Cybersecurity Mentors Podcast

Mastering Cybersecurity: Part 2 – Securing Systems and Environments

Cybersecurity Mentors Season 3 Episode 5

Share episode

In this episode, Steve and John dive into why securing systems is a must-know skill in cybersecurity. Learn the basics of system hardening, access control, and logging, plus practical tools and labs to get hands-on. They also explore how AI can boost your defense game — and why thinking like both an attacker and defender will set you apart.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Episode Resources:

Hands-On Labs & Platforms

  1. TryHackMe 
    • Labs: Intro to Windows, Hardening, Linux Privilege Escalation, Pre-Security Path
    • Great for learning system hardening and exploitation from both Red and Blue perspectives.
    • Link: https://tryhackme.com
  2. Hack The Box Academy 
    • Modules on Windows/Linux fundamentals, Active Directory hardening, and network security.
    • Link: https://www.hackthebox.com/
  3. Cyber Defenders 
    • Real-world challenges with system logs, hardening tasks, and detection engineering.
    • Link: https://cyberdefenders.org/

Security Benchmarks & Guides

  1. CIS Benchmarks 
    • Free hardening guidelines for Windows, Linux, macOS, network devices, and cloud platforms.
    • Link: https://www.cisecurity.org/cis-benchmarks
  2. Microsoft Security Baselines 
    • Microsoft’s official security settings for Windows 10/11, Server, Office, and more.
    • Link: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines

Tools & Scripts

  1. Windows Hardening Guide by Debloat Windows
    • Open-source PowerShell scripts to harden Windows easily.
    • Link: https://github.com/ChrisTitusTech/win10script
  2. Lynis (Linux Hardening Audit Tool)
    • CLI tool that scans Linux systems and gives a security score with suggestions.
    • Link: https://cisofy.com/lynis/
  3. Ansible Lockdown Roles
    • Prebuilt automation scripts for applying CIS hardening via Ansible.
    • Link: https://github.com/ansible-lockdown/

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Connect with us and leave us feedback:

  1. Cybersecurity Mentors Podcast Swag: https://the-cybersecurity-mentors-pod.myspreadshop.com 
  2. Mentorship - Sign up for a FREE session: https://www.cyberprofessionalservices.com/scheduling-free-consultation
  3. Sign up for our Newsletter: https://sendfox.com/lp/m2vx85 
  4. Join us on Discord: https://discord.com/invite/g4yRKjnD78
  5. Follow our LinkedIn page: https://www.linkedin.com/company/cybersecurity-mentors-podcast
  6. Check out our YouTube channel for more content: https://www.youtube.com/@CybersecurityMentorsPodcast
  7. TCM Affiliate Link: https://certifications.tcm-sec.com/?ref=1

Send us fan mail via text

Steve:

Could you teach me First learn stand, then learn fly. Nature ruled on your son, not mine.

John:

I know what you're trying to do. I'm trying to free your mind, neo, but I can only show you the door. You're the one that has to walk through it.

Steve:

What is the most inspiring thing I ever said to you Don't be an idiot. It changed my life.

Steve:

Welcome back back to the Cybersecurity Mentors Podcast. Today we are diving into a topic that sits at the very core of every cybersecurity role whether you're a SOC analyst, penetration tester or GRC professional and that is the importance of knowing how to secure systems and environments. So today we'll talk about why the skill is important, how you can build on it and sharpen it, share some quick resources on how to help you. We also will mention how AI can assist. So let's jump into it. So, john, why is knowing how to secure systems important?

John:

