Category: Programming

Cloud Talk, Programming, Security, Tech

A-Team of Top Tier

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

young man wear eyeglasses on wall at home
I’m a team player, I just don’t like working on teams.
Photo by Renan Lima, please support by following @pexel.com

Yeah it’s that time again, time to find out why being that hotshot lone ranger could do you more harm than good. You’ve been tasked with working on the creation of an application, and it has to reach the market as quickly as possible.

However, since it’s just you and you’re only one person, being able to launch is going to take a tall order chunk of time. You find this situation would be better suited if you were to have a team…I know what you’re thinking and no I wasn’t trying to make an A-Team reference, the words just landed in such a way.

Anyway, you’re pondering if you should gather a team to work on the creation of this wonderful, ground-breaking application. How would you feel if I told you that like finding anything you need on the internet, there’s an app for that?

Well not an actual app per se to build the team, but then again there’s an app for Indeed that kind of works like what we’re talking about- you know what, never mind, just know in order to build this team you’re going to need Indeed.

older man wearing a blue shirt
You mean there was a time before me? No grandpa, not that far.
Photo by Thgusstavo Santana, please support by following @pexel.com

Developers Before Ops

So in the land before trying new ideas was a thing, when applications and such were in development there would be a team of developers and a team of operations.

The developers would go through several steps in creating an application, these steps were to plan, code, build, and test. On the other side, operations’ primary function was to test what the developers had made and provide feedback on what worked and what didn’t.

Operations steps were to deploy, operate, and monitor. An issue with working in this fashion was, when the developers were done and handed off to operations, many if not all of them took on other projects and by the time operations returned with their feedback for the developers to work on…they were, well for lack of better words, gone. Sounds bad? It was.

What was the solution to this problem? Well it’s the team we were talking about earlier. You didn’t read that part? Shame on you, go back up and read your line.

The name of the team is called DevOps, this is just a combination of the two… real creative I know. DevOps aims to shorten the development life cycle and provide rapid delivery with high software quality.

DevOps is complementary to Agile software development, actually, several aspects of DevOps came from the Agile way of working. I can see you with your hand raised. Z-daddy, what is Agile? Worry not child of mine, Z-daddy has you covered.

Agile is an iterative approach to project management and development that deliver value to their customers faster. There’s more to it than that but explaining would take over this script.

Just know the combination of developers and operations working in tandem speeds up the process and there are fewer headaches to deal with.

young man reading a burning newspaper
Our project went up in flames…the irony.
Photo by Danya Gutan, please support by following @pexel.com

Fathering DevOps

Who in their right mind would think to adopt this crazy outside-of-the-box format way of working?

Many large-name companies like; Amazon, Target, Nordstrom, Netflix, and Walmart have made the switch to DevOps and have seen a decent return in doing so. The DevOps model relies on effective tooling to help teams rapidly and reliably deploy and innovate.

So like with Netflix, when they adopted the DevOps model, they created a tool called “Simian Army” which created bugs in their systems on purpose to motivate developers to create kind of a “be prepared for anything” type of situation, so you could Netflix and become or find out you’re a baby’s daddy without having to worry about your service ever going out…which is kind of chill.

uncertain black man in hoodie
You said I’m who daddy now?
Photo by SHVETS production, please support by following @pexel.com

Keys and Goals

What’s that? “This is madness,” you say. “Other things that make DevOps so important are that it emphasizes team empowerment, cross-team communication and collaboration, and technology automation.

All of this is supposed to nullify what happened back in the old days of development, I only say “supposed” because not sure if you have ever worked for a large company or not but if you have, you will know that communication is, for lack of better terms non-existent.

Again, I know that every company is different or at least they try to be but, in my experience, dear sweet Satan it’s been bad. Anyway, DevOps at its core, the ultimate goal is to enable the organization to deliver continuous value to its customers.

At the end of the day, the aim is for the customer to be happy with the product and use it worry-free.

photo of woman in red top wearing eyeglasses
Daddy said get out, but what if that was my goal all along?
Photo by Andrea Piacquadio, please support by following @pexel.com

Degrees of Daddy Issues

So, have you been feeling peer pressure of returning to school to get a degree? Your daddy has been telling you to “either get a degree in something or get out”?

Well…I have good news and bad news. The good news first is, like always, Z-daddy got you and would never kick you out…unless you broke in then you would have to leave.

The bad news, however, is that you may have to leave if you don’t want to spend time in college because you don’t have to in order to get into DevOps… or many other fields. I don’t know why we’re still harping on the four or how many ever years in college troupe.

Education is, for the most part, free nowadays, going to a college is like going to a restaurant, depending on which one you attend you’re really just going because of the name. Sorry for the monologue, back to the script.

