This is my technical blog and has been borne out of studying towards the Offensive Security Certified Professional (OSCP). In my study for this certification I came across lots of great resources and blogs that helped me to dive deeper into subjects and garner a better understanding. This blog hopefully will pay some of that gratitude debt back to the technical community. This will not be focused solely on offensive techniques, although I am slowly shifting towards that, my day job still involves plenty of cloud, embedded as well as enterprise IT. I regularly come across oddities or niche configurations, which may become future blog posts.
I have had a 20 year career so far, working mainly as a Systems Architect and consultant helping to deliver high integrity and specialist computing and communications systems to various organisations that need such things. In this time my day job specialisms have shifted from pretty niche communications protocols and computing architectures towards implementing the best of Enterprise and Cloud technologies for these specialist fields (connecting a iPad to a armoured vehicle via a custom J1939 gateway, using WiMAX for Unmanned Ground Vehicle Control and telemetry etc etc.) I have been privileged to be involved in some great projects, from playing with secure communications, leading autonomous vehicle research (back in 2010-12) as well as traveling to some pretty unique places.
Throughout this career I have held a keen interest in Cyber Security, I have even once found a vulnerability in a naval command and control system for privilege escalation, that resulted in a rather rapid notice being issued to vessels at sea. (system now obsolete). This formal change of direction started back in 2010, where I started going on specialise training courses for Information Assurance Risk Assessment (old school IS1 IS2 from CESG) as well as purchasing waaay too many hacking books and consuming papers and publications from Defcon etc.
My training took a slightly more formal approach in 2015, where I undertook a Masters By Research (essentially the first year of a PhD) and studied vulnerabilities in wireless networks, which were applicable to the UK MOD, my thesis ((Ballantyne, S. N. T. (2016) Wireless Communication Security: Software Defined Radio-based Threat Assessment. Unpublished MSC by Research Thesis. Coventry: Coventry University) focused on the threat to the physical layer of radio networks, looking at attack vectors along with promising protection methods that could be applied. My experimentation was based around demonstrating record and replay attacks against the UK MOD Personal Role Radio as well as the Spoofing of GPS. I was awarded this qualification (MScR). unfortunately I didn’t have the opportunity to complete the PhD due to work commitments, however the MScR taught me a significant amount around research methodology and formalising my experimentation and analytical techniques.
In the last ten year I established my consulting business (Xi Systems) and from the ground managed to gain accreditation’s such as ISO9001 and 27001, UK Government Cyber Essentials and Cyber Essentials Plus, as well as ensuring we deliver technical work to some fairly complex projects from a technical and political perspective. During this time, I have architected several IT networks in line with NCSC published guidance, as well as develop, evolve and manage the Xi Systems networks. This was at the same time as delivering consultancy surrounding Tactical Mobile Ad-Hoc Networks (MANET) and expertise surrounding the integration of future soldier systems for enhanced Situational Awareness.