Hacking Humans : A Talk About Social Engineering

Back in January I did a talk at NDC London about Social Engineering. This was a new talk and I very much enjoyed doing it to an almost full room. The conference organisers have now published all the videos from the conference. You can see this talk in the video below.

Here is the official talk description:

Social engineering is one of the biggest threats to our organisations as attackers use manipulation techniques to coerce people into revealing secrets about our companies to allow attackers to gain access to critical systems.
In this talk we will look at some of the techniques used in social engineering and look at how to guard yourself against them. We will cover subjects like pre-texting, elicitation and body language as techniques for manipulating people.

Play by Play: Enterprise Data Encryption with Azure Revealed

I am pleased to announce that my latest course has been released by Pluralsight, called Play by Play: Enterprise Data Encryption with Azure Revealed. This course is a bit different to my previous courses as a Play by Play course is recorded live with 2 people. In this case, myself and my good friend Lars Klint.

Play by Play: Enterprise Data Encryption with Azure Revealed with Stephen Haunts and Lars Klint

Play by Play: Enterprise Data Encryption with Azure Revealed with Stephen Haunts and Lars Klint

I first hinted at this course back in January after attending NDC London, as this Play by Play was recorded at the conference. It is the first time I have done anything like this and I really enjoyed the whole experience. The subject we discussed in the course is about protecting your data in a multi-tenant environment in the cloud (Azure for example) using Azure Key Vault. This is a subject that is vital for organisations to get right, which is why we thought it would make a good Play by Play.

Here is the course description:

Play by play is a series in which top technologists work through a problem in real time, unrehearsed and unscripted. In this course, Play by Play: Enterprise Data Encryption with Azure Revealed, Stephen Haunts and Lars Klint look at the different ways in which enterprises can protect their data, especially in a cloud-first, multi-tenant world. You’ll learn concepts around encrypting enterprise data, look at what you should encrypt, and cover robust patterns and practices you can follow in your organizations. By the end of this course, you’ll have a better understanding of enterprise data encryption methods and how to apply them to your organization.

As the description states these courses are unrehearsed and unscripted, which is true. We have an idea of the demos and a list of bullet points of things we want to cover but apart from that the course is done as a conversation between me and Lars.

Stephen Haunts at NDC {London} 2017

Stephen Haunts at NDC {London} 2017

These courses are designed to be deliberately short, around an hour, because we pick one narrow subject and discuss that in detail. These are not full subject, in depth courses, but they give you enough knowledge to be practical and useful with tips for further research. This means that the courses are very easy to watch in a short space of time. This course is about an hour in length, so is the length of a normal podcast or conference talk.

If you watch this course and then want to go into much more depth, then this course compliments my other course called Practical Cryptography in .NET which goes into much more detail on the AES and RSA cryptographic algorithms. What this Play by Play features is how to securely protect any encryption keys you use to protect your data.

The Play by Play is quite practical and I run through several code demos. The source code for all these demos are included with the course.

I hope you like the course. Thanks for watching.

Tim Ferris Tricks for Combatting Procrastination

I am not going to write a big article around this, but procrastination is something that effects us all, especially when you have a big project to complete. This happens to me all the time and I constantly have to train myself to get past it.

The tips in this video are very useful, I highly recommend watching it. Over to you Tim….

Speaking at NDC {London} 2017

Last week I had the pleasure if attending NDC {London} again as a speaker. The NDC conferences are such an amazing experience and they are run by the awesome people at programutvikling. This is my 2nd time speaking at NDC {London} and like last year where I spoke about Cryptography, I was keeping the security theme going by talking at Social Engineering and Human Hacking.  I was fortunate enough to spend the entire in London for this conference, which included the 2 workshop days before  the main conference.

The reason I wanted to attend the workshop days is because I would like to plan a workshop, so I wanted to sit in part of one to see how they are run. Troy Hunt was kind enough to let me sit in his Hack Yourself First Workshop. I learnt a lot here, not only about security, but the mechanics of running a workshop, including the introduction, pacing, slides, and style etc. This was very useful and I am now ready to plan a workshop of my own.

Stephen Haunts at NDC {London} 2017

Stephen Haunts at NDC {London} 2017

During the first 2 days in London I got to spend a little downtime walking around London with Lars Klint. This was quite relaxing as we caught a train to Tower Gateway and then walked from the Tower of London down the Southbank, through Trafalgar Square and around other parts of London. We easily did 18km that day. My feet were killing me, but was great fun. It was the first time Lars had been to these areas, and for me, I hadn’t walked around those parts of London since I was a kid. Continue reading

Recording a Pluralsight Play by Play course at NDC {London}

During my recent speaking trip to the NDC London conference, I was also invited to record a Play by Play course for Pluralsight. A Play by Play course is a short film course that is in a conversational style. This involves having one person who is the subject matter expert for the course, and a 2nd person who is the facilitator for the course. It is this persons job to introduce the course and help draw information out of the subject matter expert by asking questions. This conversational style should make it easier for the learner to get a good gist of the subject in a short space of time. These types of courses are not meant to be super in-depth, but an introduction to a subject, or focusing on one area of a larger subject.

My partner in crime for this course was Lars Klint, who is another Pluralsight author. Lars has done a few of these courses before, so I knew I was in good hands. The course we was recording was about enterprise data security using Azure KeyVault. Essentially the course was about encryption key management using hardware security modules, or abstracted hardware security modules like Azure KeyVault.

