o.0 I’ve just heard about it now, a quick google gives me information about a GUI designer.
Hi is it possible to learn all that stuff on your own online? I can’t afford to go to a Sysadmin school? If possible, suggest some sources, to begin with.
1 Like
Yeah, actually I’m entirely self taught.
I’m on the clock at the moment, but remind me later and I’ll grab some sources.
2 Likes
@the other side of the infosec discussion, I do need to pull my perspective away from just my environment. Sounds like your companies hire a ‘different’ type of infosec that come from a different angle. Sounds sucky.
In the defense of IT where I work, for some reason the IT side has been getting squeezed to death loosing people left and right and not getting replaced- like to conspiracy theory levels like the company is getting groomed for a merger or something. Its made for a bad environment regardless of IA being a more technical IA that doesn’t ride IT on dumb stuff (haha, most of the time).
Trust me, within ‘infosec’ there are those who roll their eyes at the “compliance nazi” that when told “we don’t need to enable that, we are air gapped” they reply “but… but it says right here- enable- on”.
So all that said, I’m sure at the frustration of my upper management in regards to their budget, we have made an inner ‘sme’ team of prior sysadmins/tech types that work the security tool dev, scripts, process etc when it was supposed to be IT’s job. For me thats a sick opportunity and I’m trying to make my way into that team- if not 100%, by proxy with the various projects I support.
@Dynamic_Gravity have fun man- building and/or operating in a SOC is a great opportunity. It has been for me and continues to be.
So on all this sec note, anyone going to be at defcon this year?
1 Like
Well I went a technical school, I just called it SysAdmin school because the course I took was a basically all of that with some access to resources and hardware.
All the information you want to know is out there.
I’m also on the clock so I only give you some topics to look into to start learning. A SysAdmin is kinda a jack-of-all trades kind of person, so you may want to look at what are emerging trends and start looking at getting certifications towards those specific things, as well as getting educated in the more generalized topics.
- Microsoft Windows Server Administration
- Active Directory Administration
- Citrix
- VMWare ESXi (You can actually download a free version of this and learn from that)
- Citrix XenServer (This SHOULD be free, but I’m having some difficulties finding the opensource version of it)
- Proxmox
- Using Linux commandline
- NAS/DAS/SAN devices and their differences
- Microsoft Azure
- Amazon AWS
There is a lot more, but I think theses are good starting points. It is mostly virtualization because that is what I am currently dealing with at work at this moment.
Depending on what you have for hardware, I would also look at building a homelab.
See if you can find cheap parts, computers, or laptops at an electronics recycling depot. Another option is to buy RPis if you are more interested in the Linux administration side of things.
2 Likes
Shameless plug: I wrote this a while back
There are some ideas I had put in there. Some online sources will be looking up random projects via your favorite search engine. “How to be a Windows administrator” or “how to be a Linux administrator?” are viable searches.
I would also look at “networking fundamentals” or “networking basics”. Dan’s Courses has great networking content and Eli the Computer Guy has still relevant content.
Also Professor something, Messer?
https://www.professormesser.com/
Has a ton of content for free, too.
3 Likes
Sorry, I’m working through this thread backwards sometimes lol.
Interesting, that was a long time ago, technology wise. Have you been a sysadmin ever since? Love it? Favorite cert? Favorite encryption? 
1 Like
Users with sudo access to the tar command can get rekt:
sudo tar cf /dev/null file1 --checkpoint=1 --checkpoint-action=exec=/bin/bash yields a root shell lmao.
3 Likes
No, I started out as a sysadmin, then moved into infosec, then I was a DBA for awhile, and now I’m a managing director.
We don’t care about most certs except when hiring L1s, as they only guarantee a minimum competence level, we look at experience. Of course some certs are very prestigious like OCM and CCA.
Not sure if this counts but can I just talk about how amazing properly setup QOS whether home network or 10k computers… When setup right and it adapts to the networks needs every 30 ish seconds… its just gorgeous because everyone is satisfied
I mean look at this. Steam gets bumped up in between the buffering of someones stream … its just amazing
2 Likes
if they have sudo access couldn’t they just do this too? sudo su -
1 Like
Not if they were limited to specific applications.
Ahh I see. So its like Cuckoo’s Egg level mischief?
Yeah. You can setup a users sudo permissions to only run on specific applications (tar in this example). That can be exploited, apparently, with various commands and arguments.
I guess I’ll shut up now 
Wanted this to be like Lounge but Sysadmin Lounge lol.
2 Likes
That’s usually my hint to keep going. I wanna double the number and assert my dominance over the megathread.
2 Likes
At work the company I support just rolled out a half-baked MFA solution.
Apparently, they thought it was so bulletproof that there wouldn’t need to be a resolver group in case there were any issues.
So of course on Day 1 they turn it on, and ‘accidentally’ added an extra 850 end users to that first day of the rollout and our Service Desk got slammed with 150% more volume than we can handle and it was a bloody mess.
So now I’ve got an extra 80 tickets in my queue with no where to go because the internal support teams can’t figure out who should take credit.
face desk
6 Likes
Happy Friday!
1 Like
For real. Who deploys stuff on a Friday?!?!
1 Like
I’ve known this is possible but never had the time to figure it out…
Does someone have a quick rundown on how to do it?
I know about the sudoers.d directory