[thread 🧵] ⚠️ nothing technical here, just sharing about my life
Since 2018, I’ve been creating or contributing to open-source projects, and I was wondering how many hours I spent of my personal time on this.
TL; DR: In 3 years, I squeezed in 1 year of additional free work.
Usually working from 7pm to 9pm almost every day, and from 1pm to 7pm almost every Saturday. This equals to, roughly, 2000+ hours.
I wasn’t very consistent and there were times I was doing 2h/week, some times 20h/week w/o lunch break.
There were also times I switched personal and professional work slots in order to optimise both, but the number of hours is ~ the same
ADHD signals here? Dunno 🤷♂️
This sums to, roughly, 15 hours per week, for 3 years = 2340 hours.
« The traditional American business hours are 9:00 a.m. to 5:00 p.m., Monday to Friday, representing a workweek of five eight-hour days comprising 40 hours in total. » (wikipedia)
What this means is I spent around 1 full year of traditional business hours in creating and contributing to open-source projects (this includes the rtfm and various research needed to accomplish those tasks).
In 3 years, I worked an additional year, for free! This was never about the money, but this is huge!
This is awesome because I manage to do many things and I thrive in hyper-activity (another ADHD signal? 🤷♂️)
But rest assured, there are downsides to this, including, but not limited to: sport ↘️, shitty diet ↗️, non-infosec-related-activites ↘️, social interactions ↘️, bad sleep ↗️
TL; DR: this is not good for my mental and physical health.
I noticed the downsides almost 1.5 years ago but didn’t change a thing. Impostor syndrome + infosec addiction + big professional challenges (+ ADHD?) + more and more support (awesome comments and DMs ❤️ ) kept me going.
Many friends told me to open some kind of ko-fi, patreon, tipeee, or somthing… I’m still hesitating. I’d be happy to be sponsored by orgs that rely on my contributions and show support, but uncomfortable to be backed up by people’s own hard earned money
And I think the feeling I described is very common and shared by many infosec contributors.
I’m not about to drop everything and go live in the mountains, but I wanted to share this, this is what’s Twitter for isn’t it?
I just need to find an equilibrium, for my own health and sanity. I’ve been struggling to find that equilibrium for a year now. But I guess I’ll find it one day 🤷♂️
I guess this answers what I’m asked the most: « how do you do all this? Where do you find the time? »
Well there is no magic, here is how.
On top of that, I’m not the smartest guy in the room. I compensate my lack of « intelligence » with time and effort.
I think that’s it. I don’t have much else to share about this right now. I just wanted to share my thoughts 💭
Thank you (I guess?) for reading all this, see you really soon for some technical and infosec-related content 🙂
• • •
Missing some Tweet in this thread? You can try to
force a refresh
[thread 🧵] Kerberos basics & (ab)use of Certificates within Active Directory (i.e. AD CS and PKINIT)
- Kerberos 101
- Pass-the-Certificate
- UnPAC-the-Hash
- Shadow Credentials
- AD CS escalation (ESC1 to ESC8)
(Links and credits at the end)
[Kerberos 101 ⬇️]
AD-DS offer two main auth protocols: NTLM and Kerberos. Kerberos works with tickets in order to authenticate a user.
A TGT (Ticket Granting Ticket) can be used to obtain a Service Ticket. A Service Ticket can be used to access a service. This is how it works.
1. User requests a TGT (Ticket Granting Ticket) 2. Domain Controller requires pre-authentication 3. User pre-auths and receives a TGT 4. User requests a Service Ticket and gives his TGT 5. DC sends the Service Ticket 6. User can now use the ST and access a service
Shouldn't we all agree that using a certificate to go through a PKINIT Kerberos pre-auth to obtain a TGT should be called Pass-the-Certificate? Or is there a reason we should avoid using that term?
[thread] A lot of people since this finding are looking for a bit knowledge around that bug. Below is list of links that will help better understand this (attackers-side)
(infosec thread) one of my latest tweets was followed by some questions in my DMs. So let's answer those here and remind some concepts😈
I'll talk about pass-the-hash, pass-the-ticket, pass-the-key, overpass-the-hash, pass-the-cache, silver and golden tickets 👇
Pass-the-Hash (1/4) : NTLM (LM, LMv2, NTLM or NTLMv2 depending on the version) is an authentication protocol used by Windows and AD-DS. Users have passwords, which are stored in a hashed format (LM or NT hash depending on the security settings and version).
Pass-the-Hash (2/4) : when authenticating to a remote service, the password hash is used to compute a ChallengeResponse. The LM hash is used for the LM version of the protocol while the NT hash is used for LMv2, NTLM and NTLMv2.
@podalirius_ and I made GPP Passwords great again. We wrote a Python script, using Impacket, to find and decrypt passwords in Group Policy Preferences, without having to mount the remote share 👇[a thread]