🌊 Cyberocean Updates
🌊 6th of November, Huwebes
There's more challenges faced than anticipated with the reference sheet. I've dangerously envisioned the idea of building up the sec+ descriptions and examples through HTML. For some odd reason, I thought that it might be more optimal to have it constructed there over standard tables on text. But really, I just need to weigh up my priorities because I'm not going to be a full time developer by trade and that the content is probably paramount since I'm just simply working on staying sharp with the cyber security dialogue. It's a good bit of refresh too because I've always found that I remember things better when I apply the information into written content.
🌊 5th of November, Miyerules
Security+ Content descriptions and examples are in the works to be included.
🌊 31st of October, Biyernes
🌊 5th of August, Martes
"A driver is a software component that lets the operating system and a device communicate. For example, when an app needs to read data from a device, it calls a function implmented by the operating system. The operating system then calls a function implemented by the driver. The driver usually developed by the device's manufacturer, knows how to communicate with the device hardware to get the data. Once the driver gets the data, it gives it back to the operating system, which then give it back to the app."
🌊 29th of June, 3:59pm Linggo
Completed SYO-701 4.0 Security Operations List.
🌊 23rd of June, Lunes
Pressing the power button after unplugging the battery discharges residual power stored in the device's capacitors. This can sometimes help reset the internal components.
🌊 23rd of June, Lunes
Coming fresh from Matariki Weekend, I've found a new leash. I realised that Decision Fatigue is legit so instead of taking on the projects in bulk, I should just do a little bit here and there for the long run. Presumably, that just stacks up good over time. Taking inspiration from my good mate's little hosting project below as well, it's given me an idea to use my unused Raspberry Pi for a Plex Server. But again, miniscule goals a day's the way to go.
🌊 15th of June, 5:52pm Linggo
See Leadership Tryhard.
🌊 2nd of June, 11:18pm Lunes
There’s a plentiful of new ish technologies I got to play with recently: Sony’s Bravia 3, Shokz Bone Conduction Headphones, DRM Encryption, Handbreak, Discord Widgebot, and Plex. This has all inspired an idea for a Raspberry Pi Project, we’ll see how it goes.
🌊 25th of May, 8:40pm Linggo
It’s been a fair bit of time but I’ve got a pretty good excuse in mind 📖
See Leadership Tryhard.
🌊 11th of May, 3:23pm Linggo
I used a random number generator to help select a topic from the SYO-701 content that I can talk about.
From 3.0 Security Architecture, I chose Cloud: Responsibility Matrix, Hybrid Considerations and Third-party vendors.
Cloud Computing: refers to delivery of computing services over the internet (“the cloud”) rather than through local servers or personal devices.
Cloud Responsibility Matrix: often referred to as the Shared Responsibility Model that describes the security responsibilities of CSPs (Cloud Service Providers) and their customers. IaaS, PaaS and SaaS are some examples of these.
Hybrid Cloud Environment: it’s where organisations utilise a combination of on-premises infrastructure and public/private cloud services.
Third-party Vendors: some organisations might choose a third-party vendor where roles and responsibilities, compliance with regulations and Service Level Agreements must be clearly defined.
Ultimately, regular reviews and updates to security policies and practices are essential to adapt to evolving threats and technologies.
🌊 10th of May, 9:13pm Sabado
The last couple of weeks had been as fun as a wet fish.
“In very rare circumstances, such as when a power failure interrupts macOS installation, your Mac might start up to a circled exclamation mark. This means that the firmware stored in your computer’s memory needs to be revived or restored."
Interestingly, Apple Support encourages using another Mac to revive the affected Mac through DFU mode. DFU just stands for Device Firmware Update mode, a unique feature in the Apple Ecosystem. Entering a special mode to update or restore firmware isn’t unique to Apple per say, it exists across various platforms too! The specific implementation and terminology just differs. DFU mode just happens to be what Apple’s devices use for firmware management.
🌊 4th of May, 9:56pm Linggo
I used a random number generator to help select a topic from the SYO-701 content that I can talk about.