Yeah, I mean, I think a lot of people would think this is an obvious thing. We're in security and we should know how to actually secure systems and secure applications and secure everything. But that's not necessarily the case when it comes to the skill of securing a system or an application, because this is piggybacking off of our build, secure, hack mindset. If you learn how to build those systems or applications or whatever, and then now, well, how would I configure it securely? How should I? How do I configure it so that it's not misconfigured or open or overly accessible and things like that? So it's. It's actually not as simple as as you might think. It is because when you are faced with a system that you, you know you've been given hey, here's a system that you need to figure out how to secure. Maybe you've never done that before, maybe you've never hardened a system from the ground up and gone through those steps to make sure that it is meeting those security requirements, and a lot of people don't do that. I mean, they don't, if you think about again. I'm kind of going back picking at training options that are out there. Most of them are about how to monitor and detect and how to, and then maybe on the offensive side, how to hack. Not so many are about how to secure a system. What are the steps, what are the things you would do and we're going to get into the details of it. But you know, when you do show up at a job and an employer is like well, you know you're applying for this position, you would be expected to know okay, here's a vulnerability or here's a system, how are you going to recommend to my administrators what they need to do to make sure that it is secure? Kind of back to last episode we talked about how do you know how to secure a server if you've never built one before? Right, well, yeah, you've built one, but how do you know how to secure it if you've never done those steps before too? How to secure it if you've never done those steps before too? So my pitch and my kind of proposal is that this is a skill that everybody can practice. Everybody can get reps in again. You can do it in your home lab, you can do it wherever, and it is something that it makes you stronger as a security professional, because you now understand when I'm talking to a system administrator, I'm talking to a network engineer and I'm making sure that they're doing the things that they should to make it secure. I actually know what I'm talking about because I've done those things before and maybe I'm not as deep as they are, but at least I know the fundamentals on how to secure a domain controller, how to secure a Linux Apache server, right. So those are things like employers would expect and you might get asked about that. You might be given a system or an application and asked to review it and also review and then provide recommendations on how you would secure it.

John:

Okay, um, and obviously in my experience you know misconfigurations. I say obviously, but misconfigurations have been usually the things that I have found that have been the scariest, because somebody forgot to turn something back on. Maybe they forgot to turn on the firewall, the local firewall, maybe they forgot to disable the everyone group from access to this share and they were testing it and it wasn't working. And so, as people do, they will make it more permissive. And then all of a sudden, they find like, oh, or they forget about it because they fixed their problem and they move on. Okay, we'll leave this here for now to make sure it's working.

John:

And then you roll across and find it and you're like whoa, hold on this thing's wide open. You know they forgot to disable that or forgot to configure it and lock it down Again. They're understanding how to look for those things, understanding what that means and then understanding how to communicate that to an individual. Say, hey, it looks like you've misconfigured this. This is how you go about locking it down to make sure it's appropriate and it's secure to least privilege or minimum access necessary. So I think my pitch is is this is again things that you can learn, things that you should learn, things that everybody can get better at myself included, steve included like these are skills that we may not do every day, but I think it definitely helps us and helps make us stronger as security professionals.

Steve:

Yeah, I agree. I mean, at the end of the day, right, cybersecurity is about protecting assets from threats. So, like you were saying, in kind of this series that we have with build secure hack, you know we've already talked about building systems, right, we've already talked about building things that can help us, and so now you know the next step is securing it, just like you said. So understanding that, knowing that is a huge help to you, to your organization, just in your overall professional career. So if you don't know how a system works and how to harden them, then it's like you're guarding a house without knowing where the doors and windows are Right. So I think it's definitely very important doors and windows are right. So I think it's definitely very important.

Steve:

And you were mentioning in a couple of things that misconfigurations, and usually I mean well, I say usually, but it so happens that sometimes that is what causes a breach, right? Someone, like you said, forgets to turn something on or something off. Maybe they left the port open, maybe they didn't change the default password on a system or application, and that is just, you know, an easy way for for a bad actor or attacker to use that vulnerability and Attack your systems in your environment, and then that can definitely to horrible things attack your systems and your environment, and then that can definitely lead to horrible things. So it's definitely something important and it's something that maybe we as cybersecurity professionals overlook. I also think and this came out of an experience that we recently had that we'll talk about later I think in today's world there's a lot of cybersecurity tools that put individuals in kind of a handicap.

Steve:

Right, our security tools are pretty good and they do a lot for us, which kind of keeps us from going back to the basics and fundamentals Because we rely so much on those security tools. So I think taking a step back and looking at things differently can help every professional, including me, like you said, including me, including you, even those who have been in the industry for a while. You know, don't get too dependent on certain security tools. Be sure that you can still like, like you say, sometimes live off the land and understand how to do certain things yeah, I'll jump in.

John:

That's a great point. I think that most of us do that. We think about well, our tool is going to protect us, our tool is going to keep us safe. We've got edr, don't worry. You know it's the, it's the, but it's the fundamentals. Imagine you don't have ed. Imagine you don't have EDR. Imagine you don't have your super awesome monitoring tool. Now, what? How do you protect that system? How do you monitor that system? Like that's the way I think, building from the ground up mindset and, like you said, living off the land. That is awesome to have that skill, because maybe something's broken or maybe EDR has been you know, been bypassed. Well, how would you do it without it? So I think that's a great point, awesome.

