Yesterday, with 3 days left on my deadline, I completed the GIAC Open Source Intelligence certifications exam with a score of 91%. Needless to say I was pretty delighted. I’m still unsure which of the following questions had the biggest impact on my certification exam result: Was the exam too easy? Did I prepare very well? Was the training provided so good that it was inevitable?
I’m leaning towards a combination of the training and my preparation. To be fair the “SANS SEC487 Open-Source Intelligence (OSINT) Gathering and Analysis” covered a breadth and depth of topics, and covered them well. A series of books are made available to course participants, one for each day of the course, and since the exam is open book, these materials are vital to your success in the exam. I did learn many new tools and techniques. However, if you’re a seasoned OSINTer you may find the course a bit foundational and remedial and it might be better to do one of their more advanced courses. But in terms of how I scored so well, as you might expect, every question asked in the exam could be answered from the pages of the training materials.
This brings me to my preparation, the books provided are between 140 to 180 pages each. Needless to say you can’t page through those materials for each of the 75 questions you get asked in the 2 hours you have to do the exam. So a big shout out has to go to Lesley Carhart for her blog post on her “Pancakes Index System”. It would not have been possible to efficiently work through the materials without an index, and I went with the Pancakes Index System, and it definitely worked and ended up looking like this:
Following the putting together of my index, I then completed the two practice tests. The practice tests were very close to the actual exam in terms of the format of the questions and provided great preparation for the exam itself.
And there you have it. A great course with a great instructor @dutch_osintguy in my case, and enthusiastic class mates led to a great experience and now, thankfully, another successfully completed certification exam.
So you’re set up on Github, and being the privacy conscious person you are you have Two Factor Authentication turned on. You’ve added a personal access token so that you can push from repos from a machine. Now you have a new install of Git on some flavour of Linux and you want to configure Git on the command line to be as frictionless as possible while you’re using it, while still remaining secure. What you really need for this is to set up credential caching so that you won’t need to enter your password every time you run git push. Let’s explore this and some other initial configuration steps that will make use of Git that much easier.
I’m not going to lie, I hadn’t heard of bookmarklets until earlier this year at one of the SANS summits. They were quite the revelation. Their potential at automating collection and analysis of data was very obvious and very powerful. However, up until Today I hadn’t come across a compelling reason to make a bookmarklet. If you already know what bookmarklets are skip the next section to see what I made.
What are bookmarklets anyway?
This is a quick post in relation to where you could find sources of Data to run experiments and code on. It was inspired by a talk during the week that spoke about some open data initiatives. It reminded me of my search for data when I started out, in the end I abandoned working on any of the sources in favour of taking on a course of study in Cyber Security, that’s a year I’ll never get back!
However, I had done a little groundwork, the course is over and these sources may well be of use to someone so I’ll make a quick post about them.
Right now I’m working away on a bigger post, part of the topic being covered is the use of Git. If you don’t know what Git is follow the link, but basically it helps you to keep track of and manage changes made to files you use as part of a project. If you do any sort of coding on your machine and you’re not currently using version control, you really should consider it, it’s a game changer. There’s even a free course on Udacity to get you started, I did a previous version and it was most definitely worth it.
Edit: I ran into an issue when setting up phpMyAdmin subsequent to this post. Issue and solution explained at the end.
I was asked earlier today how to view a .sql file in a friendly manner. I didn’t quite get to the answer to that question, I’ve added it to my list. However, while attempting to arrive at a solution I thought that ingesting the .sql file into a database system, MySQL for example, might be a step in the right direction. In my efforts to make it somewhat friendly I didn’t want to get down to the command line level. In order to successfully avoid that I thought that installation of phpmyadmin would help, and it did. I won’t bore you with the steps of how to set that up, in fact I found an excellent resource for setting it up on my system (Manjaro by the way), and I bet there’s a handy resource available for whatever system you happen to be running. A word of warning, unless you want the servers running constantly in the background, skip the steps which say enable, just start the services when you need them.