Stay Safe, Be Paranoid

There are backdoors everywhere

Author

Tadi
May 04, 2024

Yoo Welcome to Issue #12 of Navigating Security.

🍃Quote of the week:

Stay safe, be paranoid.

IDK

What To Expect đŸ«Ą

  • đŸ›ŒđŸŸWhy I Love Remote Work - No pre/post work commute

  • 😹Be Paranoid - There Are Backdoors Everywhere 🔙đŸšȘ

  • 🛜Why & How To Learn Networking For Cybersecurity - Including a curriculum to go from beginner to advanced

This Week’s YouTube Video:

Remote Work Is Great đŸ›ŒđŸŸ

I was away on an onsite pentest this past week. It was a great experience, but I also realized how blessed I am to work remotely.

Sometimes I feel like it gets boring, but being able to take breaks whenever I want allows me to be a lot more productive. At the end of the end, I will still have the energy to do everything else I want to do, think gym, studying, or YouTube because I do not have an exhausting commute to look forward to.

God bless all the people that do not work remotely.

Stay Safe, Be Paranoid 😹

One of the lads I work with recently led a meeting where part of the discussion caught my attention - open-source tooling and infrastructure. It’s common to hear people say, “Don’t run code you haven’t inspected yourself”, but for the most part, I am sure that goes into one ear and out the other.

Meme

There are backdoors everywhere (not literally) so you have to make inspecting code you did not write a habit. Open-source tools like Impacket are battle-tested and frequently reviewed by community members, but what about those obscure scripts and exploits you find on Git Hub or (God forbid) Exploit DB?

Learn how to do code reviews for each item you want to add to your arsenal. If you’re a chad, build your own tools just to be 100% sure you’re safe. It’s one thing to run tools and scripts you find in your own lab environment, but dropping these potential backdoors in client environments is pretty bad hygiene. Build infrastructure to isolate everything at home or in the cloud if you aren’t one of those die-hard “on-prem” guys. If you aren’t sure where to start, start by separating your day-to-day network from the one you study/research. Any exploitation tools/scripts should not be anywhere near your daily web browser or personal information - at least make life a bit more difficult for a potential bad actor.

Remember, convenience is inversely proportional to security.

❝

Stay safe, be paranoid.

The Importance of Networking - as in protocols and all that 🛜

As I mentioned above, I had been away on an onsite test this past week and had the opportunity to dive into many networking topics because of the work I was doing. I always found networking one of the boring fundamental security topics, but if you can take anything away from this newsletter issue - don’t skip learning the basics of networking.

I had to bounce around a bunch of different subnets which was made easier cause I’ve looked into a lot of the ways to do that already. SSH and tunnelling are also pretty important to know. Being able to open ports and set up secure tunnels to achieve your goals is a valuable skill - you don’t want to spend half the time you have for a test troubleshooting why you can’t reach a certain host. Another reason to learn SSH and tunnelling is that running tools through port forwards with proxychains is ALWAYS slow.

Here’s a bit of a curriculum for you in case you don’t know where to start:

  1. Fundamentals of Networking

    • Introduction to networking concepts

    • Understanding IP addressing and subnetting

    • Basics of TCP/IP protocols and OSI model

  2. Network Configuration

    • Configuring network interfaces in Linux

    • Basic network troubleshooting commands (ping, ifconfig, netstat, traceroute, ip, ss)

  3. Introduction to Network Security

    • Understanding firewalls and network security

    • Basics of encryption and secure communication protocols (SSL/TLS)

  4. Advanced Networking Concepts

    • Routing and Switching fundamentals

    • Dynamic routing protocols (e.g., OSPF, BGP)

    • VLANs and NAT

  5. Linux Networking

    • Advanced Linux commands for networking

    • Network monitoring tools (tcpdump, wireshark)

    • Writing basic bash scripts for automation

  6. Security Protocols and Implementation

    • In-depth study of secure protocols (SSH, HTTPS, IPSec)

    • Implementing VPNs and understanding their security aspects

⏱Incase you missed the previous issue, here you go:

The Quickest Route To Domain Admin?

Also, stop using ChatGPT for coding

www.navigatingsecurity.net/p/the-quickest-way-to-da

Suggestions

Hit me up on Discord or LinkedIn if you have anything you feel would be cool to include. Thanks, Cheers.