DevOps attracts people with technical and non-technical backgrounds, meaning you can be an intern who fetches coffee, refills, and beats on printers, and still, find your way to DevOps.

Alternate resources are doing some online courses or a coding Bootcamp. Gaining extensive knowledge of the Software Development Life Cycle or SDCL, automation tools, and processes to resolve complex operational problems would see you well.

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you have an interest in joining a DevOps team?

Script a comment below about what company you would dev for.

Programming, Security, Tech

Testing Beta Alert

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

What is it now, fam? Can we not get anything right?
Photo by Ketut Subiyanto, please support by following @pexel.com

We’re back in the Google Play Store and things haven’t gotten any better. It has been long-standing knowledge that if you want anything to work or see if it has any value, people need to test your product other than yourself.

By doing this, you can get all the good and bad feedback to create what seems to be your contribution to the world for the betterment of humanity.

All the great minds throughout history have gone through this, and you clearly see this being done today with us doing launches into space and claiming it’s for humanity just in case the Earth goes bad but in reality, they’re displaying their getaway plan which none of us will be able to afford. We’re looking at you Elon.

Being done with pointing fun at venture capitalism, back to the growing concern which is beta testing. Are you curious as to know how this is a problem when everyone is simply trying things out?

Let us explain. We’re going to go over what kind of attack this is, who is using it, the functionality, and effects upon release, and what are some ways you can keep yourself from being on the receiving end of testing a product that may be testing you.

Fun fact: having elder people play video games helps ward off mental conditions and improve memory.
Photo by Tima Miroshnichenko, please support by following @pexel.com

The Attack

If you’re not into computers or have very little knowledge of how software and games are developed, then you may be wondering what in the world is “beta testing”. It’s not what you think, there isn’t a group of people in a room sitting across from each other staring trying to establish who is alpha and who is beta.

Beta testing is the testing of a product that is almost ready to hit the market. This is done to get feedback as to what should stay in or be removed or what could be added to improve interactions.

How is this a problem we hear you ask? At its core, it isn’t but as of late threat actors have been releasing apps on the Google Play Store as betas to lure people into downloading onto their devices. Threat actors are testing the waters with this one.

Yes, all you have do is download the app and enter your bank information. It’s that simple.
Photo by cottonbro studio, please support by following @pexel.com

Who Can It Be Now

No one group or individual has been named for using this tactic, but rest assured the attackers are out there. Many incidents have involved phishing emails and romancing scams. No, this doesn’t involve the good old catfishing mail-order bride or husband.

In this kind of attack, the threat actor is building a false relationship with the victim in order to get the victim to perform a step-by-step process of downloading or jailbreaking their device.

Phishing emails and others of the like are sent with the promise of big returns on investment for trying the beta app. However, this is a bogus claim because the payment method is in cryptocurrency. Why do scammers like requesting gift cards, money orders, and cryptocurrency you ask?

If you think about it, obtaining these items requires no personal interaction, they’re difficult to trail back to the scammer, and you can gain access to them from anywhere. Also, the government and banks can’t monitor Bitcoin and other cryptocurrency platforms so that makes it even more alluring. 

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

I downloaded the beta version, but some weird stuff started happening after I entered my banking information.
Photo by Andrea Piacquadio, please support by following @pexel.com

That Sinking Feeling

Why not use real apps instead of beta? Well, real apps must undergo a rigorous code and review process where beta apps can somewhat fly under the radar because they’re not complete, it just has to look good surface level.

After making it pass review, threat actors change the URL by pointing the app to a malicious server, then the real fun begins.

Malicious code can perform a number of tasks ranging from collecting data from devices, gaining access and depleting online financial accounts, or seizing control of handheld devices.  

Yes, tell Scriptingthewhy that I’m interested in protecting my personal information.
Photo by Antoni Shkraba, please support by following @pexel.com

The Prevention

Are you interested in beta testing the ability to keep money in your bank account, and prevent your life from ending up in disarray? If you had said yes, then you have taken the first step into cybersecurity and if you didn’t then we’re going to tell you how to anyway.

When dealing with emails, especially from people who you may know and have a link attached, cross-check with them on another platform to verify if they indeed sent the email.

Carefully examine the email for misspellings and grammar errors as this could be a big tip-off that something is in the air. Exercise extreme caution when installing a new app and carefully examine the requested permissions for anything that may have you scratching your head.

The biggest clues suggesting that something is on your system are that your battery is draining faster than normal, higher data consumption, experiencing a sudden pop-up ads nightmare, the device running slower, and overheating.

Always remember when beta testing, the app should have developing issues, not your finances.