Steve:

So then, how can we secure systems? So people may ask yourselves. Well, there's certain things that you can do overall, just high level. There are some system hardening guidelines out there, right, that you can look for for Linux, windows, different applications, whatever it may be. Definitely access controls, understanding who should have access and how, implementing least privilege, right. So just giving people enough access to do what they need to, but not giving them too much. Where now they have a little too much access, you have to worry about what they can and cannot do.

Steve:

Obviously, firewalls and just network security overall. So configuring firewalls, using different VLANs, network segmentation, allowing things to communicate that need to communicate, blocking unused ports I mean that was something that we mentioned. Right, just having the mentality of starting off as secure as you can and then slowly, kind of letting your foot off the gas and opening things that you need to make sure that the system works appropriately. Auditing and logging right, you have to make sure that you know if something goes wrong. Well, maybe not if, when something goes, because something will go wrong eventually Do you have certain logging turned on, set up that can help you then investigate?

Steve:

Well, how did this happen? Where did this start? How did this all occur? And then there's obviously a lot of recommendations from the cybersecurity world in terms of security baselines, best practices. These are recommendations from other cybersecurity professionals, organizations within the cybersecurity community that have their opinions in terms of this is what we think will make XYZ as secure as possible. So, using a little bit of all of that and we're just going over this very high level generally right now, but those are just a few of the things that you can use to help you secure systems, environments, applications, whatever it may be. But, yeah, john, any thoughts on that?

John:

No, I think you know thinking about the fundamentals and focusing and applications, um and networks. You know there's there's not, honestly, there's not a lot of great training out there that I have seen. I have done a dig, a big deep dive into hey, who's doing what? But really mostly the training that you see is how to monitor and detect and how to hack, mostly right, okay, how would you triage? Maybe it's already a forensic type challenge, but the CIS benchmarks that Steve mentioned are a great place to start. And or the DISA STIGs, if you look at those and they usually come with documentation on here's why you should do these things. You know, and there's different levels and late and like, okay, if you're at level one versus level three, um, maybe the more secure. And you can start with those basics, level one type configurations and why you should secure those things. You know, here's the lockdown for a window server enable this policy, right, or disable this service. And usually it gives you some kind of justification for that. Oh, because this is a risk, overly permissive, whatever, whatever, right, so you could review those. And those are free you can get. You can access those and review those free you can get. You can access those and review those and they're specific to applications. You know they'll have an Apache server one, then IIS server one, a Windows server, a Linux server, general hardening, and those are. Those are good places to start and just kind of review what those look like and how you might implement those and roll those out if you had your lab and you had a server and you're trying to configure it and harden it.

John:

We're going to talk a little bit about chat, gpt or AI and how you can use generative GPT to help you with this too, because I think it's very useful. Another good use case to walk through. What are some steps to do this and how might you go about it. But we will link to some of these articles and training that's out there. That's at least generally in the area, right, most of the time.

John:

You get this training if you were learning how to be a system administrator in some flavor or be a network like a ccna, a routing, switching, uh, training course of like okay, here's the router, here's how to configure the router, and so broadly they're going to talk about how to secure it. You know it may not be specific but you could go into those little training modules and look for the specifics of that, that ccna book or ccna training. Let me learn how I would configure and secure a router based off of the, the training that's available. So it may not be a hey, here's a hardened guy, here's how to get better at hardening or how to get better at securing. But if you look at it from the, if I was going to be an administrator for this, and usually they're talking about the building of it, the configuration of it and how to secure it, so you may have to kind of dig a little bit to pull those out of the general training of kind of that administrator set or point of view, put it that way.

Steve:

So um, yeah, that's, that's kind of what I was thinking. Okay, perfect. So, in terms of um, real world tips, just some ideas or stories that you have, john, anything you'd like to share, I think. For me, though, I think, um, we've mentioned this multiple times right, having a home lab, just setting up a Windows server or Active Directory Linux box, whatever it may be, doing that in your environment, and now we're recommending that you focus on hardening it to the best of your ability, using some of the resources that are out there, using some of the resources that we'll share in preparation for what comes next. Right, try to hack it, try to break into it, but, yeah, anything around that, john.

