How I got myself a capable laptop

It all started with my old (and very hated) HP Pavilion notebook (i5, 12 GB RAM, 500 GB HDD) almost dying on me. I wanted to get a new laptop, the only reason I stuck with HP for so many years was that I got it as a gift and I wanted to squeeze every drop of use I could get from it.

Well, let's get a new one then, and I wrote down what I needed -

Must have

  1. Good, tactile, backlit keyboard
  2. HDMI, not micro HDMI
  3. Screen less than 13 inches
  4. Good battery life

 Should have

  1. i5-i7 would do, AMD Ryzen as well
  2. Should be portable
  3. Easy to open, repair and upgrade
  4. USB 3.0
  5. RAM 8 GB or more
  6. 256 GB SSD or more

 Nice to have

  1. Should support extra battery
  2. SIM card slot
  3. Swivel support
  4. Graphics card
  5. MIL-STD-810G
  6. Fingerprint sensor for easy login

My options were quite limited considering what I needed would be automatically expensive - I was looking at spending at least INR 75000-100000 (USD ~1000-1300) to get a new one. That too a base model. 

I didn't mind buying a used one, if it served my purpose and was in good condition. I reached out to my connects in hardware segment and asked for their advice. 

A used Ferrari is always a Ferrari, a new ALTO will never match it.

Point well noted.

They referred me to leased laptop distributors, which typically have inventories of laptops which are leased to corporate for 2-3 years and then brought back once the contract is over. Since they are used, people are less inclined to buy them, but their configurations are top notch as compared to their retail consumer segment counterparts and they are built to repair. These laptops are then dismantled and their parts flood the after sales market. The distributors are more than happy if their laptops are sold before they are dismantled.

After having friendly chitchat with a lot of distributors, I finally narrowed my options to Lenovo X250 and an HP EliteBook. The keyboards were nice and tactile and the form factor was small. At one of the distributors, from a heap of laptops, I picked 2 and I asked the person if I can open it. He said why not, and he opened it for me. Both were in good condition, sporting 256 GB SSDs, 8 GB RAM, i5 5th gen processors and were costing INR 14000 (~USD 190), a far cry from new ones, but workable configuration. I asked about warranty and after a bit of negotiation, he agreed for a 1-year repair warranty for INR 2500 (~USD 34). Windows 10 pro was provided for free.

I was about to settle it for X250 one (as it had more ports, was smaller and checked almost everything I needed), one of associates waltzed in and said, "we just got a shipment of some new stock". I asked if I could take a look and they pointed me to next door.

From a heap of X260s I picked 3 - one with no battery and i7 6gen, one with an extra 6 cell battery with i5 6gen and one had 1 TB HDD. I asked if I could swap parts, and they said we don’t care, it’s all the same for us.

I took the extra battery and plugged it into i7 one. CPUZ said it had Skylake i7 6600u and Samsung 8 GB built in. It had 256 GB SSD and a working WWAN module (SIM module) as well. Single memory slot (DDR4, 260 pin SODIMM) but was easy to open and clean. After playing it with for 1 hour, post testing all the ports, modules, running some stress tests, and haggling a bit, I went home with a deal at INR 17000 (~USD 230) with 1-year warranty from distributor, Windows 10 pro bundled.

Then I did some research and checked the maximum RAM it supported - 16GB, 2133MHz DDR4, non-parity. Probably, enough for what I do. 2133 MHz is a bit hard to get by, so a better option was to buy 2666 MHz one since it will run automatically at 2133 Mhz. I did some research (read: going through Reddit threads, Lenovo forums) and found that one user was able to successfully upgrade it with 32 GB of RAM (M471A4G43MB1, costs around INR 27000/ ~USD 370 even more expensive than the laptop). Post upgrading to latest BIOS, I decided to take the risk and got myself a cheaper one (ADATA AD4S2666732G19, 32 GB RAM, 2666 MHz, INR 9000/ ~USD 122) from one of the distributors.

Went back home, disabled internal battery from BIOS, unscrewed & pried back cover and disconnected battery cable. Swapped out 8GB one with 32 GB one. Connected battery cable, power cable and was met with POST screen. Assembled everything back again and ran memtest86 and windows memory diagnostics. Everything was squeaky clean :). Hardened everything, installed virtual box, migrated my VMs, installed emulators and voila, my new system is ready.

I have been using X260 since last 6 months as my primary laptop with the following configuration which runs multiple VMs simultaneously, is used for maintaining remote infrastructure, occasional retro gaming/ emulation and occasional writing :  


  1. Tactile backlit keyboard
  2. 6th Gen Intel Core i7-6600U Processor, Turbo Boost 2.0 (3.4GHz)
  3. 32 GB memory (ADATA AD4S2666732G19)
  4. 12.5" HD (1366 x 768) IPS
  5. 256 GB Samsung SSD
  6. 3 Cell internal + 6 cell external battery
  7. SIM card slot (WWAN)
  8. 3 USB 3.0 ports (Superspeed)
  9. 1 HDMI/ 1 Mini DisplayPort
  10. 4-in-1 Card Reader (MMC, SD, SDHC, SDXC)
  11. Intel I219 Gigabit LAN & Dual Band Wireless-AC 8260, with Bluetooth® 4.1
  12. MIL-STD-810G compliant
  13. Weighs around 1.5 KG
  14. Bundled Windows 10 Pro

Total Cost - INR 26000 / ~USD 352

Lessons learnt –

  1. Research, hunt and haggle
  2. Be very specific about your requirements
  3. Technology evolves every day, see what fits your needs on a long-term basis

Assessing a cyber security candidate

I typically assess a senior cyber security candidate across 7 basic domains for a technical interview, before I actually jump into security. Sometimes, a candidate is so good in these domains that asking questions about security becomes an afterthought. A dipstick feedback of fundamentals actually helps me understand where the candidate is coming from and if he can actually leverage his technical skills in real security engagements. Since these domains are exhaustive, assessment of fundamentals will depend on the previous experience a candidate is having. For instance, I would not expect a college grad to know complete ins and outs of active directory but would expect him to know programming, scripting, linux, VM and algorithms. A SOC guy should know network security, pcap analysis, protocols, BPF/ filters, elementary scripting. An experienced pentester is supposed to know almost all of the mentioned domains. At the end of the day, YMMV.

