Sean Mackert professional headshot

Sean Mackert

- Passionate about security
- Aspiring red teamer
- Seeking mentorship

3-Minute Read

Since the news of Log4shell initially broke, a few news outlets have been stoking fear about an imminent attack from a devastating worm, from the usual suspects, armed with a Log4j exploit. A month later, and we still haven’t seen it — but why? And how is it actually being used?

The attack surface that a Log4j worm would have to target is very incongruous. Systems such as web servers are easy to mass scan and Java-based web applications like Elasticsearch and VMware Horizon have already been exploited in great numbers. Scanning the entire internet for a select few vulnerable services or even blindly pray-and-spraying every found web service with a payload can be done in a day.

Writing a worm for a scannable exploit is pretty much pointless. Worms like WannaCry made use of an SMBv1 service vulnerability in Windows systems meaning that the entire network could be compromised from a single exploit. Log4j, while devastating in it’s breadth, isn’t as ubiquitous as a default Windows service and the method of exploitation for this library will vary greatly depending on its implementation.

A Log4j worm would only affect the few machines running this library and internal uses of the library would be too varied to be predictable in any meaningful way. Even the operating system would

Additionally, the skill requirement of writing a worm is much higher than scanning. Only nation-state threat actors have the skill and resources to put together an impactful worm quickly enough to be competitive with scanning and even the efficacy of this is debatable.

3-Minute Read

I’ve recently purchased the GL.iNet GL-AR750S-Ext travel router, also known as Slate, and I’m so far quite pleased with it. With this handy travel router running a custom interface over OpenWRT I was easily able to configure a plug-and-play VPN solution that allows me to connect to my network at home. Now I can watch Netflix, use remote desktop, browse the web safely, and avoid triggering security measures that may lock you out of your account while traveling abroad.

Conveniently, this travel router also includes a configurable switch on the side which allows me to quickly enable and disable the VPN connection. By configurable, I mean that this switch allows you to choose whether it toggles the OpenVPN, WireGuard, or Tor connection.

select toggle button function dropdown menu

At home I use an Asus RT-AC66U-B1, but your setup will likely be very similar. Most Asus products use similar firmware and OpenVPN support is becoming a more common feature among base model routers without splurging on enthusiast-grade hardware. The Asus RT-AC66U-B1 is an older bit of kit, and it has its quirks, but it’s still supported by Asus and runs about $110.

Warning: before enabling any web-facing features on your router, you should always manually check that you have the latest firmware installed.

4-Minute Read

Google recently launched a new ~6 month (for complete newbies) certification through Coursera called the Google IT Support Professional Certificate that’s supposed to be an equivalent to the CompTIA A+ certification. To get straight to the point, this certification won’t get taken seriously if a) Google doesn’t fix the major issues with the labs in the course, and b) probably still won’t be taken seriously because it’s a $50/month proctored online course.

That said, I threw my hat in the ring to see what’s up and here are some of my thoughts on the course.

The labs are horribly broken and support from Google is lackluster/nonexistent.

The labs use a website called QwikLabs that spawn a temporary Google username and password and an instance running on the Google Cloud Platform. There doesn’t seem to be an issue with QwikLabs themselves but with the way the Google team made the labs– they sometimes didn’t update the score properly, the directions were often contradictory/incorrect/and/or confusing, and the instances were poorly configured and took up to 10 minutes for the start up scripts to run before you could begin working. The biggest issue was that on many labs the scores never synced back with Coursera causing an incomplete grade. This was an issue for weeks after launch and the Google Mentors (as Coursera calls them) continually promised updates coming soon and even stated that they were working when many of them were still broken. Eventually I had to take screenshots of my completed work and submit them to Coursera support to manually update my grades.

This was incredibly frustrating because I would have completed the entire cert within the Coursera free 7-day trial but instead took two weeks of piddling around waiting for the labs to be fixed.

Recent Posts

Categories

About

Sean Mackert is an IT professional passionate about security and helping inform others.