Uncategorized – Page 2 – Peter Cipolone

You’ll Know at the Finish Line

Posted on June 30, 2021 by admin in Uncategorized

This past weekend I had a bittersweet moment. I became a finisher in the 2021 Spartan Ultra: A 30+ mile, 60 obstacle race. It only took 10.5 hours. It was a sweet feeling because I finally completed all of the Spartan races. It was bitter because I had completed all of the Spartan races. Obstacle Course Racing (OCR) changed me, and I wouldn’t be the same person without it. I like the idea of continual growth; the idea of getting slightly better, all of the time. To do that, you have to constantly be pushing yourself to your absolute limit. It is at your breaking point where you find out a little something about yourself. OCR, especially Spartan races, are perfect for finding your breaking point. Each race is longer and has more obstacles than the last. Each race demands more, both physically and mentally. The course can be brutal, but also creates an opportunity to test your character, build camaraderie, and have a new appreciation for teamwork. Spartan races also bring out your primal skills, and give a small glimpse into how tough your ancestors had to be to survive. Finally, there is satisfaction. Knowing you completed something incredibly difficult and having the weight of the medal around your neck gives rise to a very satisfying feeling. That is the feeling of growth.

“If you do what’s easy, your life will be hard. However, if you do what’s hard, your life will be easy.” ~ Les Brown

US Cyber Challenge – 2020

Posted on June 28, 2020 by admin in Uncategorized

This past week I participated in the virtual US Cyber Challenge (USCC). The USCC is a week long invitation-only accelerated training camp for top scorers in a competitive cyber security related challenge. The camp was divided up into a different class each day from 9AM-6PM. The topics for the classes were Program Analysis for Cyber Security, Large-Scale Digital Forensics, Web Application Ethical Hacking, and Memory Forensics. More information on these classes can be found below. I had an absolutely great time. I am so thankful to be apart of such an event, even if the learning style was like, “drinking out of a fire hose”. The best part of the camp is that I could learn from some of the best minds in the industry. The worst part of the camp is that I had limited interactions with the other members. There was so much talent at the camp, and I feel like I couldn’t network with the others.

Day 1: Program Analysis for Cyber Security
Instructor: Ben Holland
Topics: Principles of Programs and Compilers, Exploit Development
Fundamentals of Program Analysis, Bug Hunting, Antivirus Evasion
My Thoughts: I’m always blown away by the insecurities of software programs, and how bad actors can easily exploit these insecurities. Having a strong understanding of how underlying computer concepts work is critical to writing good code and finding flaws in the code.

Day 2: Large-Scale Forensic Analysis with SOF-ELK® and the Elastic Stack
Instructor: Phil Hagen
Topic: Large-Scale Forensic Analysis
My Thoughts: SOF-ELK® is a open-source platform for digesting large amounts of system/event data. The Elastic Stack is a popular platform for big data and analysis. An issue is that Elastic Stack is not easy to work with right away, so SOF-ELK® overcomes that problem by being configured to use right away. The instructor, Phil Hagen, is the creator of SOF-ELK®. I loved this class because it gave me so many ideas for my home lab project.

Day 3: WebApp Ethical Hacking
Instructor: Doug Logan
Topics: Web Architecture, Injection Attacks, Authentication/Authorization/Sessions
My Thoughts: This class was my favorite because I already have a strong interest in this area of cyber security. I think the material was really well presented, and there was plenty of time for labs to get hands on experience. This course (as did all of them) came with Virtual Machines so I can practice later at home.

Day 4: Memory Forensics
Instructor: Alissa Torres
Topics: Data collection, memory management, hunting for malicious code execution, Defense Evasion Detection
My Thoughts: This was an awesome class, and I need to take it again. I really enjoyed learning about memory forensics, but I don’t have a strong background in computer memory so I felt like I was at a loss. I want to go through my notes and class materials so I can wrap my head around some of these concepts. After, I would like to take this class again so I can appreciate it better.

Network Security – Live Course!

Posted on June 6, 2020 by admin in Uncategorized

I am please to announce that my Network Security Course is now live on the Cybrary learning platform! This four-hour beginner course teaches network security concepts such as data loss prevention, incident response, network architecture designs, good cyber hygiene, network security devices, and much more! The course can be found here! Create More, Regurgitate Less!

