog later on goes on to talk about the encryption used etc, which is probably of no consequence to the end user - rather it gives you a false sense of security that everything might not be as bad as it seems. But I disagree. lets recap the information the attacker has for all customers of LastPass

I finally went and did it - I got my custom domain (www.three10.io) to host my personal website. I was in two minds, but there were a few reasons that pushed me towards hosting myself on a custom domain. I own my content - I learnt this the hard way when the site hosting my first blog (somewhere in 2003 / 2004 I think) shuttered down. I had absolutely no backups, and everything I wrote was pretty much gone. I re-started the blog in 2007 on Google Blogs (a.k.a Blogger), but the fear of losing content was always looming. So, a few years back, I jumped on to GitLab pages and static site generation. Now, All of my pages / content reside on my device, synced to GitLab via Git (what else :D). I don’t have any fear of losing content now. Building out my brand - I’ve had the “310” moniker for a while now, across the web, so it made sense to build out a custom site name for myself that was an extension of my presence online. I could have gone for a more pedestrian “.net” TLD, but the “.io” TLD was too cool (and I paid a premium). I’m hoping this becomes more useful going forward. A more professional online presence - Right now, the top level URL points directly to the blog, but I will be pushing out updates frequently to build this out into a proper website. I have also nailed down the workflows to post content from pretty much all devices I own (including my phone), so updates to the blog should be regular. If you’ve stopped by to read (now, or anytime in the past), thank you for the support - please spread the content if you find it useful.

Nullcon is probably the oldest security conference happening in India - The first memories I have of it are writing a paper / presentation for the 2014 CFP, way back in late 2013. However, its another story that I didn’t send it out. When I joined my current company in early 2014, I saw that they were sending people to the training sessions - I got kicked out of the list in the first year as I was the “new joiner”. The subsequent year, I had a team and I sent people from my team for the next 3-4 years.

I finally sold my MBP today, and it’s hard to say goodbye to my primary system that I’ve used over the last 7 years. The laptop is still in a superb condition and If only I could upgrade the internals, I would have kept it. Many fond memories with this one - I will miss you a lot. Loved the keyboard, trackpad and that touch of brushed aluminium when working on something. I guess that the only solace as of now, is that this money will go towards the new ipad. Hopefully, the experience will be as close to this as possible.

Managed to wake up early again today after a brief bout of sickness (seasonal flu), and configured / installed the new router. The home router is probably the most crucial (and the most under-rated) part of the computing environment at any home today. A good router is invisible, chugging away in the background and serving content at max speed to all of its connected clients - on the other hand, a lousy router makes its presence felt very obviously - bad Wi-Fi speeds, frequent disconnects and a generally miserable experience for the user (and even more so for the person maintaining the network).

I’ve spent a lot of time (and money of course) over computer hardware ever since I started my association with computing more than 20 years back. I’ve gone through lots of hardware, that I’m probably too old to remember (but I’ll try to write up a separate post on that sometime), but here’s what I’m using right now! Personally I use 4 devices primarily, and planning to go down to 3 with the next iteration

Testing out a small post to see if this works. If it does, then I can post, sync (via git) and update the blog on the go. This could be game changing! That’s how I started this post - and it works spectacularly. The gives me the capability to manage the blog on the go, even from my phone. This automation setup has enabled me to just focus on writing - publishing and version controlling is done automatically and I can go from writing to being live on the web in a couple of taps.