I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me
So we are going on year two of this Pandemic thing, and so far it looks like it might be here longer then we thought,  That being said with the new normal it has changed what we carry with us when we have to leave the house. Below are a few of the items I have come across that have worked really well for me.

Face Masks: I have tried quite a few but a few masks and mask accessories have risen to the top.
  • My Number One mask so far I just purchased and I have to say it is comfortable and provides really good protection. It is the U mask, https://www.u-mask.eu . I found this mask because quite a few of the Formula 1 teams actually use them. Here is a link to their protection information https://www.u-mask.eu/certifications
  • My second favorite mask is a cloth mask that was a included with SF B-Sides conference. It has been my go to for almost the entire pandemic. With the addition of the next item on my list.
  • This has been a life saver for me and can turn a mediocre face mask into a great fitting comfortable face mask. Its the 4ocean face mask support frame, this thing is awesome and your purchase goes to an awesome charity removing plastic from our oceans. 
  • Last but not least the good old fashion disposable masks. These masks have proven to be affective and are really comfortable. I am not a fan of one use masks but in a pinch.
  • Updated addition: I have been wearing a new mask from Cambridge Masks and I  really like it. They are super comfortable and offer a lot of protection. check them out https://cambridgemask.com/ . Also here is a link to their protection information https://info.cambridgemask.com/hc/en-us/categories/360005482191-Certifications-

Hand Sanitizer
  • I purchased a case of alcohol hand sanitizer at the initial onset of the pandemic from Raff Distillery in San Francisco and I am still using it. It doesn't look like they are producing it any more but here is a link to their web site. https://raffdistillerie.com/handsanitizer.html
  • I also purchased reusable flat pocket sprayers that fit in your pocket and are discreet so you can carry them anywhere. I filled them with the alcohol based hand sanitizer above and a little Vitamin E and inessential oils for smell. 
  • The travel size Purell hand sanitizers are the best if the spray just doesn't feel strong enough.
  • Lastly a small travel size Clorox wipes these are awesome to wipe down airline seats, hotel countertops, or pretty much any where sketchy.

I am become pretty comfortable with the new normal, in-fact I kind of like wearing face masks in public locations. It makes me feel covert.... In addition to the above I have a couple more things that I do that are probably not necessary but I do them anyway.  

The first is when I fly or I am stuck in a crowded indoor location I like to wear my glasses. I don't need to wear my glasses all the time, but I feel like it might add a small additional layer of protection, and does not look as paranoid as the entire face shield. 

Finally if I am traveling on the road or staying in a hotel or AirBNB I will bring a can of lysol to just spray and sanitize the general counter tops restrooms etc. I have a few friends that did this before there was such a thing as coronavirus but since the pandemic I have picked up the habit. 

Remember Get Vaccinated, Stay Safe and be Compassionate, the first two are obvious but Compassion for our fellow human beings is really what is going to get us through this Pandemic and the Stressful times many are experiencing.



Enhanced Data Visualization Dashboard using Splunk


I am a fan of Palo Alto Networks NGFW, especially the visibility it can give you in to your traffic. PAN does a pretty good job within their management tools of organizing and reporting on the data, but most of us also have large SIEMs or Logging solutions like Elastic's ELK stack. Splunk, exabeam, etc.

Splunk being one of the more popular SIEM and logging solutions, I created a PAN Threat Dashboard I wanted to share. If you have Splunk running in your environment and the Splunk Palo Alto Networks add-on installed all the pre-defined fields should work correctly. If not, you may need to tweak 1 or 2 fields in the dashboard to make it work. When you copy the code from my GitHub save it in a text editor and perform the following steps.  It should be up and running in your environment in no time.

You will need to identify your Palo Alto firewall host= fields (how Splunk identifies the device sending logs) to populate the field2 drop down menus.


  1. Log into Splunk and go to Search
  2. Click on Dashboards and Create a new Dashboard
  3. Once you have created your new dashboard go to edit and select source tab on the top
  4. Clear out the default text in the dashboard and copy and paste the dashboard from GitHub.
  5. Before you save the dashboard you will need to identify your Palo Alto firewall host= fields to populate the field2 drop down menus, I have space holders firewall-1, firewall-2, etc. configured currently


You should be good to go!