Invest In Yourself

Posted on April 1, 2020 by admin in Uncategorized

There is a lot of uncertainty in the world right now. Layoffs are happening, stocks are on a roller coaster ride, and millions are quarantined in their homes. This is a good wake up call for people to start investing in themselves. Here is an inconvenient truth: The only person responsible for you, is you. This means that you need to continually invest your time and money to expanded thinking, more streams of income, and a greater focus towards self-improvement. The dividends of these investments are recognized in times of uncertainty. I have to practice social isolation for the next couple of weeks so here are some things I am doing (and maybe things you should be doing):

1. Reading: I don’t know for certain if reading makes you smarter, but I have never met a dumb person who reads on a consistent basis.
2. Cooking: I’ve been doing this since I began living on my own, but now I am starting to get exotic with it. This past weekend I bought/baked my first whole ham. It was an awesome (and tasty) experience!

3. Review your Finances: Make sure you know where your money is coming from, and more importantly, where it is going. A good place to start for financial freedom is using Dave Ramsey’s Baby Steps. Dave’s baby steps have changed my life.
4. Work on your career: I consistently put in 15-20 hours a week outside of work towards improving my cybersecurity career. I haven’t really seen any returns on this investment yet, but I know they are coming. Helen Keller once said, “Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence.”

Don’t give up. Don’t ever give up.

-Pete C.

COVID-19 Quarantine Update

Posted on March 26, 2020 by admin in Uncategorized

Hey everyone! I just realized I haven’t had a blog post in awhile so I thought I would give a quick update on the things I have been doing. I have so much time on my hands because of the Covid-19 quarantine.

Current Books I’m Reading:
– The Web Application Hacker’s Handbook 2nd Ed by Dafydd and Stuttard and Marcus Pinto
– Learning Malware Analysis by Monnappa K A
– Permanent Record by Edward Snowden

Web App hacking and Malware are two areas I am exploring. I always like reading technical books, probably because they are always filled with screen shots and code snippets. It is incredible what people are doing. Permanent Record is the most interesting/controversial book I’ve read in awhile. I like the book but I am conflicted on how I feel about different parts of the information. I also have A LOT of questions.

Current Projects:
– The Harvester: This is a tool on the Kali Linux platform that I have recently become interested in. I have a really cool feature idea for it that I thought of during an OSINT CTF that I was doing. I really need to sit down, fork the code, and get working. I also need to brush up on my Python for this.

– US Cyber Challenge: This challenge is an online competition for those looking to increase their cyber skills. The top challengers get invited to a week long cyber camp at different locations in the United States! I did it last year and had an absolute blast. I’m definitely doing it again this year. More information can be found here.

– Home Lab: I’ve decided to build an actual home lab because it looks fun and it will improve my cyber security/IT skills. I’m currently collecting hardware and ideas for it. So far I have a server, firewall, and a few computers harvested from friends and work. I’m still deciding on what exactly what I want to do, but I’m seriously contemplating the idea of just building a mock corporate LAN where I am the Network/Sys Admin and Cyber defender. This would help me improve on vulnerability management, AD, and writing policies like DRP, Acceptable Usage, etc. If you have any ideas, please contact me.

Current Toys:
– Proxmark Pro by Rysc Corp: One of these things fell into my lap and it’s been so cool! It’s a device used to identify and exploit RFID and NFC systems. I’ve been tasked with playing with it, get it up and running, and create a user’s guide for it. It’s incredible!

– DSTIKE Deauther Watch: I’ve been researching one of these lately and it looks pretty cool. I’m tempted to order one. I recently discovered websites which are essentially maps of wireless networks around the world so these two things could pair nicely. I’m starting to form an idea on a program which could utilize these things. I think it could be a nice red team tool.

What I am Studying:
I’m still studying for the (ISC)2 CISSP exam and I am still on schedule to take it sometime late this year. I just hope the testing centers will be open again by then. It can be hard to find time for this so I started the habit of waking up at 5AM and studying from 5-7 every morning. I think it has been really effective: It’s so quiet and nobody/nothing is awake to bother me.

And that’s it! This is what I have been doing lately! Hopefully it won’t be so long until I post again!

-Pete C.