Observation: When I live in a location for more than a 1 year, while using Amazon services for delivery, one of their "sealed" packages is delivered partially opened and missing "X" part that I need for a family/client/project PC build. It typically starts like the image below but the attack evolves after a pattern of value items is established by Adversary-X. The evolution of the attack usually involves (1) a Amazon delivery driver placing "Y" package in an area easy to retrieve, by Adversary-X, while taking a tracking picture 'for confirmation of delivery', and then (2) a second vehicle promptly comes to steal the package. I've seeeeeeeent it wiff my own four eyes. I have made security adjustments since.

Fun fact: I once ordered a Corsair psu and what came in the opened box was a old-school dell power supply. I wish I could make jokes that good.

#1: Seriously Amazon. Recognize a pattern and address it.
#2: Why am I still ordering from Amazon?!

TLDR; Amazon, is just another big ass company that cares about big ass money. Track your packages and meet the driver at the door. Do not accept any package that looks opened.

When I was in the public sector EVERY single person in the SOC would smack me if I came in wearing 'drip' containing anything that looked like I accepted a gift from a vendor. I would expect that same level of consideration for any public official. Rant done.

What Would Cito Do? There have been many times where in cybersecurity I have been stuck. Then I broke through the obstacle by phoning a friend. My older brother, Cito, has been an IT professional 20+ years. It wasn't until recently that I started having storytime flash-backs to times that we spoke in attempts to tap into that knowledge; I was in search of advice to complex issues. I could also just pick up the phone.

I find it interesting how many people have 'known a person for years' but have never tapped into that person for their strength or support. It goes both ways unfortunately. Somewhere there is a swimming instructor that has a teenager child that cannot swim.

What are family and friends for again?

Guess what is needed for very fast AI work? GPUs. I'm 'so' done giving up my PLEX gpu for the AI game. It's time to look into some long term options for the PowerEdge server. The one I bought for this kind of stuff because AI/LLMs aren't going anywhere, anytime soon. I'll be back. Going to see what Hermes3 is all about.

This is probably the best question to come across my 'extremely organized' and sophisticated looking desk.

Answer: To be kind. To have compassion.

Edit: This is a difficult post to keep posted. Technically you don't need to be kind 'to do cyber'. I know a good amount of very offensive offensive-security people. They get paid well too. However, I wouldn't wave if I saw them in a Jeep going the other way, or tell them to reach out if they needed something, or recommend them for a job, or invite them to a family party and stand around the grill talking about cyber and cars, and movies that didnt age well, and all that cool stuff. i'm Jus say'n

For a reason I am unable to disclose, I needed to use a fraction of my weekends, as of lately, learning as MUCH as possible about Google Workspace, the Google various APIs, and the security that connects them. As always, I ended up learning more than I needed. I learned soooo much that I ended up figuring out a way to automate YouTube video uploading by creating a Google developer playground, a python application on my VM 'streamJuan', AND a Google application all WHILE staying secure behind OAuth.

I'm in awe at what is now possible with technology. The future WILL be amazing IF we hold those in power accountable for not creating a technological space of equal opportunities.

I don't know much about baseball but i'm going to try to tie cybersecurity to baseball.

Step0:You just learned baseball exists = Learning about computers.
Step1:You join the baseball team at the park district = You got your first IT gig. Welcome to GeekSquad
Step2:You have been playing for the park for a few years and know what is coming tomorrow = Corp IT Helpdesk. Public sector if ur a lucky ducky.
Step2 again(umm, you didn't do anything):You join the travel team in city = IT Helpdesk is nice, but you are curious, you want to know WHY things work the way they do. You start independent research projects... and maybe a blog, or two.
Step10(because steps 3-8 are like Step #2, but a continuous cycle sorta thing):You were noticed while traveling. State team here you come! = Hi, your name is, SOC/GRC/IAM/OPs/[etc] Analyst #100

TLDR; You can't be GOOD at baseball unless you KNOW baseball. You can't be GOOD in cybersecurity unless you know what it is built on! In the middle of a security incident is NOT the time to be asking "what is a ACL". I picked the ACL acronym on purpose to be confusing to all you SPORTS NERDS like GREG.

The trick is... Digging deep and making steps 3-8 a priority so it doesn't take you 10-20 years to get done. You gotta stop wasting valuable, and limited, time scrolling endlessly on TikFlop and FaceCrook.

I probably should also mention that you can achieve some 'steps'[objectives] while in a completely different career path. Much knowledge is transferable once you understand its' applicability.

Cheers!

You were a big part of my 'support' system. You were my crutch when sick or sad. Love you pal. RIP.

