On Thursday, Dec 16th, I turned in my last paper for my last project for my last class of my cybersecurity degree. On Friday, December 17th, my teammate turned in the last deliverable of the project. I’m done! We’ve gotten feedback on our deliverables already (“Exceeds Expectations” – a common refrain) and a hearty “best wishes in your future endeavors” from our professor. I’m done! I’m done! The grade hasn’t posted on my transcript yet, but UMGC is holding virtual commencement exercises today. I’m walking on cloud nine, just not on a stage. I wouldn’t have walked on the stage anyway – I just wanted the achievement, not the hassle of getting to some event somewhere to be announced to people I don’t even know.

Instead, I’ll spend my weekend working with balloons for a Clementine gig this afternoon and just generally being ecstatic that I’m done!

For certain assignments for our class, we’re required to submit videos. I’ve done it before by saving my narration in a PowerPoint file, but this time I opted to export it to an MP4 and publish to YouTube. Why, I’m not sure. Seemed like a good idea at the time.

Replaying my video through YouTube, I’m amused to see the list of things YouTube next recommends for me, after viewing a video entitled ‘CYB670 Team2 Project3 CyberOperationsAndRiskManagementBriefing’. (Eh, I should probably have cleaned that up a bit and put in spaces at least, but…)

In order of listing:

All of those sound much more interesting than my briefing on cyber risk management. Tempted to add a few recommended links for the professor’s enjoyment! Definitely check out the Carol of the Bells!

Between open carry laws that don’t require training or registration and a new law that incentives folks to turn in women or those who help them, Texas looks like it’s become quite the dangerous state. Churches and the government should establish refugee resettlement programs for any Texas women and their families that seek to leave. Texas is seeking to become a retirement only state. Warning: it’s hard to care for retirees without younger folks.

In a surprise shift in my career, my customer and employer is now supporting work from home. After a few weeks of working from home 4 days of 5, here are a few surprising reflections:

  • Not commuting is wonderful!
  • I can happily wear Crocs and PJs 4 days out of 5. (We have no video meetings!) That whole idea of dress for success? Doesn’t apply when you’re in the groove in code.
  • Makeup is an optional thing
  • Jumping out to the gym in the middle of the day means fewer people => more access to the weights. And not having to be at work (and no video meetings) means showering is a thing that can be done when the work day is done… (No, you don’t want to share a home office with me on workout days…)
    • Surprisingly, old people at the gym are the ones who are getting too close for my comfort in COVID times. Guess who’s at the gym in the middle of the day?
    • Note that me being at the gym in the middle of the day suggests the logical inference that I am old, which I attempt to avoid acknowledging…
  • While there are no distractions from too loud coworkers, the puppy who wants to play can consume some significant cycles that need to be accounted for in the timesheet
  • Beer can be consumed, but should only be done (1) in the evening, (2) when you’re almost done anyway, and (3) used as a stopping function. E.g., I’m on beer #2, billable time is over!

In July, I signed up to be a “fundracer” for a group doing great things in the Baltimore area. Back on My Feet is a national organization with a Baltimore affiliate. In each affiliate location, they set up running groups at local homeless shelters. They worry about making sure that running groups have structure and running partners (both residents from the shelter and from the community), help folks connect with shoes, and connect participants with employment and housing opportunities. Their model literally walks/runs alongside the folks they’re seeking to serve, committing to regularly be there with them and connect. They’ve got some impressive stats, too, in terms of numbers of folks employed and housed through the program – check out their website. The program says: “Our unique model demonstrates that if you first restore confidence, strength and self-esteem, individuals are better equipped to tackle the road ahead.” and that they “seek to engage you in the profound experience of empowering individuals to achieve what once seemed impossible through the seemingly simple act of putting one foot in front of the other.”

I’ve fundraced for BoMF before. They get entry slots in the local Baltimore Running Festival, which runs in October as a 5K, half-marathon, and marathon. I used to be more of a runner and would train for the half. I’m older and a bit less in shape than I was, with other priorities at the moment that keep me from dedicating time to build up to logging 12 mile+ training runs on weekends. But…. I can put a few fewer steps in front of the other and make the 5K (3.1 miles) happen. I’m now regularly running 2-2.5 miles during the week, with a long run on the weekend of 4 miles. I’m slow, but getting slowly faster. Using that same approach to commitment that the running club participants put in, I’m slowly seeing results. I’ll only earn success and complete the race if I keep it up, though, just as they’ll only earn their success if they keep putting in the work towards employment and housing.

If you, like me, find the approach valuable and/or inspiring, support Back on My Feet and their mission by supporting me in my fundracing. Earlier this month, I met my “goal”, which was the minimum tally to enter the race on behalf of BoMF. That said, just as your own home’s budget would appreciate any bonus amounts, so of course would BoMF’s. More $$ means abilities to support more folks and do bigger things.

