• “If your VAR isn’t getting you 25% off web pricing, you need a new VAR.”

• …

This continuous post will be updated as new anecdotes are found!

The best thing I’ve ever been told when it comes to learning something is to figure it out yourself. Ask as few questions as possible, because you’ll probably teach yourself more than you could be told, by diving in.

Relevant to the above, “The Key Doesn’t Work” Approach:

If you have the key to a locked door, and it doesn’t fit into the lock properly on the first attempt, try it several more times adjusting your angle, tilt, etc. until you’ve ensured that you’ve done everything you possibly can to troubleshoot the issue, THEN call someone for assistance/different key. Chances are good that you’re not doing it right.

Greetings again, techie folks. Let’s talk about things I’m not familiar enough with!

Powershell

I’m not much of a programmer - I can noodle my way through a script but writing them from scratch is not my forte. But recently I’ve found interest in learning Powershell, to better combat my lack of knowledge of server administration. The more I work with the Exchange Management Console and the more tasks I seem to be coming across, the more I wish I knew how to script them.

Hence, Powershell.

SSCP

Additionally, with the recent scheduling of my OSCP exam for next month, I’m coming to wonder what else my path will include as far as learning goes. Since I typically determine my learning path by what certifications I’m chasing, I’d like to work more toward the defensive security side of things now that I can pop a shell on improperly secured boxes. This, if you may recall, was going to be...

The lab time is nearly done (ending tomorrow) and it is time to schedule my OSCP exam. It’s been a long time coming, it feels like.

I stand with 17 out of 40 machines compromised to root level in the student lab. I would have been happier with more boxes popped than that number, but I’ve certainly learned a lot since breaking into that very first machine. I don’t yet know if I’m ready to take on the challenge, but I’m taking it either way.

September 6th at 9a EDT. That’ll be a gruelling day. It remains to be seen if it’ll be gruelling just for me, or for the exam lab I’ll wreak havoc on.

It’s now July 24th 2014, which some redditors believed was a monumental day upon which Bitcoin was supposed to reach yet another all-time high as part of a “bubble cycle.”

That did not happen.

Now we have a situation where those who have been actively buying Bitcoin looking for price increases must face either holding on to a weakening investment, or sell it before it dips too far. Those who do the latter may opt to sell now in the hopes that they’ll buy back in at a cheaper price later - the definition of shorting. So what does this mean for Bitfinex lenders who have been lending out “swaps” of USD to traders looking to buy Bitcoin? Why they lend out “swaps” of Bitcoin for traders looking to sell, of course!

The Shorter Explanation:

Bitcoin price falls, Bitfinex lenders move to lend more XBT (and less USD) to traders who are looking to short it. Make sense?

The Longer Explanation:

I recently had a nice revelation about work and careers in general. It seems to me that the most satisfying and most meaningful work, in my experience, looks to be the jobs that make you and your position invisible when done correctly. In other words, if you did your job to the best of your ability, there should no longer be a need for your being there. This is wonderfully played out in IT where we always aspire to create a system of efficiency, of constant availability, and one of consistency in those qualities. Even though we never quite get there, and therefore are always around for when things break, that’s still the ideal system: one in which we are not needed to support it.

On the flipside of that, jobs in music (most specifically performance) seem to strive for the opposite: a job well done reinforces the requirement of your being there. When you are recognized as an exceptional...

And don’t you forget it, IT people.

Analysis summary: Predicting a calm for the next week or two. I’m not expecting any serious rallies or dips for the next month. Also, for what it’s worth, I don’t buy into the precision of a bubble theory or bubble cycle in the form of /u/moral_agent‘s charts.

Bitcoin Technical Analysis for Early Q3 2014

Ah, Bitcoin. It’s seriously a rollercoaster when it comes to investing/trading the XBTUSD* market. Over the last month or so we’ve had a number of exciting developments, which of course are reflected in the price history in the chart. But now it seems we’re coming back to the middle-of-the-road as far as price movement. goes. Notice how close we are to the green support line labeled “The long-term support line starting April 10th…” We’ve bounced off it (and hard) a couple times, and are now returning to it once again with less velocity.

Reviewing Indicators

Unexciting as it may be...

In my OSCP adventures, I’ve found a number of tools wonderfully helpful in learning about target computers. In a penetration test environment, the first thing I want to know is what kind of system we’re dealing with - what it’s likely function is, what ports and services are open on it, what it’s operating system is. Most of the time, I can get a nice snapshot of the target machine using nmap -A. The flag set gives me the following benefits, on top of telling me which ports are open: "-A: Enable OS detection, version detection, script scanning, and traceroute."

Now, why the title? Because in the OffSec lab yesterday, I came across a machine with ports 22, 80 and 3709 open. However, nmap -A only gave me the first two. That’s because by default, nmap will only scan the first 1000 ports. After modifying the command to be nmap -p1-32000 -A did it show me the full picture. (The 32k figure...