Skip to content
 
Episode 24

Joe and Mike's Top 5 Free Cybersecurity Tools

EPISODE SUMMARY

With the number of cyber threats out there, it sometimes takes a village of cybersecurity tools to keep individuals and organizations safe. Joe and Mike share their favorite free cybersecurity tools on the market, as well as tips and recommendations on how to use them.

Did we miss your favorite free tool? Write to Joe and Mike here.

Subscribe or listen now:  Apple Podcasts   Spotify   iHeartRadio

mike-gruen-150x150
Mike Gruen

Mike is the Cybrary VP of Engineering / CISO. He manages Cybrary’s engineering and data science teams, information technology infrastructure, and overall security posture.


Joseph Carson:
Hello, everyone. Welcome to the next episode of 401 Access Denied. I'm Joe Carson, your co-host for the episode, chief security scientist here at Thycotic. And I'm really excited for another fun discussion with my co-host, Mike. So, Mike, do you want to give us a bit of an update into what's happening today?

Mike Gruen:
Yeah. Mike Gruen, VP of engineering and CSO here at Cybrary. Today, we're going to be talking about our favorite free cyber security tools. I'll kick us off because otherwise Joe'll steal my thunder. But, my favorite one and the one that got me into cyber security really was Burp Suite back in the day. And I can't talk enough about how much that's really helped me as a software developer just learning those tricks and tools, how hackers are able to use tools like that definitely helps me to understand better how to protect my own services. And then from there, that's what got me involved, and it was shadowing MITRE as they did a penetration test and showed me how to use the tools that really started me down this path towards more of a security mindset. Just definitely wanted to kick off right there because that was instrumental in my foundation a number of years.

Joseph Carson:
Yeah. Absolutely. I mean, from my experience as well, I couldn't agree more. Burp Suite has been something that's been in my tool set for years. And it's always a go-to for vulnerability assessments and websites. So, absolutely. And it's one that you'll ... There's a lot of penetration tests. There's bug bounties out there, even for troubleshooting. You want to see what's happening in the background. It's a multi-useful tool in order to really get to see the communications between clients and web servers and the traffic, and really understand how things work in the background because, ultimately, that's what hacking is, is uncovering and trying to understand how things work.

Mike Gruen:
Right. And actually what's really, I thought, was funny, so Joe and I were talking about this episode a couple of weeks ago, like, "Oh, what should we record next?" "Let's do free tools." Burp Suite was the first one we both mentioned. Just this past weekend, two different QA guys reached out to me, testers, and they're like, "Hey, do you know anything about Burp Suite because I'm trying to use it?" I was like, "Ah, you just walked into my wheelhouse," and helped them to identify some good resources for how to use it, but I think it can help with ... It's not just for application developers, it's not just for pen testing, it's any website technology. It can really be helpful seeing what's going on, whether you're doing testing or whatever. So.

Joseph Carson:
Absolutely. Troubleshooting is key. A lot of tools get built to help you troubleshoot, and that's from a supportability perspective. And they evolve from there. The only thing about Burp Suite right now is that, of course, at that moment in time, depending on how you're using it, it is the crossover between you need to maybe move to the paid version. The community version is great, but I really, really like the extensions and extenders that it has there, so actually you can really tick the functionality. You've got to learn it third party, people who's added their code and their scripts to it, because it becomes very extendable.

Joseph Carson:
And at that moment in time, that's where you really start to consider that you want to get more automation. You want to get more scalability. You want to get more capabilities and features to do that extension. Some of them are paid, some of them are free. And that's really where you start thinking about, "Well, okay, the community edition is great." I use it still quite often in the lab, but when you get into production, it's one of those areas where you have to consider the paid version. It's not that expensive.

Mike Gruen:
Right. Right. And I think that's a great model, right? Right. If you're using it for yourself for certain circumstances, the free edition will probably get you most of the way. But, as you said, once you start moving into a production system, I think paying for it is the ... You've got to support the tool. And I think you get access to those features that you really need in a production-like environment, so.

Joseph Carson:
Correct. Companies need to make money at the end of the day, too, to invest into them, so. And the functionality they do provide in the free tool is fantastic, so. But, they do got to make money and, ultimately, that's how they actually make the product better in the future. So, Burp Suite, definitely up there in at least my top five go-to tools that I go to quite often. One of my number one up there ... it's usually, let's say, in the top two, and it saved my neck a number of times. When I was working in infrastructure doing money markets in the past, it was something that I used, and it saved me so many times. Most people today know it as Wireshark. For me, it goes back to I was in the times of the Ethereal, when it was even the older legacy term. And even I got to meet Laura, who was the founder and person behind it all, during some of the events I went to. And an amazing person, but Wireshark for me-

Mike Gruen:
Back when the ethernet still ran over coax?

