Hey Everyone,

This is turning into an annual blog, it seems. Sorry about that.
I started an LLC earlier this year with intentions to aim towards mobile app & web development and security consulting... I don't have the website up yet, unfortunately. Too busy with other things.

The LLC process is fairly painless in my state, about 52$ and 15 minutes later, I had an EIN & LLC. I then got a business bank account with checking and a credit card. If you've ever thought about it, just take the plunge and got for it. Tax write-offs for company related items (hardware, training, etc) will help you get everything you need together to start earning money.

I got my CISSP last week and I recently had the opportunity to attend the CompTIA workshop for their new certification, Pentester+. Look to those objectives being published within the next two weeks! The event was great, the staff was great, and the opportunity was once in a lifetime. If you get the chance to be one of their SME's definitely do it.

I am currently working on setting up my "laboratory" (for my LLC) in my office. I purchased two 34" curved monitors and a refurbished Dell R610. I'm going to need some more hard drives and RAM for it, eventually. I went through quite a bit of troubleshooting to enable a setting in the BIOS that allowed me to boot from the DVD drive (it was not blatantly obvious, like most things in IT). I'm going to get Ubuntu running on it with DevStack to have my own personal cloud (I really just need a Lakitu sticker for it now). With that there will be some solid lab setups for sharpening my offensive security as well as dev skills. (My initial attempt to install it, I forgot to configure the RAID controller, first derp... and I also have an ugly, long Cat5e ran across the length of my house to the router)
I'll blog about these adventures, someone might find them helpful... don't worry (:

I've also spent some time tinkering in AWS, so good so far. I've gotten some Udemy training for AWS from "A Cloud Guru" and it's one of the best online trainings I've ran into by far.

I've been spending a lot of time at the Midwest Cyber Center (a really, really amazing non-profit), as a technical mentor, helping them prepare students for the Cyber Patriot program. As well as I went to the Microsoft "Digi-Girls" event, which encourages middle and high school girls to get involved with STEM fields. I told a girl she could get paid to find security flaws in websites and programs, and she was SO excited. Made my day. I also talked to some who were going to the event to get out of class, and had no real interest in STEM careers. They asked me how much I paid for my half sleeve tattoo, and I told them it was probably around $1200. They flipped out, and I told them if they had a STEM job, they too could spend lots of money on tattoos. I think I got their attention. Job well done, it seems.

I also started writing a presentation on buffer overflows (stack & heap) with an accompanying lab... When I have time, I'll touch it up and post it here for everyone.

I also read about the recent Blueborne attack vector & Corresponding exploits. Armis Labs has created one of the most well-written white papers I have ever seen. They color coded lines of code and wrote easy to understand explanation and details. The TLDR version is that there was a lack of input validation on the header files in the C programming language, affecting the implementation of bluetooth across all devices that shared the library. The scariest part, was that this vulnerability occurred during the handshake process (before you paired your device), and allowed for a buffer overflow which was leveraged for remote code execution. They took the moral high ground and disclosed it to vendors, allowing them time to patch before it was publicized.

Aside from IT things, I'll be attending Ford's Adrenaline Academy for their Ford Focus RS rally school soon.

Sorry, the last two posts have been rants of little to no real technical value. Just busy.