The following is complete speculation but wanted to at least start a discussion around what could have happened at Facebook today.

 I don't think it was an honest mistake that caused the Facebook outage. With DNS reported down  BGP routing issues and reports that even internal networks are affected, this looks bigger than a single mistake. Facebook most certainly has complicated network segmentation and redundancy in place for there internal and external networks.

Also, the timing is very suspect since it is the day after the Facebook Whistleblower interview on 60 Minutes.

If this isn't the work of a disgruntled employee, it is some sophisticated shit, and they have been living rent-free in the Facebook network for a long time. They got all the bytes they need and decided to blow that shit up after the interview.

I hope Facebook shares the details of the outage. If it was indeed an internal error that caused the outage it may be an eye opener for other large platforms to learn from the mistake.  If it was nefarious activities that caused this, it could be an epic learning opportunity for the Cyber security world.

Either way please share the outcome Facebook....

Soft and chewy chocolate chip cookies. I like all cookies but chewy warm chocolate chip cookies are my favorite.  Since there is only two of us the recipe I posted is cut in half.  Just double it if you want the full batch, the half batch will make about 1 1/2 dozen.


  • 1 1/8 cup of all purpose flower
  • 1/4 teaspoon of Baking Soda
  • 1 stick of un-salted butter (room temperature)
  • 1/4 cup of granulated sugar
  • 1/2 cup of packed brown sugar
  • 1/2 teaspoon of Kosher Salt
  • 1 teaspoon of Vanilla Extract
  • 1 large egg
  • 1 cup of smi-sweet chocolate chips



  1. Preheat oven to 350°F with racks in the upper and lower third positions. 
  2. In a small bowl, whisk together flour and baking soda; set aside.
  3.  In the bowl of a stand mixer fitted with the paddle attachment, beat butter and both sugars on medium speed until light and fluffy, about 3 minutes.
  4. Add salt, vanilla, and eggs; mix to combine.
  5. Reduce speed to low and gradually add flour mixture, mixing until just combined.  
  6. Mix in chocolate chips.


Preparing to Bake

  1. Using a tablespoon measure, drop heaping portions of dough about 2 inches apart on baking sheets lined with parchment paper.



  1. Bake until cookies are golden around the edges, but still soft in the center, 8 to 10 minutes.  
  2. Remove from oven, and let cool on baking sheet 1 to 2 minutes.
  3. Transfer cookies to a wire rack and let cool completely. Store cookies in an airtight container at room temperature up to 1 week. 





Recently there has been a change in the behavior when a user tries to upgrade the GP client, they are challenged with the uninstall password if configured with one. Working with Palo Alto networks TAC they identified that during the upgrade the GP client package will uninstall the old version first before it will begin to install the new package. In GP client 5.2.4 and older the upgrade would complete even if uninstall with a password or disallow was enabled. This was identified as a software issue so in clients 5.2.5 and newer the ability to upgrade the client with uninstall option set to password or disallow was disabled.

In a nutshell with the new GP clients you will need to set the client setting to allow uninstall, if you want to utilize the Global Protect client upgrade process. 

Clients 5.2.4 or older, following is the behavior:

  • If you are using GP version older than 5.2.4, the transparent upgrade should work where the user will have no interaction and they can upgrade even if the allow uninstalled is disallowed.


Starting with 5.2.5 or above, following is the behavior:

  • Allow User to Uninstall GlobalProtect App is set to Allow
  • Allow User to Upgrade GlobalProtect App as Allow with Prompt/Manually/Transparently. (In this case, the users will be able to upgrade transparently without any interaction and the passcode/password will not be allowed)

  • Allow User to Uninstall GlobalProtect App is set to Disallow
  • Allow User to Upgrade GlobalProtect App as Allow with Prompt/Manually/Transparently (This will be blocked)

  • Allow User to Uninstall GlobalProtect App is set to "Allow with password"
  • Allow User to Upgrade GlobalProtect App as Allow with Prompt/Manually/Transparently. ( In this case, the users will need to enter the uninstall password to complete the upgrade) 

To allow the users to upgrade without providing them a password, you would need to use following.

  • Allow User to Uninstall GlobalProtect App is set to Allow
  • Allow User to Upgrade GlobalProtect App as Allow with Prompt/Manually/Transparently.”