Joseph Carson:
Possibly. It was. It was indeed. I'm giving away my age a little bit. That had been around for quite some time. And I get into ... One of the times I remember using it extensively was I was doing a money markets application. And the problem was that certain transactions were failing, and I had to use ... then it was still called ... it was Ethereal. And ultimately what happened was it was a problem with sticky bits, that the one connection would come in through one router and would leave out through another one. It was using a load balancing, and it wasn't sticking to the right traffic, right path. And that was causing so much pain and so much problems. And it was getting down into really analyzing the data traffic and understanding about the sticky bits in the local directors were not working, and finding that was impossible.

Joseph Carson:
And it was Ethereal that really made it visible. And it saved a lot of my time troubleshooting and going into the data packets and understanding what was happening. And, for me, it's a go-to tool almost every time to do packet captures and really understand about how traffic is going between computers, whether you're doing it on the actual device itself or you're doing it in the "man in the middle" kind of scenario, so you can actually see the traffic from both clients. For me, it is a must tool in your kit in order to basically make sure you understand authorized traffic, what's expected, analyzing malicious attackers. It's there for doing everything, but. And it's continuing to expand. I still use it excessively today, but it is definitely up there. I don't know, Mike, if you're using Wireshark often or not, but it's-

Mike Gruen:
I haven't had the need to use it in a while, but yeah, it was a very powerful tool. Back when I needed it, I was glad I had it. Couldn't agree more.

Mike Gruen:
Yeah. I think it's in every top five. And it's somewhere around one or two, three in most of those lists. Yep.

Joseph Carson:
Yeah. And it's the one ... It's multiple use as well. You can do it for basically understanding about troubleshooting networks, troubleshooting packet loss, troubleshooting like I was doing with the sticky bits and local directors, troubleshooting malicious attackers to see where malware or ransomware is sending to the command and control. It's so many uses, and it's so extensible as well. It's great to be able to quickly analyze about network traffic.

Mike Gruen:
Yeah. And even as we're talking, one of the things, and I'm not sure where you stand on this, but to me, just learning Unix and the command line and just what is actually available, it's always ... I think, in talking to friends and others, when they're trying to troubleshoot problems and I'm like, "Well, did you use lsof or any number of these different commands?" They're like, "Wait, what does that do?" It's like, "How do you do your job?" They go out and buy tools or do other things that are just sitting on top of these existing Unix command line tools that you can use. And, yeah, maybe it's not super extensible for a production environment. For troubleshooting a specific problem though, nothing beats some of those. Learning those, I think that's a great place to start. It wasn't even on my list coming in of what are the top command line things that I do, but lsof and-

Joseph Carson:
And listing open files, netstat-

Mike Gruen:
Exactly.

Joseph Carson:
All of those things even, that's where you get into-

Mike Gruen:
Even just telnetting a port and let me see what happens when I start talking to it, right?

Joseph Carson:
Yes. This is really getting ... Even just to see basically the banner coming back, I remember even using telnet to the printer port and then typing because you had lineout printers basically-

Mike Gruen:
At the University of Maryland, I use telnet to send mail as other people. It was the best way to spoof an email was just connect to a port 25, and if you know the headers, you can spoof an email really well.

Joseph Carson:
Absolutely. The getting into the command line side of things is so useful. That allows you, especially when you're doing network trafficking or you're doing Burp Suite as well, that a lot of those commands allow you to really do those types of things step-by-step, so you're not going to a middle client that is doing it all automated. You can actually go through one thing at a time in order to really find out what is failing or how it's failing, or just to make sure that something's working as expected. So, absolutely. Those for me, Windows and Linux commands, that I've got the books back in my shelf back here, sometimes I just go to and just go through them just to see maybe some of the attributes that I can use.

Mike Gruen:
Just RTFM for fun?

Joseph Carson:
Literally. I know. Literally, I do. I'm the guy that has, even sitting here, you can see I've got Linux's operator handbook. I have my little, flappy ears in my books. These are the things that takes notes. And these are things for quick reference. And that's literally what I do. I go through the books and I take notes, and then maybe something I can go back to it and learn more.

Mike Gruen:
We stumbled on Joe's Bible.