From 1.4, I chose Public Key Infrastructure (PKI): Public Key, Private Key and Key Escrow.
Public Key Infrastructure (PKI): framework that enables secure communication and data exchange over networks, particularly the internet.
Public Key: it is shared openly and can be used by anyone to encrypt messages intended for the owner of the corresponding private key.
Private Key: it is used to decrypt messages that were encrypted with the corresponding public key.
Key Escrow: a security measure where a copy of a private key is held in a secure location by a trusted third party (the escrow agent). This allows for recovery of the private key in case the original owner loses access to it.
🌊 29th of April, 11:22pm Martes
I used a random number generator to help select a topic from the SYO-701 content that I can talk about. 
From 3.3, I chose Data States: Data at Rest, Data in Transit and Data in Use.
Data at Rest: this refers to data in a physical medium that isn’t being used or transmitted like files in a hard-drive. Encryption, Access Controls and Backups are some ways to secure data at rest.
Data in Transit: this refers to data that is actively moving from location to another like emails and file transfers. Data in transit can be protected via encryption protocols like TLS (Transport Layer Security).
Data in Use: data that is actively being used or manipulated by applications or users. Security measures can include access controls, monitoring and data masking to protect sensitive information.
🌊 28th of April, 10:45pm Lunes
See Leadership Tryhard.
🌊 27th of April, Linggo
Goodreads and Amazon! Did you know that the digital books are separated by region? So if you've got a book from the US Marketplace, you won't be able to access that with your New Zealand account even when it's the same email. Unfortunately, it's also not possible for them to transfer your books from one Marketplace to another. The consumers might assume that it's some sort of technical restriction but it isn't! I've thrown this up in our group chat actually and some argued that it's dirty business practice so users will have to buy the books twice if they want to reallocate the region while some think that it's more governance since countries might have different sovereignty over how books are managed.
There isn't a way for a small player like me to dig too much into a big corporate's practices to verify but I can always compare a popular book that should be different for the US vs the UK Marketplace for instance if it was indeed a sovereignty matter. So I had a look into Harry Potter and the Philosopher's Stone! If it was sovereignty, this book should be labelled Harry Potter and the Sorcerer's Stone in the US Market but it isn't so there goes the theory. That said, that's mild "investigation" if you can even call it that. Maybe we need to look into books that are more political or religious to have a proper check for difference. Ultimately, this is just another case of 'just because a technology's infrastructure in place, it doesn't mean that it's optimal. Like many things, it's influenced by money and politics.
🌊 26th of April, Sabado
I've had a ponder about how games like A Way Out was developed. My mate and I had a jam on the PS5 with it and naturally my mind's gone off a tangent with how it's structured. It's aged pretty well! You play it with a split screen and if I was a gambling man, I'd say that the storyboard probably took precedence then followed by implementing gaming mechanics for each part of the story. It's clearly taken inspiration from established work where they've just sort of combined them collectively. It's pretty interesting that a story with clever use of known gaming mechanics and puzzles within it establishes a compelling experience.
🌊 25th of April, Biyernes
This video of Linus Tech Tips on Jimmy Fallon stumbled into my YouTube feed. It's about a laptop that's got engineering applied to allow monitor expansion. I personally think that it's going to stay as a gimmick rather than something that the mainstream would welcome. My assumption's that this sort of thing would inevitably run into trouble over time such as any technology, right? So the longevity's my main concern! The potential of it getting stuck at the wrong resolution, the mechanic of it getting unreliable and even the screen itself makes me wonder how long it can manage the engineering. I'm sure there's probably best practices that users should know about to maximise longevity but as I've stated earlier, I really doubt that it's going to break the market so the practices naturally wouldn't hit it off as well. But hey, if someone does fancy niche technology and have money to spare, why not?
