NAME

David Busby

SYNOPSIS

DESCRIPTION

Information Security Architect @ Percona

EXAMPLES

Skills Tree

Last updated 2017-06-13 (Incomplete):

|-- Systems Administration
|        |-- Logstash
|        |-- Kibana
|        |-- Elastic search
|        |-- Suricata
|        |-- Subverison
|        |    |-- Administration
|        |    |-- Backup strategies
|        |    `-- Hooks customisation
|        |-- GIT
|        |    |-- Administration
|        |    |-- gitosis
|        |    |-- github
|        |    `-- Migration from subversion
|        |-- RHEL / CentOS / Fedora / Scientific Linux Administration
|             |-- RPM Packaging (spec authoring, mock builds etc ..)
|             |-- EPEL Contributor for Openstack packages
|             |-- Nginx
|             |   `-- Deployment / Monitoring / Patching / Customisation
|             |-- Apache
|             |        |-- mod_security
|             |        |-- Extensive rewrite experience
|             |        `-- Deployment / Monitoring / Patching / Customisation
|             |-- KVM
|             |-- ISCSI
|             |-- iptables
|             |-- Xen
|             |-- Strace
|             |-- gdb
|             |    `-- grabbing memory of running process, grabbing stack traces
|             |-- SELinux
|             |     `-- audit* tools, still working on this skill set at this time.
|             |-- Gluster
|             |-- DRBD
|             |-- SNMP
|             |     `-- Customisation and data collection
|             |-- rsync
|             |-- netcat / socat
|             |-- system tap
|             |     `-- wrote system tap extension to record semaphore lock counts on a mySQL system.
|             |-- percona
|             |     `-- percona-toolkit
|             |-- cut / awk / lsof / type / ldd / man (And generally the majority of tools too numerous to list here)
|             |-- Openstack
|             |    |-- Nova
|             |    |-- Glance
|             |    |-- Keystone
|             |    |-- Swift
|             |    `-- Horizon
|             | -- ldirectord
|-- Numerous programming languages.
|        |-- Python
|        |    |-- Multiprocessing
|        |    |    `-- Written daemons, for numerous tasks, and data processing programs.
|        |    |-- Daemon design and authoring.
|        |    |-- 0mq via rabbitmq
|        |    |-- scapy
|        |    |-- Exploit P.O.C
|        |    |-- Django
|        |    `-- Some app engine
|        |-- C++ /  C
|        |    `-- Linux api / php extensions / simple cli tools / email daemon
|        |-- PHP
|        |    |-- Web application development
|        |    |-- Application analytics / tuning (XHProf / XDebug)
|        |    `-- Security and Pentesting
|        |-- jQuery
|        |    |-- Web application AJAX
|        |    `-- Some text animation effects via jQuery extension
|        |-- VCL
|        |    |-- extended with inline C to load .so objects for custom functionality
|        |    |-- extended to trigger execution of script to snapshot system state to aid 503 diagnostics.
|        |    `-- Designed and Authored modular Varnish cache configuration
|        |-- RST
|        |    `-- restructured text, used for documentation via python-sphinx, write once and deploy to man pages, pdf, html etc.
|        |-- Bash
|        |    |- TCP reverse shell payloads
|        |    `-- "one liners", scripts etc.
|        |-- TCL
|        |    `-- expect syntax scripting to automate, sftp / ftp etc …
|        |-- Ruby
|        |    |-- Some experimentation with parallel programming
|        |    `-- Some extension of MetaSploit
|        |-- Markdown
|             `- used for blogging via jekyll + octopress
|-- Security / Netsec / Infosec
|        |-- PTES
|        |-- Metasploit
|        |    | - Used in pentest demoing issues with Tomcat 5
|        |    | - Used in conjunction with msfvenom for talk @ PLMCE: https://www.slideshare.net/DavidBusby1/plmce-security-and-why-you-need-to-review-yours
|        |    | - CVE-2015-1027
|        |    `-- Some extension writing experience
|        |-- Sql injection
|        |-- Command injection and custom exploitation, as per talk given: https://www.slideshare.net/DavidBusby1/security-and-why-you-need-to-review-yours
|        |-- Maltego
|        |-- WPA / WEP via Aircrack
|        |-- SQLMap
|        |-- Skipfish
|        |-- Backtrack
|        |-- dsniff
|        |-- Burp suite pro
|        |-- Suricata + logstash + Kibana @ http://blog.oneiroi.co.uk/ids/ips/security/visualization/kibana/logstash/suricata/arm/utilite/suricata-logstash-kibana-utilite-pro-arm/
|        |-- Password hashing / lookups / Pass the hash.
|        |-- CISSP (581907 - https://webportal.isc2.org/custom/CertificationVerificationResults.aspx?FN=David&LN=Busby&CN=581907)
|        |-- YPS tutor (NSRA)
|        |-- PCI, HIPAA, CIS
|        |-- Vulnerability research though to Proof of Concept e.g. CVE-2015-1027
|        |-- Definition and establishing a security program (Policies, Baselines etc).
|        `-- Several Talks:
|            |- SlideShare: https://www.slideshare.net/DavidBusby1
|            |- Talk supporting material:
|            |    |- Github supporting code: https://github.com/Oneiroi/talks
|            |    |- TSA lockpicking: https://www.youtube.com/edit?o=U&video_id=zDPWoB7v15o
|            |    |- Live compromise, php, mysql, udf, metasploit, msfvenom: https://www.youtube.com/watch?v=e29kbX-rx0s
|            |    |- Malcious HID demo backup video: https://youtu.be/LYY9OI2HHvo
|            |    |- MySQL hash cracking using Hashcat backup video: https://youtu.be/sqEIhdITjkg https://youtu.be/A9kBpwSlbJw
|            |    `- SELinux sebool httpd_can_network_connect backup video: https://youtu.be/BHm0Z-uUxBE
|            `- Youtube recording of talks given:
|                |- https://www.youtube.com/watch?v=dlcZyLVs5kE (Security Basics)
|                |- https://www.youtube.com/watch?v=WhPWqo_Ptqc (Security More thant just your Database!)
|                `- https://www.youtube.com/watch?v=-floDucby0M (Web application security and why you should review yours - Stachka)
|-- Opensource contributions
    |-- Majority of source code can be found here https://github.com/Oneiroi
    |-- Upstream commits
         |-- Ansible
         |-- Boxgrinder
         |-- Libcloud
         `-- EPEL Openstack

SEE ALSO