Lost civilsations, EV tyres, global risks, and circumcision.
I thought I’d have a play with ChatGPT, to see if it could help me write about, and refresh my knowledge of, logical fallacies. I also wanted to test some of the various “bugs” I’ve been reading about (for example, it’s terrible with numbers).
I asked it for a list of common logical fallacies, then asked it to provide definitions and real examples from political debates. The answers are copy-pasted from ChatGPT with minimal editing.
Building habits, Our Flag Means Death, dry eyes, and robotic bras.
I’m not planning on taking the GMAT any time soon, but was curious to see what would be involved anyway. These notes are far from exhaustive - they’re just a few things that I want to remind myself of.
Book: GMAT All the Quant by Manhattan Prep.
Data sufficiencyA. Statement (1) does allow you to answer the question, but statement (2) does not.
B. Statement (2) does allow you to answer the question, but statement (1) does not.
As a Farnam Street post states:
Mental models are how we understand the world. A mental model is simply a representation of how something works.
The page provides a long list of mental models, with summaries, and books that go into further detail.
According to FS, there are nine “core” mental models:
The Map is Not the Territory Circle of Competence First Principles Thinking Thought Experiment Second-Order Thinking Probabilistic Thinking Inversion Occam’s Razor Hanlon’s Razor Given I’m a consultant, I thought it could be fun to invent a consulting scenario utilising all these.
2022 best-ofs and 2023 preductions, green investing and inflation protection, planting trees, and solar vortices.
Summaries ChatGPTThe writer is considering how they should spend their free time, and divides actions into three categories: consumption, creation, and contemplation. Consumption is about taking in media for entertainment or education, creation is about putting something out, like creating art or building something, and contemplation is deep thinking. The writer argues that many people spend most of their time on consumption, and that true value comes from the other two categories.
Cyber Security Certifications Courses Challenges
My notes on Notion(backup link)
I take notes using Notion. Lots of commands, tools, hints, and tips. Over 72,000 words so far!
Screenshot as of October 2021:
Back in November I gave a talk at Security BSides in London about MITRE’s D3FEND framework. Audio is a bit off until 1:27, then it’s fine.
Watch it here:
Introduction Learning CODESYS Temperature Control HMI Code Variables HMI Simulation Comments? IntroductionUntil now I’ve used OpenPLC for all my PLC (ladder logic) projects, as it’s very user-friendly and it makes using an Arduino as a PLC very simply. However, as I was studying LL and ST, another piece of software kept being mentioned - CODESYS.
According to CODESYS, they are “the leading manufacturer-independent IEC 61131-3 automation software for engineering control systems”.
https://cyberdefenders.org/labs/45
Contents Description Tools Questions 1. What is the attackers IP address? 2. What is the targets IP address? 3. Provide the country code for the attackers IP address (a.k.a geo-location). 4. How many TCP sessions are present in the captured traffic? 5. How long did it take to perform the attack (in seconds)? 6. No question 6 . . . 7. Provide the CVE number of the exploited vulnerability. 8.
Introduction Structured Text Project Examples Two-Button Latching Circuit One-Button Latching Circuit with Emergency Stop Playing with Timers Steady(ish) State (e.g Temperature) Comments? IntroductionAfter playing around with ladder logic (LL) in OpenPLC, I wanted to get a basic grip of structured text (ST). While LL is a visual method of programming PLCs, ST is a C-like language for programming PLCs, featuring well-know coding functions such as IF and WHILE.
Fortunately, OpenPLC also allows you to program PLCs using ST!
Introduction Getting It All Working Installation First Project Video Walkthrough Project Examples Two-Button Latching Circuit One-Button Latching Circuit with Emergency Stop Playing with Timers Steady(ish) State (e.g Temperature) Comments IntroductionPLCs (programmable logic controllers) are used within the operational technology (OT) space, such as in the industrial control systems (ICS) that manage manufacturing, energy generation, and robotics. PLCs are often integrated into SCADA systems, where a PLC is used to monitor inputs (e.
Introduction Eyesight The Project Images Circuit Diagram Code Video Conclusion Comments? IntroductionI always loved tinkering with electronics - that’s why I did Electronics at A-Level and went on to do Electrical & Electronic Engineering at university. However, over the last few years, due to work, travel, and other life goings-on, I haven’t had a chance to play around.
Recently I saw an Arduino kit on sale on Amazon and decided to jump back in!
https://blueteamlabs.online/home/challenge/12
Contents Introduction Questions What is the IP responsible for conducting the port scan activity? What is the port range scanned by the suspicious host? What is the type of port scan conducted? Two more tools were used to perform reconnaissance against open ports, what were they? What is the name of the php file through which the attacker uploaded a web shell? What is the name of the web shell that the attacker uploaded?
https://cyberdefenders.org/labs/55
Contents Description Helpful Tools Questions 1: Sample1: What is the document decryption password? 2. There is no question 2 . . . 3: Sample1: This document contains six hidden sheets. What are their names? Provide the value of the one starting with S. 4: Sample1: What URL is the malware using to download the next stage? 5: Sample1: What malware family was this document attempting to drop? 6: Sample2: This document has a very hidden sheet.
https://cyberdefenders.org/labs/73
Contents Description Questions 1: Github.txt: What is the API key the insider added to his GitHub repositories? 2: Github.txt: What is the plaintext password the insider added to his GitHub repositories? 3: Github.txt: What cryptocurrency mining tool did the insider use? 4: What university did the insider go to? 5: What gaming website the insider had an account on? 6: What is the link to the insider Instagram profile? 7: Where did the insider go on the holiday?
https://blueteamlabs.online/home/challenge/4
Contents Introduction Questions What user (other than ‘root’) is present on the server? What script did the attacker try to download to the server? What packet analyzer tool did the attacker try to use? What file extension did the attacker use to bypass the file upload filter implemented by the developer? Based on the commands run by the attacker before removing the php shell, what misconfiguration was exploited in the ‘python’ binary to gain root-level access?
IntroductionIt’s already been six months since I started my journey as a Security Analyst (time flies!) so I thought I’d share some thoughts to help other aspiring SOC Analysts.
I started with no professional IT experience, only a lifelong interest. My background was primarily in engineering. I prepared for an infosec role by doing CompTIA Security+ and Blue Team Level One certifications (review here), playing around on TryHackMe and with Security Onion, and generally learning as much as possible.