🌊 24th of April, Huwebes
Incident Response is approached differently from standard troubleshooting. I've had to consider variables that are volatile, everything has to be actively communicated and ensure that we can get the RTO (to define how long recovery takes) and RPO (agreed time bracket for acceptable data loss). With ANZAC knocking on the door, resource was rather low but some kiwi ingenuity with a focus on offering hotfix solutions for users were prioritised so some things were thankfully mitigated.
🌊 23rd of April, Miyerkules
Several Troubleshooting Jobs caught my interest. Network Outages, 'Failed: Unable to render job' that allegedly implies Insufficient Memory, Apple Display Problems and an 8 year old Macbook Air that's starting to slow down and whether it was time for the user to bite the bullet to start window shopping.
🌊 22nd of April, Martes
I've pieced a thought together! I realised being new to this constant learning effort that I'd face a wall here and there on what to talk about. The Technology News can get repetitive but I want to keep this up, right? That's when I thought of using a very simple application to generate a random output that returns a topic from my SYO-701 Content page. I'll dig into it in the next couple of days.
🌊 21st of April, 7:40pm Lunes
Mastodon is an open-source social network. This had been catching some attention from my circle because it’s decentralised. This means that no central corporation’s got control on everyone. A user can create an instance of Mastodon for their community where each one has their own moderation and governance. The user’s can still communicate with users from other instances that privately operates.
The appeal’s that Reddit somewhat started off with the same disposition and Mastodon’s the answer to the betrayed Redditors that now face polarising direction under the platform’s recent management.
🌊 29th of April, Sabado
See Leadership Tryhard.
🌊 18th of April, Biyernes
Big Zuck from Facebook had been left a dent by a formidable fellow New Zealander in Sarah Wynn-Williams. She was an exec at Meta and heard her describe herself as a Security Engineer in Australia’s 60 Minutes Interview. In my mind, she hasn’t really revealed anything new that anyone who has a heartbeat in the Tech Industry already knows. One example of many’s the ethically questionable practices like harvesting indicators for women that might be under stress is used to sell for the Beauty Industry. In layman’s terms, these companies will be interested in having access to that information from Meta so that they can target their advertisements to that audience since they’re more likely to consume their products when they’re under the influence of unfavourable emotions. It will be interesting how far this goes and I’m personally already impressed that she got this far as a whistleblower and surviving Meta’s attempts to silence her. All the best to this warrior! It’s not easy going up against like that to big corporation. I trust that she survives the smear campaigns since she comes across as though she’s equipped with capable lawyers and made a good enough reputation for herself to stay employed. Brilliant Lass!
Interviewer: "Sarah, it takes incredible courage to do what you’re doing. Are you feeling brave?"
Sarah: “That’s a hard question, uhm.. I’m feeling like it’s necessary.”
🌊 17th of April, 1:14pm Huwebes
According to DuckDuckGo's help page, Duck.ai is a free feature that allows you to have private conversations with 3rd-party AI chat models, anonymised by them. So this one's apparently different because Duck.ai does not record or store any of your conversations to train chat models. All metadata that contains personal information is completely removed before prompting the model provider. This means chats to Anthorpic, OpenAI and together.ai appear as though they are coming from DuckDuckGo rather than individual users. They also have agreements in place with all model providers that further limit how they can use data from these anonymous chats including the deletion of all information received once it's no longer necessary (at most 30 days for legal compliance). More information here!
🌊 16th of April, 1:42pm Miyerkules
New Technology entered my radar today!
Procreate is a tool used by artists. One of our guests supported is an 'Illustrator' that used this to create live digital drawings. She was able to also record this and play the timelapse of it by the end of the event. The user also happens to be an amazing artist unknowingly oozing inspiration that's truly demonstrated the technology in a good light.
StageTimer.io is a remote-controlled countdown timer. I've seen this used as a tool to keep a speaker within agreed time constraints. Clever stuff! It's a bonus that it's free as long as there's only 3 devices used with it.
AirMedia Controller troubleshoot was also a highlight. A taste of humble reminder greeted me today that sometimes hardware can just go offline and get temperamental. Let's hope that a replacement isn't needed anytime soon.