Tools are not going to make you a hacker, always remember what Gray Fox said -
"Only a fool trusts his life to a weapon"
These domains form the bread and butter basics of any good computer security candidate and enable him to understand the cross functional world from the point of an architect, an operations analyst, an incident responder, a developer, a packer mangler or simply as an adviser.

kinda like this. No Wait! Robyn Beck/AFP/Getty Images


Depending upon the feedback of this article, I may share some good to have domains as well.

Nevertheless, here are the domains :
  1. OS Fundamentals / Software - This is a big one, without these, your attack vectors typically fall flat. Windows and Linux are mandatory. Can you setup a working environment for your own security setup from scratch? Comfortable with VMs? Docker? Jailed environments?
  2. Network/ Network Security - Routers, switches, load balancers et al, be it software of hardware. Are the concepts clear? Considering a lot of the hardware is now virtualized/ customized and is being offered as a service by big providers and every now and then an attack/ exploit emerges that leverages misconfigurations in these systems/ services - these things are important. Can you understand a Pcap? Do you understand routing ? If there is one thing studying Phenoelit early on taught me, was to understand network and routing properly. 
  3. Active Directory/ LDAP - I simply can't overstate the importance of AD/ LDAP when it comes to security. Considering how they function as the backbone for enterprise, you are bound to encounter these. Having good fundamentals around these gives you a good headstart when you actually pentest these environments.
  4. Servers/ Web services/ APIs - Servers and web application basics, how they work, are deployed and do you know how to secure them? Fundamentals are important here. You may be able to find a bug in an application, but in case you can't fix the application per se, can you secure or advise correctly about securing the environment itself? How are application headers used? Do you know how to interact with an API? Can you create your own? Do you operate any website/ webservice? How do you scale it?
  5. Programming/ Scripting - Any one programming or scripting language you are comfortable with - python/ ruby/ bash/ powershell et al. Doesn't matter what it is. Can you read code? Can you comprehend patterns? Can you write pseudocode? Do you have fundamental understanding of algorithms?
  6. Hardware - Good to have knowledge of hardware basics, you should be comfortable with atleast setting up platforms like raspberry pi, beaglebone et al. Can you identify pinouts on an unknown board? Can you read technical manuals? What is your portable platform of choice? Can you setup your own VPN environment on a raspberry pi and hook it up with your test laptop?
  7. Architecture/ Tooling - A typical question starts like this : create a full fledged network for 100 people with everything included, LAN, WAN web services, email et al. Now design for 1000 people. Now for 10 K people. Now let's break it systematically - how will you break it? What attack vectors? What if Burpsuite is not available? Can you leverage curl? How can we improve it?

These domains are absolute essentials, platforms and tools may make you a bug hunter, but a knowledge of these will make you a better one.
There you go, if you know these, you already have a healthy background into computer security basics and I wish you best of luck.

This was crossposted at Fruxlabs Team blog.

The Rescure Cyber Threat Intelligence Project - Sensor Update

We have massively upgraded our sensor detection, logging and monitoring capabilities at rescure.me - we detected around 350K attacks in last 24 hours which are then funneled and curated as feeds by our co-relation system. This included removing code cruft, updating data pipelines, a new ELK stack which can monitor multiple sensors at once. Feeds have been optimized as well and the stack has been migrated to new high performance servers.

Countless hours and personal funds have gone in to maintain this, special thanks to Fruxlabs Crack Team for being there. w00t!



In case you wish to collaborate in terms of sensors/ feeds/ research, please do reach us out at support@fruxlabs.com.

The Rescure Cyber Threat Intelligence Project - Domain Blacklist Update

We are now publishing consumable list of malicious domains at rescure.me as part of our independent cyber threat intelligence project.

Each node below is an event with its separate attributes (around 2 million) which are co-related in real-time to ensure only offending, malicious domains are listed at the portal. The current domain list size is around 18 thousand (! and growing) which is updated at the frequency of 4 hours at 
https://rescure.me/rescure_domain_blacklist.txt
Rescure Cyber Threat Intelligence Domain Blacklist
Rescure Cyber Threat Intel Domain List Simulation
As always, feedback is appreciated at support@fruxlabs.com

REScure Cyber Threat Intelligence Feed

We are now generating a daily blacklist of malicious IPs via our own threat intel solution. The feed will be generated every 6 hours and is now available at
https://rescure.me
The below snapshot is the end result of the penultimate stage of co-relation of millions of data points that are finally grouped into attack groups before they are published at rescure.me
Cyber Threat Intelligence co-relation rescure.fruxlabs.com
Co-Relation snapshot at REScure Feed
You are encouraged to try it and consume it into your security solutions. Since this is in beta, we are limiting it to only IPs.
REScure Cyber Threat Intelligence Feed
Yep, REScure may look like this to your SIEM
We are alpha testing API access, detailed Indicators of Compromise access, STIX/TAXII/OpenIOC exports, realtime refresh rates and a lot more. This is an independent project we undertook to enhance our understanding of underlying architecture of distributed systems, the nature of threat intelligence and how to efficiently collect/store/consume/distribute it.

The project is being jointly developed with Sreyash and Eshan.

Your feedback is appreciated, please share it at support@fruxlabs.com.