I’m in cybersecurity and I read Scriptingthewhy, so yeah. Trying to scam me is pretty hard.
Photo by Viktoria Slowikowska, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on beta testing scammers? Script a comment below.

Programming, Security, Tech

You won’t believe what this snake does…

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

I need to make some money and fast. I could get into the world of IT. Where to start?
Photo by Chinmay Singh, please support by following @pexel.com

There comes a time in one’s life where they may think to themselves and say “The big ole Information Technology world huh, meh, let me give it a shot. What could go wrong?” Foolish child, we’re here to tell you that a lot could go wrong. One’s reasons for choosing a path in Information Technology or IT for short, could range from making a butt load of money, being the next person to create the next big thing, or simply adding a new skill to their already growing list.

Or maybe it’s a combination of all three. It should be the last one primarily because you’re awesome and striving to better a version of yourself every day is on your to-do list, so go you. However, typically, it’s the first reason since we’re all driven by our finances.

If you’re not making money, then you’re not making sense. A narrow and closed-minded way of thinking but hey, people aren’t usually open-minded so, whatever. For one to get into the world of IT, or jailbreak into IT at this point, a process needs to occur aside from simply learning code, linking resources together, and understanding how packets are sent through a network. When in an interview or at some point in a professional setting, one could be asked if they have ever contributed to what is called “Open source”.

Open source, in a nutshell, let’s say you make an application or a small program, once you feel your program or application is complete, it can then be uploaded to a platform like GitHub where others can either add onto or make corrections to your code. This can also be done vice versa. All in all, whoever is asking about contributing to open source wants to gauge your depth in IT. So, say yes, yes you have contributed to open source.

We checked if you have ever contributed to open source, and you didn’t. Printing “Hello World” doesn’t count as a contribution.
Photo by cottonbro studio, please support by following @pexel.com

The Attack

While there is a chance to get your program to an audience for good intentions other than to make money, others have used that same platform for malicious means. Are you interested in knowing what could be on your computer and getting up all in your network’s guts? Look no further than SSH-Snake. For those who may not know what SSH stands for, again, this is an all-inclusive platform, so we’re just being mindful of the audience.

SSH is “Secure Shell Protocol”, it’s a network protocol for operating network services securely over what is mostly an unsecured network. If you have ever worked with the command line, you’re more likely to be aware of SSH. Just know; common people mess with the Graphical User Interface (GUI), nerds, geeks, and hackers mess with the command line interface (CLI). Don’t know why they called “SSH” and not “SSP”, don’t know where the “H” came from but hey, we don’t make the script, we just read them.

I’m not lonely but I could stand to use some company. Fine, you drive a hard bargain, I’ll click your link.
Photo by Andrea Piacquadio, please support by following @pexel.com

Who Can It Be Now

SSH-Snake is known as a “self-modifying worm”. Worms are already a nightmare provided that once they’re in your system, they begin making their way to anything attached to your network. Doesn’t sound like a fun time? Trust us, it’s not. Self-modifying, as the name implies, the malware can infect a device and make alterations to its code. The best way to think of it is; code that adapts to a given situation.

Would you like to know who is using SSH-Snake? Well, we would like to know the same thing. There are instances where researchers find the tool is being used and report it right away but without finding out who. Granted, it just may not be in their scope which we can respect. Do what the job asks of you and nothing more. Ah, that good old work/life balance.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Wait, how could a snake get into a computer?
Photo by Moose Photos, please support by following @pexel.com

That Sinking Feeling

Now, how does SSH-Snake work? The malware finds your system’s cornhole (a way in), this could be done by something simple like clicking on a naughty (it’s not always naughty links but most common) link which could trigger downloading of malicious files housing SSH-Snake. Once downloading is complete, like any other worm, code is executed and now it’s free to run rampant and wreak havoc.

S-Snake(SSH-Snake) will begin collecting information from libraries, look for private keys, and shell history files, and begin spreading once the network is mapped. Other problems included are C2C. This is where all the collected information makes its way back to the threat actor’s lair for later use. SSH-Snake and worm virus have most things in common but what separates them overall is Snake’s ability to self-modify.

This port is an exit only.
Photo by Josie Stephens, please support by following @pexel.com

The Prevention

Great, so now you’re wondering, “How do I protect my computer’s cornhole?” A good way to protect your system is by practicing the best security practices. Always be mindful of what you interact with on the internet as some things may not appear to be on the level. Frequently check for updates for your operating system and anti-virus software. Security is becoming more challenging because technology is getting more advanced but the more you learn, the more you can protect. That was a call for you to learn about cybersecurity in case you’re confused.

Your computer’s security starts with you.
Photo by Designecologist, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on SSH-Snake? Script a comment below.