🌊⭐ 15th of April, Martes
Thanks to the Enigmatic Global Ambassadors, I've had the privilege to attend my first event as a guest to talk about Cyber Security and it's involvement with AI. It was also nice to be included in more leadership related skills discussions and being part of a panel where the ambassadors can just throw questions towards my direction. It was good fun aye! Good thing the brain was working with all cylinders. 100% looking forward for more opportunities.
🌊 14th of April, Lunes
Often, when we talk about Cyber Security, a typical response's that 'I have nothing to hide'. Understandably, why would a user feel inclined to care about how our data's governed when you don't really think it's a big deal. One argument's that 'Well, even if you agree with how they're handled now, that can change a decade from now because your data has permanence and there's no way back once it's extracted!'. But another argument that spoke to me a little better's how higher authority can abuse power by using these security tools as a weapon to track Whistleblowers down. Finding out that people can get killed from speaking up using this data's what got a bit eery for me and should be good ounce of inspiration for me to try some proper effort with it.
🌊 13th of April, Linggo
Shortly after the Tekken 8 Ver.2.00.01, an Emergency Patch was announced to mitigate the overwhelming backlash from the community. It was interesting because it doesn't seem like they could revert the patch even though it's something that isn't entirely unprecedented. Instead, some features were adjusted and they've promised that they will do gradual adjusting of parameters throughout the weeks until the players are satisfied.
The take away here's that sometimes you can't just revert the damage done so you'll just have to find a strategy moving forward that's viable for the technical team, marketing team and of course, the legacy players.
🌊 12th of April, Sabado
I learnt from the Gaming Industry (Tekken 8 Community) that sometimes Patch Notes don't necessarily always match what's communicated to the consumers. That means that Developers can sometimes be instructed something different while the customer-facing staff have to deal with backlash. Ver.2.00.01 caused a review bombing from their community on Steam that resulted to an Overwhelmingly Negative review on their front-page.
🌊 11th of April, Biyernes
There's qualifications that I can consider to pursuit: Copilot for Security, CITM and CISM. Personally, I find projects like this website and 'job experience' more fulfilling but if the market requires this to get the gap closer for consultants of my profile in the competitive industry, then I should certainly take this into sincere consideration.
🌊 10th of April, 9:58pm Huwebes
AI can be implemented in Cybersecurity for IDS. IDS stands for Intrusion Detection System, right? The way this generally works’ through giving it an established known signatures to detect Malware. However, AI can go beyond that and just look for deviations. That’s an advantage because sometimes when there’s an anomaly, if it’s not a recognised signature, it wouldn’t be detected and that wouldn’t be ideal.
🌊 10th of April, 3:23pm Huwebes
Windows 11 and Windows 10 should have Microsoft Defender pre-installed. It's embedded well into the Microsoft Ecosystem which should be user-friendly. If it means anything, the consensus about this technology's shifted to a quite positive reputation. During time of writing, I'd recommend it for casual users with Microsoft Devices.
🌊 10th of April, 2:03pm Huwebes
My troubleshooting yesterday got a bit lost in translation. The Boot Sequence is simply relevant because when installing Windows off the stick, you'd naturally need to set it up that way instead of it looking for a PXE Boot first. With the correct sequence, the right priority is set in place. That's all it was! All resolved, happy days.
🌊 9th of April, 2:58pm Miyerkules
HttpsBoot: Failed to initialise network connection
This error hints on a Network Problem so it's easy to jump to that side for troubleshoot, right? Well, today I learnt that while in general that's true, it's also worth running Diagnostics if the hard-drive is detected or more. It's also encouraged to verify the Boot Sequence that could also lead to this sort of error.
🌊 8th of April, Martes
ping -n was mildly interesting because I tend to use that without the -n flag. Let's think of ping -n 4 duckduckgo.com
Simply, this command will send 4 ICMP echo requests to duckduckgo.com and display the results, including time it takes for each request to receive a response. -n defines how many pings you fancy sending!