Oh, did I mention? Thanks to one donor’s request, I’ll be running this a tutu, clown socks, with a clown horn and probably a goofy hat (heat dependent). Want me to up the ante somehow? Let’s talk! Want me to show up at your event in such??! Well, that’s possible, too. Although I can’t promise to run in full Clementine mode (clown shoes are _not_ a safe running option for 3.1 miles!), other events are possible…

Last link to make it easy to contribute here!

Succumbed to temptation today and bought a laptop. I’ve been thinking about it for a while. In two more weeks, I’ll need to hand back in the one I’ve been using from work. This Macbook has stood me well through college and capture the flags, and I’ll be sad to see it go, particularly since it’ll take another week after that before my new one arrives. That said, 32GB of RAM, a 1 TB NVME drive, an NVIDIA GPU with 8GB, and an AMD Ryzen chip: gotta put this poor box to shame. I’m going to have to grow my chops in reverse engineering and cyber exploitation to match it!


You may have seen a few more geek notes on here of late. I’ve really enjoyed jumping into CTFs. My objective isn’t to win, but to find more ways to solve puzzles.

This weekend’s adventures were a little different, though. My company sponsors UMBC’s CyberDawgs team, and they’ve asked us to contribute challenges to their upcoming CTF. I tasked our IRAD team with coming up with a few and I wrote a couple, as well. So this weekend I spent some normalizing our submissions’ README files and doing a final test of the submissions.

One of the submissions was really giving me trouble. The IRAD team member who’d developed it had demonstrated it to us, but the solution instructions in the README just weren’t “clicking” to then be able to reproduce a solve, much less help anyone else understand how to solve. It’s customary in CTFs to have a Discord channel where mentors can offer assistance to those on the right track; given that I don’t want to be up all night myself providing that support, thought it best to provide a walkthrough for someone else..

Not only did I “crack” it (helped, of course, by the solution instructions in his README), but then I was able to provide a linked reproducible recipe using a tool called CyberChef that is really useful for a lot of CTF grunt work. I’m avoiding linking to the recipe or giving any more info on the challenge, of course, given that there’ll be hopefully lots of folks taking a crack at it in early May. I’m now more confident, though, that there may be some folks who solve it AND I better understand a particular kind of encryption approach.

Notes from this week’s CTF – geek notes for Tina. Should have collected notes on more challenges, but, eh…

Received a PCAP file that said it had secret coordinates in it. PCAP was completely USB traffic, specific URB_INTERRUPT

  • https://wiki.osdev.org/USB_Human_Interface_Devices#USB_keyboard
  • Isolated traffic for appropriate device, after examining device descriptor response to find keyboard
  • Started mapping out the HID keys by hand, until a teammate suggested https://github.com/TeamRocketIst/ctf-usb-keyboard-parser
  • Ultimately used tshark to extract the data, via tshark -r ~/Downloads/file.pcap -Y 'usb.device_address == 2 and usb.data_len > 0 and !(usbhid.data == 00:00:00:00:00:00:00:00)' -T fields -e usbhid.data | sed 's/../:&/g' | sed 's/^://g' > keys.txt
  • (Note: the second se is because the recommended one ended up prefixing all the lines with : – second sed strips it off)

Things I’m in the middle of reading, also known as glimpses into my psyche:

  • Thinking, Fast and Slow, by Daniel Kahneman: we’re reading this for our Women In Technology Group at work. So far, a couple of chapters in, my System 1 brain is convinced the book should progress more quickly
  • The Clown in You, by Caroline Dream: reading this to try to think about my clowning in new ways, to spark my thinking in new paths
  • Hacking, the Art of Exploitation, by Jon Erickson: my cyber masters program is leaving me less than inspired, and more feeling slogged in its various papers. Hoping this book gives me some new angles and inspiration

I frequent some Facebook groups related to buying and selling used clown and circus supplies. Last month, a guy posted 3 or 4 pictures of this massive yard sale amount of stuff. Folks kept offering him money for individual items, but he’d say he’d only deal with folks who’d pick up. He ALSO said he’d be willing to take a reasonable offer for the lot. After seeing enough folks make individual offers, I decided, heck, the guy’s in New York, I’ll make him an offer, and if he takes it, I’ll make it back by shipping out just the things folks have offered on.

So, that’s what I did. I made the guy an offer. I came back with a mini-van chock full of things. A full-size Scooby Doo costume. A full-size Easter bunny costume. 6 large Lowes’ boxes filled with costumes and supplies, including a couple of puppets that run usually for $300+. Two boxes of videos. Another full (+!) box of clown magazines. A full bin of various magic tricks. A box of juggling bean bags. All in all, a bonanza of random fun. I spent a weekend building out an inventory spreadsheet and looking things up to figure out their probable retail value. I’ve been putting them up on Facebook, selling them off at a bit at a time.

So, if you know anyone who wants an Easter bunny costume or a set of dove pans, I’m your gal! I’ll be taking at least a representative box or two to the local clown convention next month – see if I can find some willing homes for another thing or two, at least!