Bye bye ChatGPT. I have an at home LLM option, that doubles, or triples, as my PLEX media server. I also put together neat little script to parse all your exported ChatGPT data and convert it to an OpenWall [UI] acceptable version. Available on my Github

import json
import os
import uuid

# ===== CONFIGURATION =====
SOURCE_FOLDER = 'chatgpt123'               # <-- Your extracted ChatGPT folder
CONVERSATIONS_FILE = 'conversations.json'  # <-- The actual JSON file inside the folder
OUTPUT_JSON_FILE = 'openwebui_import.json' # <-- Output file to import into OpenWebUI
# ==========================

def load_conversations(source_folder):
    convos_path = os.path.join(source_folder, CONVERSATIONS_FILE)
    with open(convos_path, 'r', encoding='utf-8') as f:
        return json.load(f)

def convert_to_openwebui_format(chat_data):
    conversations = []
    
    # Checking for the 'mapping' structure
    if "mapping" not in chat_data:
        print("Invalid chat data structure!")
        return conversations  # If no valid mapping, return empty

    mapping = chat_data["mapping"]

    # Iterating over the mapping to extract messages
    for entry in mapping.values():
        if 'message' in entry:
            msg = entry['message']
            role = msg['author']['role']
            content = msg['content'].get('parts', [])

            # Ensuring we only store valid message content
            if content:
                conversation = {
                    "id": str(uuid.uuid4()),  # Generate a unique ID for each conversation
                    "messages": [
                        {
                            "role": role,
                            "content": content[0]  # Assuming the first part holds the message
                        }
                    ]
                }
                conversations.append(conversation)

    return {"conversations": conversations}

def main():
    print(f"Loading conversations from {SOURCE_FOLDER}/{CONVERSATIONS_FILE}...")
    chat_data = load_conversations(SOURCE_FOLDER)

    print("Converting to OpenWebUI format...")
    openwebui_data = convert_to_openwebui_format(chat_data)

    # Output the data as a JSON file
    print(f"Saving as {OUTPUT_JSON_FILE}...")
    with open(OUTPUT_JSON_FILE, 'w', encoding='utf-8') as f:
        json.dump(openwebui_data, f, indent=2)

    print("Done! You can now import 'openwebui_import.json' into OpenWebUI.")

if __name__ == "__main__":
    main()

I'm putting the extremely aged dell server to work again. OpenwebUI and Ollama are each hosted on their own virtual-machines. I really quickly noticed the issues with doing anything AI related without GPU support. That is where my PLEX server came in, again, to save the day. I'm now running Ollama on there also.

I'm finally going to answer this one because you keep asking! On my first Cybersecurity job I was paid $30/hr. This was a gig I aquired through owning my own business. I will admint that every moment of it was horrible. I was on a 3 month contract with "X-Corp", where I deleted old users in Active Directory and deprovisioned existing users with excessive permissions. They needed a process. Not a consultant. I did my job and left. The problem still persists till this day, regardless of my long term recommendations. They were extremely old school and I respect that work ethic. Just not the cyber ethic.

2nd Cybersecurity gig: I was paid in coupons, cash, computer hardware, cars, car parts, and CTA passes. I am not even kidding you. I won't go into the details but this client was just dumb. I'll stop there.

You will not make what other people, at the same role, make because a 'salary' is very much based on YOU. Not the role. The dollars are based on what YOU have to offer.

I was only in high school when I realized that the Chicago Park District kids.... well kids in general.... were going to need to step it up in order to help protect the technology world from what was coming next.

I learned something interesting yesterday. Kids will not admit to being scammed, or having been taken advantage of online, while in larger groups. However, they DO NOT mind seeking help if it is READILY available. When the fear of embarassment is not present, that also helps.

import requests
import json

#team key 
team_key = 'blahblahblahblah'

# Read hashes from the finished.txt file
hashes_to_submit = []
with open('finished.txt', 'r') as file:
    for line in file:
        # Assuming each line in finished.txt contains a hash and its type (e.g., "hash:type")
        hash_entry = line.strip()  # Remove leading/trailing whitespace
        if hash_entry:  # Ensure it's not an empty line
            hashes_to_submit.append(hash_entry)

# Prepare the data in the required format
data = {
    "key": team_key,
    "found": hashes_to_submit
}

# Define the API endpoint URL
url = 'https://crackthecon.com/api/submit.php'

# Send the request
response = requests.post(url, json=data)

# Check if the request was successful
if response.status_code == 200:
    print("Hashes submitted successfully.")
else:
    print(f"Failed to submit hashes. Status Code: {response.status_code}")
    print("Response:", response.text)

Taking a break from the blog for a month or so. I need to focus on being a SUPER DAD. Seriously. See you in April{ish}.