ICMP by the way's Internet Control Message Protocol. It's not necessary to know the meaning of the acronym to apply it, regardless of it being required for my CompTIA Security+, it's primarily used for diagnostic and management purposes in IP networks.
🌊 7th of April, 10:07pm Lunes
The netsh command used last week, aids network tasks by enabling users to view and modify network configurations, troubleshoot network issues and manage network services.
I won’t bother memorising these but it’s just good to know:
> netsh wlan show interfaces -displays information about the wireless interfaces.
> netsh wlan wirelesscapabilities -shows the capabilities of the wireless adapter.
> netsh wlan show all -provides a detailed overview of all wireless settings and profiles on the system.
These were used to diagnose wireless connectivity issues + understand the wireless capabilities of the device.
🌊 7th of April, 4:12pm Lunes
Naming Standards on Hardware was ensured for the devices to stay within the Policies that are placed. Anti-Malware advise was raised outside of work as well. Thankfully, the user was a Windows user who seems to only need it for casual-use. During time of writing, the reputation of Windows Defender's actually decent in the Technology Community. One of my best mates would argue otherwise and I do tend to trust his Techspertise but his perspective seem to involve his own experience relating to his line of work. I'll naturally take that with a grain of salt when it comes to a user that wouldn't necessarily be doing anything to heavy presumably.
🌊 6th of April, Linggo
See Leadership Tryhard.
🌊 5th of April, Sabado
See Leadership Tryhard.
🌊 4th of April, Biyernes
I've added 'Leadership Tryhard' here where I'd attempt to add entries relating to Leadership Skills. Overtime, I realised that I need to take the skills required for that, just as seriously as I'm taking the technical aspects. I'm sure this helps build my profile into being as close as I can possibly get with being a well-rounded Consultant.
🌊 3rd of April, 12:22pm Huwebes
Sometimes updates don't necessarily improve things. Long story short, a major event was resolved through a controller's firmware downgrade to match the version of the infrastructure's firmware. Management reaching out was a highlight for me personally, where I got the opportunity to describe the 'Lessons Learnt' and how we can mitigate in the future. In my mind, testing and a whole lot communications before, during and after installation should be key to maximise an ideal outcome.
🌊 2nd of April, Miyerkules
The Incident re-occurred and it's unknown what's truly the cause. I've had the opportunity to take proactive lead on the Triage Process hand-in-hand with a couple of other departments. Unfortunately, I can't discuss details but in-general, a firmware update was attempted as hotfix.
🌊 1st of April, Martes
Network Incident Handling was a thrill. The Triage Process was in place with what seemingly appeared to be a straight-forward cable replacement. Interestingly, Cable Infrastructure isn't always applied and sometimes troubleshooting can be a little bit tricky when greeted with that sort of circumstance.
More Info Gathering was also done for a different matter! This expands from March 31's entry, where https://speed.cloudflare.com/ and commands were implemented (ping -n and tracert) this time around.
🌊 31st of March, 9:38pm Lunes
Apple has a web page for Apple Device Support Tutorials that I’ve used as reference to create a Diagnosis Report found at Section 3. It was straight-forward! You hold option and press the Wi-Fi symbol then Create Diagnosis Report. The file’s then saved at /private/var/tmp where the .tar.gz compressed file would be saved and hard to miss.
It was a lot more GUI-Heavy compared to how we’ve done Information Gathering for Windows. To accomplish this, we used the Command Prompt and entered the following to collect logs and provide diagnostic information:
> netsh wlan show interfaces
> netsh wlan wirelesscapabilities
> netsh wlan show all
Right click on the top-left corner of the window > select export text and there we have our Diagnostics Report gathered!
🌊 27th of March, Huwebes
Switch Migration was a highlight. As part of the Re-IP Project, I was a bit hands-on with the Switches. Re-IP could be paramount for Network Management, Security, Troubleshooting, Compliance and Load Balancing.
Network Management -optimises the network structure.
Security -enhanced because it makes it more difficult for attackers to target specific devices.
Troubleshooting -sometimes this resolves some conflicts and problems.