John:

Yeah, the one, and there's multiples of these, but one of these that came to mind was um, the Metasploit Metasploitable images systems that you can download. They're free and they're super vulnerable. They have lots of misconfigurations, lots of exploits. And imagine you've, you've been given access to that server and now you have to harden it. How would you do that? How would you plug all those holes? How would you configure it and harden it and secure it so that it couldn't be as easily exploited? You actually might not be able to fully harden it, but as best as you could, how could you do that? And there's two versions of that. There's a Windows server version and a Linux server version.

John:

There's also web apps that are vulnerable and misconfigured. How could you? Could you this is something you could practice download those web apps, host those, go through? How might you plug those holes? They're built to hack. They're built to learn how to hack. But you could also flip that and use them as an example of how to harden, not just how to hack Right. So this is where the offense informs defense and also vice versa. But those are some good examples of practical examples in your home lab. Download those applications or those images, Run them Right and see how vulnerable they are, but then go in with that. You know, make an image, make a snapshot, go in and try to harden it as best as possible and that's going to be great. It's going to be a great experience.

Steve:

I agree, and I think you know people may just solely focus on actually doing the hardening and then, later on, the hacking, but I would recommend people also learn to document, learn to keep checklists if so, or just build your own playbooks for hardening these systems right, something that you can come to later on when you are actually in the field and you're you know, you start a new job and you know, hey, I have so many Windows servers. Let me just make sure, by either checking myself or talking to the sysadmins, you know, have we taken steps to do some of the basic hardening things that I learned how to do on my lab? Just just to make sure, and hopefully all you know, a lot of those basic things have been completed or done. But if not, then that is something again that you could come in and help with or assist or give guidance on or just highlight. You know it could potentially be.

Steve:

Oh, they just literally forgot to turn on the firewall or turn off this port, or they were just doing testing, or they were doing updates, and then they had to do this, to do that, and then they just forgot. They just simply forgot, not to say that they are incapable or knowledgeable, but they just simply just overlooked something. And now it's your job as a security professional to make sure that things are as secure as possible. So definitely by documenting things, kind of building yourself a playbook, and also help you in interviews, right, Just talking about that, discussing that, because in an entry-level security position, depending on where you are, you will be following playbooks, you will be following certain checklists, right, to make sure that as you're investigating things, as you're working through your security tools, you are doing certain items, certain things. So just getting in the habit of that, I think, will be a huge help for you moving forward in your career. So, all right, john, you want to talk about the little competition we recently had here with our teams?

John:

Yeah, you know I kind of highlight this and I talk a lot about CCDC and this is a key skill in that area that if you don't know how to do this, you're going to lose big time. And so we recently I work and we try to scrimmage with our student teams and I'll be on the offensive team most of the time and beating up on students right In a fun way, in a nice way, but, yes, beating up on students to give them a real world, like adversary.

Steve:

Right, so do you mind? Just kind of a quick overview of what this competition is. For those, this is the first time they're listening to us.

John:

Yeah, so this, this competition, the cyber, the collegiate cyber defense competition. You are, you know, imagine you've been dropped into a new company and you're the IT team, but really the security team as well, and you've got to protect it because they fired the previous team. And now you're coming in and you're learning the whole environment. You don't even know where all the systems are, and so you have to find those systems. Then you have to get access to those systems and usually you're in and you have. You have a password to get in, but you have so much time before a offensive team, a red team, is going to come in and kick your butt and just obliterate you, so you have to. You have a time window there that you need to quickly learn to harden. What are you gonna say, steve? No, no, nothing, at least continue, yeah, yeah. So, um, from that you know you get scored based off your services. So you have services that you have to keep up and running a web service, an ssh service or whatever and so you want to protect those. At the same time, you're also getting these business injects that come in and say, hey, we need you to set up this new application, or we need to set up, just like a business, we need to set up all these users. So when you get these systems, almost always they're super, super misconfigured Think Metasploitable-like, where they have lots of back doors and they're like Swiss cheese there's just so many holes. So you are under the gun because you have so much time before you know the red team is going to come, which is usually nowhere near enough time, and you have to start hardening and usually they split it up. Okay, you're on the Windows side, you're on the Linux side, you're on the application side, whatever. But this is a great test of these skills and we recently did a instead of the students being beat up, the employees were on the defense and the students were on the offense and they, of course, were very excited about this, because they get to be up on the employees, right. But it was great. I mean it's great.

