Kenneth G. Hartman

Security Consultant,
Forensic Analyst &
Certified SANS Instructor

All Blog Posts

2021

InfosecConsultCon

VALUABLE RESOURCES AND STRATEGIES REVEALED BY THE TOP INFOSEC CONSULTING ENTREPRENEURSHIP EXPERTS IN THE WORLD

2020

Interactively Exploring NTFS Timestamps

Interactively explore how common operating system activities impact NTFS timestamps.

2019

Create an EC2 that Runs Chrome for Sandboxed Web Surfing

Use a temporary system that is totally isolated from anything sensitive

The Equifax Data Breach and the Apache Struts Vulnerability

Recommendations and lessons learned from the Equifax Data Breach

Test Early, Test Often

Illustrating the business value of early SAST

Check Multiple AWS S3 Buckets for Missing Default Encryption

Here is a simple one-liner to check all the buckets in a single account:

2018

Timestamp bash_history with every command

Customize your bash_history...

2017

Linux Hardening

I have found that Lynis (https://cisofy.com/lynis/), is a great way to audit a system for CIS benchmark compliance

Information Security at Startup Companies

How can a young professional convince startups that InfoSec is needed?

Has SHA-1 been hacked?

To summarize, SHA-1 has not been hacked, it is just simply not strong enough with today's computing power.

2016

FIPS 140-2 in a Nutshell

Guide to understanding FIPS 140-2 validation levels

The Trust-Value Equation

I must trust that the benefit that I gain from using your service exceeds the concerns (Fear, Uncertainty, and Doubt) that I have about using it.

The Encryption Magic Bullet

Encryption is not a magic bullet, but it does it play a vital role in a company’s data protection strategy.

Capture a spurious outbound connection with NETSTAT

Need something quick and dirty to create a log of outbound connections on Windows?

Modify a line in wtmp - Linux Accounting

The /var/log/wtmp file in a Linux system contains data about past user logins.

Are BitTorrent Pieces 250Kb Long?

I was researching BitTorrent and noticed in the Specification that it said that the typical length of a Piece was 250 kilobytes long. That made me curious...

SOC 1 vs SOC 2

The difference between a SOC 1 report and a SOC 2 report and why an organization would have both.

2015

Questions to Ask Executive Management when Considering a New Job

You should be interviewing the company that you are considering working for to determine if you will be a good fit for the culture and values of the company.

A Python Parser for BitTorrent Metainfo Files

To help understand the data contained in a metainfo file, I created a python script called “bittorrent-parse.py.”

Bash Script Tests for OS and Run as Root

Using sed in bash scripts to check for root and OS version

How to Install TSHARK in Unattended Mode via Script

After extensive searching the InterWebs and finding a lack of documentation on how to install TShark in a silent/unattended mode, I came across a related Sta...

Change config settings using a bash script

There is a trend to perform all system administration tasks using scripts. The benefit of this approach is that the scripts can be checked into a source cont...

CISSP vs CEH vs Security+

A friend of mine recently made the following post on his Facebook page. It resulted in an interesting discussion, so I thought that I would share it and my ...

The Contracting Life Cycle

Just as there is a life cycle for software development, there is a life cycle for contracting and this cycle must be managed as well to assure information se...

Define: PCI Service Provider

When working with the Payment Card Industry Data Security Standard (PCI-DSS) it is important to understand this definition to make sure your compliance progr...

2013

Defense-in-depth, Part 2

Last post, I discussed the concept of defense-in-depth (DiD) where overlapping controls provide increased security, particularly if one of the controls shoul...

ZeroBin XSS Vulnerability Patched in 0.19

Sébastien Sauvague has just informed me that he has released Version 0.19 to address the Cross-Site Scripting vulnerability that I wrote about in my previous...

ZeroBin as a XSS Attack Platform

What if you could have hundreds of websites from which to launch an encrypted cross-site-scripting attack?

Defense in Depth

Think about your security controls. Have you identified which controls are preventive, and which are detective or deterrent controls? Also remember that th...

Security Policy Exceptions

I was reading a debate on a Linkedin.com forum discussing all kinds of edge cases that some participants were arguing needed to be considered in a security ...

Shannon Entropy of Various File Formats

Today, I will show the results of using this tool for a cursory examination of the Shannon entropy of various, common file formats.

Calculate File Entropy

Entropy is the measurement of the randomness. The concept originated in the study of thermodynamics, but Claude E. Shannon in applied the concept to digital...

Securely Delete Files with SDelete

There is a variety of GUI-based utilities such as CCleaner or Freeraser, but SDelete is very simple to use for anyone comfortable with the command line. SDe...

Why Have Security Policy?

I have found that not everyone has considered the role of security policy in an organization’s information security management program. Therefore, I will sh...

Goodbye Oz Data Centa

The Oz Data Centa (ozdc.net) was a very useful tool for monitoring PasteBin and I, for one will miss it.

The Difference Between Leaders & Non-Leaders

I came across this typewritten list from about 25 years ago. I’m not exactly sure who wrote it, but at the time it made an impression on me.

Eight Traits for Vision

Simple list of Eight Traits for Vision

2012

PowerShell Script to Log Network Connections

The Log-Connections.ps1 file is a PowerShell Script that Logs active TCP connections and includes the process ID (PID) and process name for each connection o...

Looking in Pastebin at the Hactivism Carnage

The Web is full of news about websites that have been breached or defaced by internet hackers. Occasionally these articles will include a hyperlink to Pasteb...

CMM & Organizational Process Maturity

Since the Software Engineering Institute first published the capability maturity model, many other organizations have adapted the concepts to process maturit...

Lessons Learned from the JFK Jet Skier Incident

Earlier this week media outlets had a field day with the news story about Daniel Casillo, the guy who swam up to the JFK runway...

Zero Factor Authentication

What do I mean by Zero Factor Authentication? ...

Be an Actor, Not a Reactor

I love reading about brain research and understanding how we learn. It seems our brain is constantly making connections between things that we are learning ...

Success Has Many Fathers

But ponder for a moment, a double meaning...

OPSEC is Really Not OPSEC

I am delighted to have an entry written by Jack Emanuelson, an independent contractor specializing in OPSEC and information assurance.

Ironic OpSec

What struck me as ironic is that the document is labeled For Official Use Only (FOUO) which means that the government intends to limit its distribution.

How Hackers Get Passwords

Systems that contain more sensitive data need to have stronger passwords. Strong passwords do not use words from the dictionary and use symbols and numbers...

What does trust have to do with it?

Let’s think about what trust has to do with what we do

Are We More Secure Today?

Yesterday I was asked a question in passing. The question was this --Are we more secure today? My reflexive answer was...

Security & Customer Trust

In my role as a security professional, I have pondered the various dimensions of trust and have some thoughts on the subject...

The Sources of Influence Behind My Leadership Style

During the course of my career I have had the opportunity to be exposed to a variety of leadership styles and have also adopted a style one of my own...

2010

Separation of Duties in Scrum Software Development

An important consideration for organizations incorporating agile techniques into their Software Development Life Cycle (SDLC).