The “Irrational” Human?: Part 2

“Minimum 8 characters, minimum 1 upper case, 1 lower case, 1 number and 1 special character.” Sounds familiar? Yes, this is a fairly common password policy. Users found the shortest password that could meet these requirements, “P@ssw0rd” and used it so widely that one of the biggest data breaches in Singapore documented how the use…

The “Irrational” Human?: Part 1

Recently, I finished reading a book at the intersection of behavioural economics and psychology, and will be embarking on yet another book on behavioural economics. For someone who graduated from a hard science degree, I think this qualifies as “reading some fluff” to pass time. They make for interesting reads to suggest that humans are…

Cyber 101 with Bitcrafts!

Is cybersecurity merely only for technically gifted people? Well, not quite. With the advent of the digital world (think Smart Nation), there has been an increasing need for cyber literacy and awareness. Yet, there exists a gap between cyber professionals and laypeople in terms of cyber awareness and literacy. Hence, one short way of addressing…

Building Vulnerable Machines: Part 1 — An Easy OSCP-like Machine

Apologies for the delay; I have been away on a “pseudo-holiday”, or “service break” — I’ve been wanting to write something security-related this month, but found myself a little out of time. This series will be broken into three parts. Part 1: General Design Principles Part 2: Building a Machine (with an example) Part 3:…

Digital Defence

It’s Total Defence Day in Singapore today. And for the first time in thirty-five years, there has been an update to the framework. Introduce Digital Defence. This was probably much called for, considering how the theatre of warfare has transcended physical space into the digital space. The subject of digital warfare is too complicated to…

A Digression: The Offensive Security Certified Professional (OSCP) — Part 3 of 3

#offsec #pentest #training #tryharder Say “try harder”… Here I will deviate from most typical OSCP reviews and discuss a little about creating machines. If we can break machines and obtain administrator privileges, can we create them? One way to get good at a subject is to approach it from different perspectives. For instance, we peer-tutor…

A Digression: The Offensive Security Certified Professional (OSCP) — Part 2 of 3

#offsec #pentest #training #tryharder I want to try harder and earn my OSCP! What should I do? Well, this part of the review is meant for you! How Much Did the Author Know Before Taking the OSCP? Unlike most people who took the OSCP, I took it knowingly that my fundamentals were not good. After all, my background…