John:

I kind of knew what was going to happen. I knew we were going to get our butts kicked, because you're usually really it's unfair, right. The red team has all the advantages. They know where the weaknesses are. They have so many ways to maintain persistence. They have so many ways to maintain persistence. But it's really about, under fire, learning how to deal with stress under this circumstance, but also learning how to harden and what skills you are lacking, that you want to get better at. And that's kind of what happened with us, right? We were given these systems, and my system was named Kraken. It was a Linux system, and so I had to protect it, I had to harden it, I had to protect it, and it was definitely kind of like King of the Hill red versus blue.

John:

You're fighting them out, you're kicking them out, they're getting back in. You kick them out, they get back in. You kick them out, they get back in. They kick you out. Then you kick them out, then they kick you out.

John:

Right, so it's a real under the fire, live fire type exercise where you do need to be able to think on your feet but also have skills of like well, what do I do if I land on this box? Like, what are my first steps? Skills of like well, what do I do if I land on this box? Like, what are my first steps? What am I going to do next? What am I going to look for next? Right, the students are actually really good at this because they practice this on a regular basis to prepare for these competitions, and we don't. Again back to my point on this skill we don't practice this as often, definitely. So I think it's something we all can get better at and and it's fun, it's a good way to do it and it's competitive in a nice way. But what was your experience, like steve?

Steve:

yeah, no, I mean, it was definitely eye-opening for me and which is kind of why I made that comment at the beginning. Right, I think we are so dependent on these security tools now that we kind of overlook the fundamentals.

Steve:

And just in that experience I was dropped. I was just an analyst, just like everybody else. I was dropped in a Windows box and I got my ass handed to me by a student. Like seriously, and I'm here, this guy, at a director level, and I'm like man, yeah, these guys, they're at the next level, but it was a really it was a cool experience. It was, it was cool experience and I, I said it there, I want to rematch, I want to do this again now that I know, you know and not, I'm not making excuses but they had what weeks, months to prepare. They built the environment and here comes john telling us on thursday hey, tomorrow, on friday, we have this competition with students, be ready. And we're like, all right, sure, whatever.

John:

And we get in there and we just get owned by these students and they're they're talking smack and I was like oh man like this they come in with their funny hats on and yeah they come in and they're like oh, anybody want cookies?

Steve:

Oh sorry cookies are for winners, and there's only crumbs left. I'm like oh, there's.

John:

I want my rematch.

Steve:

No but honestly, it was a cool experience. I definitely want to do it again. I actually participated in this competition when I was a student, but that's been like 11, 12 years now and I had not done anything like this since. So yeah it. It was kind of familiar after a while, like just getting thrown in there, the stress level, um, what you're having to do. You know getting messages coming through your. Your here, I am trying to secure this window box and I get this little pop-up hey, nice, try. And then boom, I get kicked out of my machine and I'm like these.

Steve:

Yeah, so it was a cool experience, yeah.

John:

No, I mean in all fairness, like I said, I knew this was going to happen. My goal was for us to get our butts kicked, but that means it was going to motivate us to want to rematch and to get better. I was like, okay, we're going to get our butts kicked, but that's a good thing, because then everybody's going to be like, oh, next time we're going to start practicing and getting better at this, oh yeah, so yeah, it was a little bit longer lead time than one day, but still not much.

Steve:

They had scripts ready, they had all this stuff ready? Oh yeah, they were ready walk in with donuts like all right, let's, let's do it, we got right no murder, murder yeah, murder, absolutely yeah yeah, no, it was good.

John:

Now we'll say, um, you know, out of all the teams and all the systems, there was one system that was still left running and green on the scoreboard. At the end of the day, Whose system was that John?

John:

I mean, it was my system, it was cracking. So I come in, I'm chanting, cracking, cracking. Everybody else is just like, oh man, we just got our butts kicked. Now listen, it wasn't easy for me. I had more. I knew what was coming right. I've been doing these offensive side things. I still need to get my skills up again on the defensive side for securing, but I had some more lead up on what to expect for sure.