My personal recommendation is to allow the client uninstall so you can leverage the GP client upgrade process. I feel the ability to upgrade the clients to ensure functionality and security is more important than blocking them from uninstalling the client. In addition we have tested with clients that are not Admins on the local machine and they were unable to uninstall the client from the windows software manager. So that is a win...

Perhaps the client upgrade functionality can also be managed with an mdm solution or with a software management tool like SCCM. But it will take some testing to find the best process that works for your environment.


Experience the Magic is a tag line for the Imaginefun.net website and Minecraft server. To level set for all you folks out there like me that have heard of Minecraft but never played, Minecraft is often described as a ‘sandbox game’. This means that it’s a virtual land where users can create their worlds and experiences, using building blocks, resources discovered on the site, and their creativity, but that simple definition does not do justice for what the folks at ImagineFun have built. Masekegamer and SinxMC started the Minecraft Disneyland simulation in early 2018 and since then their team has grown to over 60 Imagineers, Developers, Builders, Managers, Park Coordinators, Cast Members, and even Tour Guides.

 My first time logging in I was super overwhelmed and amazed all at the same time. Some of the controls were not intuitive for a Minecraft noob like myself, but I will try to cover that later. The graphics and the scale are second to none. The detail of every part of the park is meticulous even down to how many times a ride cue wraps. Just walking around Disneyland was jaw-dropping, but finding out there are actual functioning rides, that was a game-changing moment. Enough talk let's discuss how to connect to the servers so you can check it out for yourself.

So first off you want to check out the site https://imaginefun.net/. Once on the site navigate to the connect link at the top of the page. They did an excellent job producing a how-to video on setting up and connecting to their Minecraft server https://imaginefun.net/connect. It was straightforward even as a Minecraft noob, but once connected that is where it got a little dicey for me. I was using a mac, but for any PC or Mac using the java Minecraft client is pretty much the same. 

Pro Tips:

  • Make sure from the Minecraft launcher you install Minecraft 12.2.2 this will give you the least buggy and smoothest experience. 
  • Join their Discord server, ImagineFun is not just a game but has become a community. They have over 21,000 members on their Discord server.  To be honest this is where I got most of my information about how to enjoy the game. The people are super nice and helpful. https://discord.gg/disneyland
  • Once you start feeling comfortable in the game check out the Support section on the discord server and start playing around with the mods and shaders to make Disneyland look even more real. 
  • You will want to sync the Monecraft account you play with to the discord account you are using. You can do this by typing /syncdiscord and following the direction on the screen.
  • Different membership levels will allow you different perks.

Commands to Start Out:

  1. / or backslash.  This command will get you into chat from chat you can invoke other commands that you will need to know. 
  2. /rp This downloads and enables the resource pack so you can see all the custom work the ImaginFun team has done to create the world.
  3. /audio from within chat, you can type the word audio this will post a link in chat that you can click on. when you click on it a window will pop up in Minecraft to launch a browser or copy the link. Either one you choose will take you to a webpage that will serve park audio specific to your gameplay. It provides the audio on rides, and the ambient music for the different lands you walk through. The audio adds an immersive aspect to the Disneyland experience.
  4. /warp This command will allow you to jump to a different land, rides, and shops throughout the park. As an example, you can type /warp fantasyland.
  5. /rides Will present you a list of open rides you can warp to. Yes, the rides go down for maintenance just like the real Disneyland.
  6. /shops This will present a list of shops you can warp to.
  7. /server This will list the active servers that are up and running. If you are trying to catch up with a friend or want to be on a less crowded server this is where you can choose what sever you want to play on. Just as an FYI when you go to a new server you will need to reconnect to a new audio session using the /audio command.
  8. /msg [player] or /pm [player] Allows you to send a message in-game to another player.
  9. /tpa [player] Allows you to teleport to another player on the same server.
  10. /trade [player]  Allows you o trade items with another player.
  11. /ignore Ignore a player obviously.
  12. /vote This allows you to vote on multiple Minecraft ranking severs and you get coins.
  13. /cointrade This command will allow you to convert your currency into different types.
  14. /sb This command was a godsend I hated the floating server status window on the right site. This command toggles that on and off.