We started the planning for  this course in December where we put together the proposal  that split the course down into modules. Each of these modules then had a content plan so we knew what the overall narrative would be from start to finish. Once this was approved I then split this out in to a slide deck where we have bullet points for each modules. I had this on my screen whilst we were recording. This acted as a prompt for me and Lars. Whilst this prompt would have been recorded on my laptop, none of this will be seen as it will be edited out.

Stephen Haunts recording a Pluralsight : Play by Play Course

Stephen Haunts recording a Pluralsight : Play by Play Course

When I first walked into the room on the day of recording, I will admit that it felt a little intimidating seeing all the lights, 3 large cameras and 3 camera operators, but luckily Lars and Troy Hunt were recording a course first, so they were happy for me to sit in and watch. I am glad I did this as it meant I could see what was involved, including how best to recover if you make a mistake. The technique here is to remember what you last said, pause and carry on with the same intonation in your voice to help make it a clean edit point for the editor. Every now and again we would speak out editor notes to the camera, but of course this will all be edited out of the final course.

Continue reading

Life at a Start-up : Exploring the Microsoft HoloLens

Over the last week we have been working on something quite exciting. At BuyingButler and RightIndem we pride ourselves on being a very technology focused company, and we love looking to see where we can use the latest technology to solve real problems. We have been doing just that with Microsoft new HoloLens Mixed Reality headset.

On Thursday 12th Jan 2017 we had a good friend and fellow Pluralsight author Lars Klint fly over to the UK for the NDC London conference. Before the conference he came up to Nottingham  for a couple of days to work with us around some use cases for the Hololens for RightIndem. I can’t discuss what those use cases are at the moment openly, but they are quite exciting and complement one of our project modules nicely.

If you would like Lars to run a workshop for your company, you can see the details on his workshops page. I highly recommend him for the Hololens workshop or his Winning at Life workshop.

First though, what is the HoloLens. Below is the brief description taken from the HoloLens website.

Microsoft HoloLens is the first self-contained, holographic computer, enabling you to engage with your digital content and interact with holograms in the world around you.

When wearing the headset, you still have an unrestricted view of your surroundings, but you also see holograms that are placed in the room that you can only see with the HoloLens attached. These holograms are aware of their surroundings and can be placed on walls and tables. This is achieved by the HoloLens doing spatial mapping of the environment around it. You can then interact with these holograms directly whilst walking around your environment.

The HoloLens is a Windows 10 device which is untethered, which means you do not need a cable running between the headset and a powerful computer like you do with a Virtual Reality headset like the Oculus Rift.

Lars Klint Demonstrating the HoloLens

Lars Klint Demonstrating the HoloLens

With Lars visiting our offices we had 2 goals to achieve over 2 days. On the first day Lars facilitated a brain storming session with myself and the rest of the companies management team. We already had some ideas of where the HoloLens could be applied, but the purpose of this session was to work through different ideas and walk away with a rough plan for a series of minimum viable products we could build. This session went very well, and everyone involved had the opportunity to try the HoloLens for a good amount of time. This was important as people need to understand what the experience feels like in order to understand the constraints posed. Off the back of the session we have an idea for 2 technical spikes we want to try and a prototype product to build with it. The cool thing is, we already have a company we are talking too about partnering with us to deliver a HoloLens solution.

Continue reading

Switching to an Apple Mac

For my entire career I been a Windows users. I have made my career around it, and it has been a good career. This has meant working on desktop and laptop PC’s of varying quality from really bad, and underpowered machines, through to some very nice laptops like the Dell XPS and the Lenovo Yoga 900. Back in August of 2016, I decided to switch over to using an Apple Mac to give it a try as we run a mixed Mac / PC estate at Buying Butler and RightIndem.

It took a few days to get used to some of the differences, especially around the use of the keyboard layout, but after a few days it started to feel very natural. For general productivity I am still using the Microsoft Office suite, and I must say Office 2016 on the Mac is pretty good. I have found it stable and I have not had any compatibility issues with any documents. One of my most used tools is OneNote and this works perfectly on the Mac. In fact, I am drafting this very post in OneNote whilst on a long train journey.

If I am honest, I always used to think that people who used Macs just used them because Apple seemed trendy and never really saw the point. After using one for a while though, I can see why they are so beloved of their users. They are very easy to use and they do indeed just work.

MacBook Pro 15 Inch with Touch Bar

MacBook Pro 15 Inch with Touch Bar

The Mac I started off with last August was the late 2015 MacBook Pro 15inch with a 512gb SSD and 16gb of Ram. The machine also had an additional graphics processor, so this machine felt very fast indeed. I initially had reservations around how future proof 16gb of ram would be, but in my observations, memory management seems to be a lot more efficient in MacOS. Working in a development team that still makes a lot of use of the Microsoft .NET development platform I still need to run Visual Studio 2015/2017 and this doesn’t run natively on the Mac so I still need to run Windows for development work. My 2 options here were to run a bootcamp partition and boot across to Windows, or run Windows 10 in a virtual machine using Parallels. I opted for the later to try It our and it runs very well. I run a VM with 8gb ram assigned to the virtual machine and it runs very well. I am literally only Visual Studio and any related development tools in this VM and any productivity tools natively on the Mac. Even with this virtual machine running, and office and browsers windows, I have still not been near the tipping point with Ram which is great.

Continue reading