Steve:

Yeah, it was definitely eye-opening and you know, it's another reason why we're talking about this topic here now. Right, I mean, it's stuff that we've experienced and it's things that we know we need to get better at. So we're hoping that you know, just sharing our advice and our opinion to those listening like hey, this, this could be a benefit to you.

John:

So, yeah, so and now let me jump in these students. These students are really good and I've seen them improve dramatically at this skill and very, very impressive. Like that's why I think this is so important, like I've seen how good these students have become at these skills and that made them so much better on the offensive side. For sure, this is my mindset. You know build secure hack, because they kicked our butts big time, but they also have been on the other end. But I have seen them improve in this in the secure skill set each year, just get better and better at knowing where to go without having to have a checklist per se. They just memorize and they know where to go because they're practicing it. So very cool to have this skill.

Steve:

Yeah, well, even just a confidence booster man. Oh yeah, I saw it when we were there in the competition. They just build this confidence because they know, you know, they know the fundamentals and they know the basics and they know them very well to where, if they're dropped in an environment like that, they they already know, they have it in their heads, they have these playbooks in their heads. What do I need to do first? How do we need to do it? Just the communication, working together as a team. And yeah, it was pretty impressive. Yeah, absolutely. Now I know for a fact that you had some help keeping that Kraken machine in the green up and running.

John:

What are you talking about? What are you talking about? No, no, no.

Steve:

Why don't you talk about that for a second?

John:

Okay, all right, yes, if you't you talk about that for a second. Okay, all right, yes, if you're not cheating, you're not trying. So let me just give you some examples. So this is why you know chat GPT in this example, I made a GPT that I called Whopperai, or Whopperai Whopper from war games, war plan response that you know I'm an 80s kid, so, but it's, I made it and really just fed an information about what SECDC or CCDC is, about what these competitions are about, the red side and the blue side, and to help give it scenarios of like, hey, I'm doing this right now, either on offense or defense, help me with this configuration or help me write a script for this. So I'll just share a little bit of like what this looks like so that you can kind of see, number one, how you can use this to learn, and number two, maybe you've never thought about using GPTs to help you write scripts that can help you learn how to harden and things like that. So I'll share this to kind of walk through some of these. There's a lot more that I did in this competition, but it was definitely very useful for me to to walk through some of these scenarios and help me keep and maintain access and to dominate on my server at least. So this is just some screenshots here of kind of talking through when I dropped into Whopper AI of like hey, now I'm on the blue team and I'm defending, can you help me find, you know, run a shell script that finds all users and help me change all the passwords.

John:

I ended up not using this script because there weren't that many users. But sometimes you get on these systems that are super weak and there's thousands of users or thousands, dozens of users and you don't have the time to manually go change password, change password, change password because the passwords are always bad and the red team always has all these passwords pretty much already. So default, changing default passwords or passwords that you have when you get on the system is super important and almost every somebody forgets to change the password. So I didn't need this as much, but it still was super useful to have it. Give me a list of. Here's a quick way to change these passwords on the system. Drop this shell script on here, make it executable and run it through.

John:

I had to change it a little bit because it wasn't setting a specific password that I wanted it to set. It was setting random passwords. But that's okay, you just tell it what I did in the next prompt. I was like, hey, just update this script to not do random passwords, to do a specific password, that I knew what it was for now, and then I could run it again. Then I could run it again if I needed to, right. So that was right out the gate, like hey, I'm setting the stage, I'm setting what the scenario is. I said I'm on a Linux server, this is what I need to do. Boom, right, which is cool.

John:

Another thing is always a an issue is cron tab entries on a Linux server, right? So there's always something hidden in cron that's a callback or a backdoor that opens up netcat or something back out to the red team or to the offensive team. And this is stuff I could have been more prepared with. But I could next time be even better prepared and have it. Help me have these scripts ready the next time. But, um, but I was like hey write me a cron.

Steve:

Yeah, exactly.

John:

Yeah, um, write me a cron, uh, a script, to check all the cron tab entries and look for suspicious I said, files here. I could have said suspicious um lines or entries. And so it did. It wrote, you know, went through, wrote this script to look for all these weird keywords you can see here curl or netcat or NCAT, bash or anything that looked odd, just enumerate. I could have just said even hey, just dump all the crontab entries you know quickly for every user, because that's another thing where they'll put in a different user that you didn't know about or you didn't go check, because every user has their own crontab entry. So those are the things.