Play Mechanics:

So this was probably one of the simplest but most frustrating things to figure out, how to get on a dang ride. To get on a ride you will need to walk up to the loading platform. On most of the platforms, they will have a timer telling you how long it will take for the ride car to spawn/show up. Once the car shows up you walk up to where you want to sit and right-click the mouse. This will get you on the ride and start the ride audio. 

If you want to get off the ride you can select the left shift button that will drop you off the ride and allow you to warp somewhere else. 

There is so much more you can do on this server, I don't want to spoil all the fun. I suggest you join the Discord server to learn more about the ever-evolving game and community. Get your Disneyland fix, save a lot of cash, and tell Covid to kick rocks.

Have fun on the Happiest Minecraft server on the Planet.


InfoCon.org is a noncommercial community-supported website that hosts the largest archive of past hacking-related convention material on the planet. It amazing how extensive their collection of video, audio, hacker documentaries, wordlists, rainbow tables, podcasts, the content goes on and on.
You have to check it out for yourself, you can get lost hours, days even weeks there is so much content.

Check them out and show them some love.



**Update June 5th, 2021** There have been some questions about Defcon in person attendance and masks, especially as Las Vegas will have officially reopened completely. Dark tangent made it clear in a post on the Defcon Forums, “If a law forces us to allow people to not wear masks we would cancel the event” , if you want to read the entire conversation check it out here. https://forum.defcon.org/node/237012/page2#post237285

Dark Tangent, the founder and organizer of Defcon, just posted in the Defcon forums that the conference going to go hybrid this year.  Here is a link to his post: https://forum.defcon.org/node/236655.  DT admittedly says things are still fluid but they wanted to put out the information to help people make the decision if they are going to go virtually or in person. Now that the Goons are going to be yelling "space it out" instead of  "squeeze it in" It's going to feel like Defcon in a parallel universe.


There will also be some unprecedented changes this year that I wanted to outline below. Again things might change but these where the highlights from DT's post. I will add the preregistration link on this post when they release it later this month.

  • Defcon will be held both online and in person.

  • To attend in person you are required to wear a mask and be vaccinated.

  • Defcon will have socially distance seating and tables, and the convention properties will have increased air circulation and filtering.

  • For the first time Defcon will have online pre-registration for the in-person conference. The registration platform has not been selected, but they are encouraging in person attendees to preregister by insuring they will get a physical conference badge.  DT mentions that they need hard numbers of attendees to help them with planning the event.

  • They are going to order extra badges for those who show up with cash on-site, but if they guess wrong on quantity you may getting a paper badge, and if they are at capacity you could be turned away. 

  • Defcon will be throwing only the Black and White ball, entertainment. and pool parties this year. They will not be planning or organizing smaller parties.

  • Defcon has asked everyone, villages included, to pre-record all talks. Should they have to go full virtual, they won’t have a last-minute disaster of trying to capture the talks. This way DEF CON can release talks on Twitch like last year.

  • Should you be in-person and want to give your talk live they can do that, or do Q&A, or remote Q&A. Pre-recording gives Defcon options and allows everyone to see the talks. Yes, DCTV will be happening so you can also watch in your hotel room.


DT also listed some of the assumptions they have been working with while trying to organize Defcon this year. 

  • Almost no international attendees will attend in-person. The quarantine times and lower vaccination rates mean it is not very realistic, so we hope they will join us on-line instead.

  • That everyone in our demographic who is capable and wants a vaccination will have gotten one by the end of June.

  • Our in-person attendance will be ¼ to ½ normal, and people will be changing their minds on whether or not to attend right up to the last minute – and that includes people organizing contests, events, and villages.

  • Not all Goons will be there in-person, and many will help out by Gooning virtually.

  • While there will be fewer attendees there will also be fewer villages, contests, and events. It should all balance out so attendees don’t fee like there are a million things to do but not enough people to do them with.

  • There will be hybrid events, where you can participate in-person as well as virtually, but doing this for every event is unfortunately too demanding for many contest and village organizers.


I am pretty excited that Defcon will have hybrid model this year. Defcon for me over the last almost 20 years of attendance is something I look forward to every year. Like most people your last day after the con - when your hung over, hot, and reek of cigarette smoke - you have those brief thoughts that “maybe I’ll take next year off”.  That only lasts a short time before your booking your hotel for next year. 


Welcome back Defcon!