Brianne Fahey

project

The Resourceful Will Find a Way

by

Since I recently finished the SANS SEC-503 course passed my GCIA exam, I’m enjoying my first week in a while without evenings full of intense studying.  There have been fits of cleaning and organizing things I let go too long, and event a move to complete some of the small home improvement tasks I’ve put on the back burner.

This weekend I was working on a project.

For me, this means rolling a cart loaded with lock boxes filled with power tools into an alley and hoping for minimal interruptions.  When you have something you want, you make do with what you have to make it happen.

This is exactly what happened.

I made a plan and laid out my mobile workspace. I hefted the materials I needed into the alley. I fired up the cordless circular saw and it immediately died. I did some troubleshooting on the battery and found out it was dead. And the backup battery was lame. But I already staged my materials and with a temporary mobile workspace, you don’t roll it all up and go home until you are finished.

I experimented with other tools I had at my disposal although they were less fitted for the task than the circular saw. I dug through my lock boxes looking for other options.  Finally I spotted it – the jig saw I had not used for ages and had contemplated getting rid of in my last clean-through. If my project was the turkey and the cordless circular saw was an electric carving knife, the ancient jig saw was a rusty scissors.

Let me give you an idea of some of the things I worked around to finish the project.  Getting a heavy, heavy industrial cart over some PVC pipes clamped down across my pathway. Dead batteries for the set of cordless tools. Not a long enough cord for the jig saw. Broken clamp. A wheel fell off the dolly while I was moving a pile of wood. The lights in the trash room were out and it was pitch dark. You’d think I was the bad news bears of DIY tasks.

So I coaxed and I pushed and I persevered and I finished the job. It was not pretty. It was not at all as I had planned.  But it was finished.

I cleaned up my mobile work-site, made a list of things I needed to repair or replace before I came back for the next job. I celebrated the tiny victory of knocking a hard task off the list of things I wanted to finish.

I learned to be resourceful from my parents.

They encouraged us to stick with it.  They challenged us to find another way when we hit a wall. They did not freak out at the mess that was made when I attempted to create what I needed myself. I can be a hustler and a hard-worker, and when I take time to think I can be smart about it.  The willingness to be resourceful and either persevere or pivot to another way is important to me. It is one of the things I believe can translate into professional settings and differentiates between people who move on and people who finish hard tasks.

Try hard. Learn from the goods and the bads. Try again. Get better.

When a List Won’t Do

by

A Microsoft Technet article by John Lambert from 2 years ago includes this quote, and I’ve seen it used many times since then:

“Defenders think in lists. Attackers think in graphs.”

To me, this statement means that there are multiple possible paths available to get to an end if you can pivot and reorient while working through an environment. The environment may have been designed in a systematic hierarchy to maximize organization efficiency, but that doesn’t mean a wily actor can’t create their own circuitous route.

I mentioned in a previous post that I’ve been learning to dabble in Graph Databases. In fact, I am working to build a graph representation of the connections and pivots available in the logs and data typically available to an analyst in an investigation (inspired by one of my favorite parts of the Investigation Theory course).

Unlike a relational database, a graph database uses nodes, edges, and properties to build and describe relationships. Wikipedia describes the graph theory behind a graph database better than I can, but I put together the visualization below before my free trial of MindJet MindManager expired. If you can determine your nodes, labels, properties, and relationships – you can connect and visualize the net of assets and relationships in your scope. Let’s use the sample graph visualization of two colleagues names Bob and Cathy.

  • Nodes contain properties and are tagged with labels.
    • The person is a node, the property is their name and the labels are their position and their prestige.
  • Relationships connect nodes, have direction, and contain properties.
    • The relationships describe how the nodes (persons) are working and hiring.

I’ve been learning Neo4j to build a graph database.  Download this free Graph Databases ebook from O’Reilly to get started.  I’ve also watched some videos in an Intro to Neo4j course hosted by Lynda (which normally has a cost but can be accessed with my library card for free via the elearning offerings on my local library’s website). I’d also like to buy Learning Neo4j Graphs and Cypher book and video from Packt Publisher in the future.

In the starter use case I’m building out in my own Neo4j instance, the nodes are both data sources and data elements, and the relationships describe where the data elements are contained. The idea behind this is that if an analyst had one piece of data and wanted to get to another piece of data, they could explore the graph to see which nodes they have available to traverse in order to pivot the data from what you have to what you want.

For instance, if you have the IDS Alert available providing you a signature and protocol, but you need to know the details of the certificate used in the transaction, you can pivot fro the IDS alert through the PCAP and SSL Transaction to get to your destination.

I am still experimenting, I know my test data is imperfect.  Ideally, you could research the sources and elements available within your enterprise to create your Cypher code and output a visual database that allows you to look or query for a solution path. Somehow it feels much more impressive when you look at the connections for the data elements of a dozen or so different data sources at once.

This is a solid idea for a learning opportunity and a rough first implementation try. I’ll think on it some more and work to eventually hone something useful and repeatable that doesn’t take much effort to keep up to date. If you have any input, feel free to use the contact form on my website and reach out.