Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Using a Travel Packing App for Infosec Purpose

Published: 2019-06-20
Last Updated: 2019-06-20 10:57:15 UTC
by Xavier Mertens (Version: 1)
0 comment(s)

My today's diary will not be technical but could help you to better organize your next travel. This week, like many SANS ISC Handlers, I'm in Washington DC to attend SANSFIRE[1]. Based on our daily jobs, we have to travel quite often and, in my case, I’m always afraid to forget something important when I’m packing to visit a customer or to attend a security conference. When I'm attending a security conference, I’m always carrying a lot of electronics gadgets and stuff to be sure to be (safely) connected once in my hotel room: portable firewall, cables, adapters, etc. When you need to visit a customer for a specific mission, it’s even more important to not forget a device or piece of software to perform your tasks in good conditions. 

I’m using a travel packing apps to organize my travels. Based on the destination (country, climate, the period of the year) and duration (number of t-shirts, underwear, …), it generates a list of stuff to bring with you. Usually, this kind of applications has a pre-built list for holidays, business trips, sports activities etc.

I'm not promoting any application, I just bought the "pro" version of PackPoint (for a few $). This version allows to create custom packing lists. I created some based on my business tasks:

  • Incident Handling
  • Pentesting
  • Infosec conference

Let’s take the incident handling list as an example. You must be sure to bring everything with you to work in an efficient way. From a technical point of view: have the right tools, enough storage, licences. But also from an administrative point of view: on-site contacts, authorizations, documents, etc. Here is an example of a list of stuff to bring with you:

  • Contact information for people inside and outside the organizations.
  • Mobile phone and spare batteries
  • Camera
  • SIMM cards with data subscription
  • Powerful laptop(s) with enough CPU/RAM/storage
  • External performant storage (SSD/USB-3)
  • Portable hypervisor (like an Intel Nuc)
  • Raspberry Pi
  • Software (on CD/DVD, USB)
  • Network tap
  • Switch/cables/adapters
  • HD Write blocker
  • Blank media (USB, DVD/CD
  • Notebooks / pens
  • Tools (screwdrivers, cutters, tape)
  • Console cable (USB2Serial)
  • Forms (for evidence list and chain of custody)
  • Plastic bags
  • Live CDs
  • Food, water, jacket, sweet, spare t-shirt, deodorant (remember the "3-2-1 rule": 3 hours of sleep, 2 meals, 1 shower

With the help of this kind of app, you are able to keep your packing list up to date and not miss important stuff when you need to leave in emergency!

If you are attending SANSFIRE, come to say hello, handlers are easy to find, we usually have our "black shirts"! 

[1] https://www.sans.org/event/sansfire-2019

Xavier Mertens (@xme)
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key

0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

What You Need To Know About TCP "SACK Panic"
Jun 19th 2019
1 day ago by Johannes (0 comments)

Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
Jun 19th 2019
1 day ago by Johannes (0 comments)

Quick Detect: Exim "Return of the Wizard" Attack
Jun 19th 2019
1 day ago by Johannes (0 comments)

Malspam with password-protected Word docs pushing Dridex
Jun 18th 2019
2 days ago by Brad (0 comments)

An infection from Rig exploit kit
Jun 17th 2019
3 days ago by Brad (0 comments)

Sysmon Version 10: DNS Logging
Jun 16th 2019
3 days ago by DidierStevens (0 comments)

A few Ghidra tips for IDA users, part 4 - function call graphs
Jun 14th 2019
5 days ago by Jim (0 comments)

What is "THAT" Address Doing on my Network
Jun 13th 2019
1 week ago by Richard (0 comments)

View All Diaries →

Latest Discussions

Entrust resolving to CNAME that is an invalid CDN host
created Jun 10th 2019
1 week ago by jauntysankey (0 replies)

Outlook Forms (forms.outlook.com)
created May 31st 2019
2 weeks ago by MasterYoshi (0 replies)

McAfee - Trenmicro - Symantec Breached by Fxmsp hackers
created May 14th 2019
1 month ago by DrGreen (0 replies)

Domain registration date plugin for email?
created Mar 30th 2019
2 months ago by Anonymous (1 reply)

Run Extracted binaries from mirror traffic on cuckoo
created Feb 6th 2019
4 months ago by ching (1 reply)

View All Forums →

Latest News

View All News →

Top Diaries

Wide-scale Petya variant ransomware attack noted
Jun 27th 2017
1 year ago by Brad (0 comments)

Using a Raspberry Pi honeypot to contribute data to DShield/ISC
Aug 3rd 2017
1 year ago by Johannes (0 comments)

Second Google Chrome Extension Banker Malware in Two Weeks
Aug 29th 2017
1 year ago by Renato (0 comments)

Detection Lab: Visibility & Introspection for Defenders
Dec 15th 2017
1 year ago by Russ McRee (0 comments)

Maldoc with auto-updated link
Aug 17th 2017
1 year ago by Xme (0 comments)