Compliance -to comply with regulations or policies.
Load Balancing -as distributing traffic across multiple IP addresses can help manage load and improve performance.
🌊 26th of March, 9:15am Miyerkules
Sassafras Allsight is an Information Technology Asset Management software that visualises and aids information gathering, troubleshooting and procurement. Procurement here refers to the process of obtaining goods or services that are typically for large scale.
Dizzion is a DaaS (Desktop as a Service). This enables remote work and simplifies desktop management in a way that's cost friendly.
🌊 25th of March, Martes
Dell Command Update is an application that maintains system drivers, BIOS and firmware. This ensures that Availability is met in the CIA Triad for IT Administrators that focuses on Dell-related devices. I've also learnt that the application can also be used to update multiple device in an enterprise environment.
🌊 24th of March, 3:11pm Lunes
Hardware failure's at times tied to optional updates. For instance, a Display Adapter under Device Manager could be compromised due to compatibility issues. We sometimes even do downgrades in rare occasions when we find that it's more stable. But thankfully for the tickets I've faced today, they've all been generic updates with minor port problems.
🌊 24th of March, 11:58am Lunes
Back in the game with a bit of cobwebs🕸️Standard flush of previous tasks that were jotted down and resolved from last week. It seems to me that the theme for the day's hardware that I'm inclined to jot down after scouring for resolutions.
🌊 21st of March, 11:42am Biyernes
SYO-701 content updated with 2 chapters left to go. I've been referencing the objectives from the COMPTIA page to simply type them up so that it helps expand my vocabulary and at the very least heard of terminologies that I either need a refresh on or get the ball rolling for familiarity. It's important that I continue my growth here as a consultant so that I can effectively describe and use the right words for people from all backgrounds and authority figures.
🌊 20th of March, 10:37pm Huwebes
I’ve ensured that ticket logs were low today. Approval for Linux Access was met, Temporary Guest Accounts created and enabling a user’s profile for proprietary software were some of the highlights. Keeping up with the process for replacements for asset management would’ve been helpful today too because updates are heavily reliant on naming standards. I also got to try Duck.AI and so far it’s done the job for my quick queries although I need to read more into the inner workings of it on how it’s achieved a privacy focus in technology that relies on what we have to feed to it. Currently, I’m in talks for an opportunity to talk about Cyber Security for a technology event in the local scene.
An update was also released today on the Copper Outage. It was due to a roadwork contractors accidentally cutting a cable by roadwork contractors drilling new ducts. I discovered SAL1, a newly offered defensive certification by TryHackMe.org
🌊 19th of March, 10:50am Miyerkules
Early refresher on Disposal Process was paramount today. The CIA Triad includes Availability and part of that's hardware. Outdated hardware isn't very good because it's a detriment to compatibility with OS and soon software. The Copper Outage mentioned in the previous entry's still on-going during time of writing.
🌊 19th of March, 1:24pm Martes
Copper Outage in Bay of Plenty, New Zealand affecting internet connections in the rural areas. 2FA Inductions had been a common request throughout the weeks. Experimentation with the DuckDuckGo desktop browser is on-going. User Education on where subscription mailing lists can lead was a theme as well.
🌊 18th of March, 10:54am Martes
Standard Ticket Logging. Website ensured to be dynamic in terms of fonts. 'BSOD? Why Bitlocker Recovery?' is posted. TLDR Bitlocker Recovery happens when there's changes in the BIOS Settings, Hardware or too many incorrect pin entries.
🌊 17th of March, 5:02pm Lunes
Streamlining the information learnt from the job. Ready for update this evening.
🌊 17th of March, 12:03pm Lunes
RSS Feed consideration inspired from lichess.org. 'Data v Metadata' and 'BSOD? Why Bitlocker Recovery?' blurbs are in the works. SYO601 Content being updated into SYO-701 Content.
🌊 17th of March, 11:53am Lunes
Cyberocean Updates was started. The idea's to ensure that progress is documented.
Comments
Post a Comment