John:

Again, I could practice this skill, try it out, make sure that it does what I want it to do and have it better prepared for next time. And then this one was actually this is the last one I'll share really helpful, because a lot of times you get on here and there's so many processes that are running that you don't know. You don't have the time because you're under fire. You don't have the time to go find every process and figure out what's bad, right? So I literally just dropped it all and dumped all the processes and then asked me, asked it to review my process list and to look for things that were suspicious, and it found a binary that was suspicious that it was like hey go, this one looks odd.

John:

Let me go look at this. This is not a standard binary and it was and it was. It was a bad binary that had been placed on the system, but and you're looking at the big list, I mean you may miss it right, and this isn't the full list, but it's a big list of processes. Now, how much faster. I mean I found it like that as soon as I dropped it in there. It found it right away. That made my job so much easier. So then I had to go through and kill that that binary, remove it, get rid of it, whatever, um, but yeah, I mean this. This was definitely a um, a force multiplier for me. Um, in this competition that I was actively using to to help me, um, keep cracking alive, keep cracking with cracking, keep cracking alive, keep cracking with cracking.

Steve:

Yeah, no, I mean that's a great. Those are great examples, right? And who knows, maybe a lot of our listeners are already using an AI or a GPT to help them, you know, with security things or items, whatever, maybe even training, but you know. But for those who haven't, I mean these are great examples of how you can use a GPT to help you secure a system, find weaknesses, identify suspicious processes that are running on a server or a system. So give it a try, check it out.

Steve:

Use your home lab. John mentioned the Metasploitable image for a system. I mean that would be a great, great, great just test for you to do in your home lab, to run through it, just gain that experience. That will just make you so much stronger when it comes to just fundamentals and just basics of cybersecurity that then you can turn around and have many stories to talk about in an interview and things that you can add to your resume, because at that point you are hardening systems. You are, you know, reviewing different scenario or I guess not scenarios, but just different images, different systems, whatever it may be and just helping secure them. So I mean that is definitely a skill that is needed and valuable within cybersecurity and within just your overall professional career and growth. So, yeah, next time we will have something similar to that, john.

Steve:

For the rest of the blue team, yeah, be better prepared. Who may feel a little overwhelmed just by listening to this podcast and just, uh, you know, not being so familiar with things, you know, take it slow, take it easy. Reach out to us. You know we happy to kind of guide you through certain things and just examples, but definitely use GPTs, ai. Um, it is there to help. So far it's done a pretty good job.

John:

So just keep that in mind definitely yeah, I think, um, I hope this is good for for everybody, just to understand why this is important and how you can get better at it. Just like everything, it's a, it's a skill you can, you can rep, you can practice, and the more you practice, the better you're going to get. Don't just rely on the, the gpt, to do all the work for you. You need to understand it and understand why it's doing what it's doing and how that makes a difference to harden the system or application or network. Um, so use it as a tool, not a crutch, that's what I would say yes, yes, absolutely good point, john.

Steve:

All right, well, yeah, I mean, I think that's it for us today. Just a quick recap. We talked about you know why. You know, knowing how to secure systems is essential in cyber security. We talked about how to secure them. Briefly, uh, we, we are going to share some additional resources that we think could help. Um, we shared just some stories of kind of how things went with our blue versus red competition and how John was able to keep things going using AI. So I think, yeah, I think that's a wrap for us today, guys, hope you enjoyed it. We'll definitely be back with our third episode, which will be the hack episode. Again, it's build secure hack. But yeah, with that third episode, which will be the hack episode, again, it's build secure hack. But yeah, with that being said, john, any final words?

John:

No, that's it, Thanks everybody.

Steve:

All right, thanks for tuning in, until next time.

John:

Thank you for tuning in to today's episode of the Cybersecurity Mentors Podcast Remember to subscribe to our podcast on your favorite platform so you get all the episodes. Join us next time as we continue to unlock the secrets of cybersecurity mentorship.

Steve:

Do you have questions or topics you'd like us to cover, or do you want to share your journey? Join us on Discord at Cybersecurity Mentors podcast, and follow us on LinkedIn. We'd love to hear from you. Until next time, I'm John Hoyt and I'm Steve Higuretta. Thank you for listening.