Once upon a time I used to play clarinet, flute, sax, and piano. That was true meditation.

I find it that i'm more productive with a 'battle station' that is free from any type of clutter or disorganization. The older I get the less stuff I have on my desk. I wonder what the psychology behind that is. Once Spring comes around I usually incorporate some greenery.

Chances are pretty good that i'll be at Burbsec this Thursday, 3-27-25, if you see something [me] - say something.

Modern vehicles are highly dependent on electronic control modules (ECMs) and body control modules (BCMs) to regulate and manage various systems, from engine performance to infotainment. When a module starts acting up, the symptoms can be erratic and misleading, making the diagnostic process a challenge.

While diagnosing a 2020 Ford Explorer, initial testing focused on verifying the integrity of the ground connections. Using a Digital Volt Ohm Meter (DVOM), a continuity test confirmed that the grounds checked out as functional. However, this does not entirely rule out the possibility of an alternative circuit path occurring internally when the module is powered.

This type of issue can be difficult to diagnose because electrical circuits behave differently under load compared to a static continuity check. A wire or connection might show continuity but still have excessive resistance or an unintended path when current flows. These intermittent or alternative pathways can cause modules to behave unpredictably. Given the complexity of tracking down such an issue, the decision was made to replace the module. The plan: replace and retest (R&R). If Diagnostic Trouble Codes (DTCs) persist after replacement, further investigation will focus on the wiring itself.

Just as a security operations team might chase down erratic network behavior caused by a faulty switch or misconfigured device, automotive diagnostics requires a methodical approach to troubleshooting erroneous data. Computer systems—whether in a vehicle or in a security infrastructure—operate based on the basic principle that they will produce logical outputs when provided with accurate and locical inputs. However, when an input is corrupted or an internal process deviates from expected behavior (out of range), the entire system can exhibit unpredictable results.

As vehicles become more connected and reliant on complex networks, diagnosing and resolving electrical issues will increasingly resemble the troubleshooting processes used in IT and cybersecurity. Whether it’s a network switch disrupting an enterprise or a faulty car module affecting driveability, the principles of diagnostics remain the same: methodical testing, elimination, and verification.

Well. I can finally tell y'all what I did for work these last few years during 9ish-5ish. I was protecting the State of Illinois from cybersecurity threats through my efforts as a Cybersecurity Operations Analyst at The Office of the Illinois Attorney General Information Security Burearu (ISB).

How it started

How we ended

My love and support goes to those protecting our country on the cyber frontlines. It has been real. I'll continue to grow. To those who supported me: you will never be forgotten. To those who have fell or didn't make it: I love you.

Earlier today I read a LinkedIn post regarding an individual seeking to "break" into cybersecurity.

First, there is no breaking into cyber. You either have a "cybersecurity mindset" or don't. You probably have been doing cyber all along and simply need to shift your perspective.

Second, IF it looks cookie-cutter, asks for money, gives off urgency vibes, and/or tells you that you can do years of work in months... then it might be a scam. Even within the realm of cybersecurity people take advantage of others. Surprising right?! The grift is real and constantly appears across social media.

Cybersecurity Grifter (noun)

Plural: Cybersecurity Grifters

A cybersecurity grifter is an individual or entity that falsely claims expertise in cybersecurity to exploit others for financial gain, professional recognition, or influence. These individuals often lack the requisite technical knowledge, certifications, or real-world experience but present themselves as industry experts through persuasive marketing, exaggerated credentials, or fear-based tactics.

[I]Decided to put a good amount of work into getting the lab in "lab" shape and rebuilding my Windows Domain lab. I have about a week to git-er-dun.

Keep the questions coming. I'm open to free resume review and cyber career advice for new and transitioning professionals. Also, it's the year 2025, and I need to make a VERY SERIOUS effort to bring more diverse talent into this cybersecurity space. Stay tuned for FREE time and financial support opportunities.

Car diagnosis randomness .::. I need to look further into the 'awd' module on my Explorer (L1MZ7P238A). Based on the DTCs and scantool data I pulled, I believe there exists an intermittent loss of communication. The DTCs were U011D-87 U0418-86 U0102-00 U0233-00 U0146-00. Attempting to clear codes works and codes return moments later. Research shows this failure is consistent with a loss of ground at the module itself (p46 blk/gry). The module is located underneath the driver side seat. I'll look into this ground and advise.