Joseph Carson:
Indeed. Absolutely. And another one of top free tools, this is more of a suite of tools rather than a free tool, is Sysinternals. Mark Russinovich. And I've read his books in depth. I've got to see him speak many times. I've been using his tools since late 90s, I think, using Winternals. But, Sysinternals is now basically if you're troubleshooting Windows systems or Windows networks or active directory, that is the go-to set up suite. I'm using it for analyzing malware, analyzing ransomware, doing reverse engineering, checking connectivity while you're using things like PsExec, or whether you're using Procmon or DebugView or TCPView, or you're looking at AccessChk to make sure about who has permissions.

Joseph Carson:
For me, that has been something ... those tools really expand a lot of the limitations that Windows has that allows you to really get more insights. So, that's up there. Definitely, it's in my top five, or definitely within the 10. And I still commonly go to that set of tools to do active directory troubleshooting, to look at permissions. And this can be used by both good actors and bad. It can be used for ethical hacking, it can be used for troubleshooting, and it can be used for unlicensed activities. And a lot of times I do find the tools when I'm going in doing instant response, the attackers have left behind things like PsExec or other types of command tools or AccessChk that they're using in order to do privileged elevation. For me, it's a vital toolkit used mostly for good, but again, like most tools, it can be used by bad actors.

Joseph Carson:
So, Sysinternals for me is a vital set of suite of tools that ... And again, going back to my support days and troubleshooting days and managing large networks and infrastructure, this is a tool set that have saved me so many times. Getting into really understanding about what's failing, whether certain handles were causing memory leaks or CPU problems or applications causing crashes and looking at the crash dumps, this for me, I can't ... Mark, if you're ever watching or listening to our episode, thank you for creating a Sysinternals. Definitely a must have in everyone's toolkit.

Mike Gruen:
Yeah, definitely. You were talking about the tools from a bad actor. One of the ones, speaking from more of a good actors or monitoring perspective, that I've used time and again is the ELK stack. Big fan of ... That's a great way for helping with monitoring and alerting on the more defensive side of things. Elastic, Cabana, what's the L ... Log? Joe, help me out.

Joseph Carson:
It's off the top of my head.

Mike Gruen:
I just called it ELK stack for five years or whatever, six years. But, yeah, definitely a tool that we've used here at my last company, so and so forth, for helping with monitoring. And can't talk enough good things about that, even if I don't know what all the letters stand for.

Joseph Carson:
Yeah. I would say Elastic, Elasticsearch, and Cabana for automation and analyzing logs and doing quick graphics that you can actually pull together dashboards and so forth, it's invaluable. And it's great for doing a lot of automation and getting dashboards and really being able to customize and scale as you need to. I find it very useful. Absolutely. Another definite tool in my toolkit, and it's been ... When we talk about these, very few have been new, like recently new. We've talked about the likes of Wireshark; it has been around since the early 2000s. Sysinternal has been around since the late 1990s. This next one is also the same. It's still heavily used today, for me, is Nmap.

Joseph Carson:
And it's really for me to really understand about networks, discovering the networks, checking what ports are opened, checking about connectivity, checking banners, checking for vulnerabilities. It's that all multi-tool set. It's like a Swiss Army knife. There's so many capabilities, not just about scanning a network and understanding about latency and connectivity and also what's available and what's working and so forth, but again, it has those multiple capabilities. So, Nmap for me, again, I've got the book in the shelf as well, so.

Mike Gruen:
I'm curious why you think that ... because I have ideas, but you think about these tools, right, a lot of the ones we're talking about have been around for a long time, since the late 90s, early 2000s, that timeframe. Why do you think they last as long as they do? It's an interesting ... I have ideas, but I'm just curious what you might think as to why they've stood the test of time, even as we've moved to cloud and we've moved to this and we moved to that. I'm curious.

Joseph Carson:
I think one is the community. I think when you get something that has a community involvement, that really helps and also when it gets down to really adding significant value that the underlying systems may not be able to provide. When you look at things like ... we talk about Wireshark and we talk about the Nmap, they've got a community around it that's adding additions. Even Burp Suite, you've got that community around it. That's what makes things sticky. And they add significant value. Sysinternals, I think it was around maybe 2006 when Microsoft acquired Sysinternals, around that timeframe.

Joseph Carson:
But, then once it went inside of ... it was two or three people that was doing Sysinternals and doing the different tools, and it was some community they were helping and so forth, but once it went inside of Microsoft and they were able to then add more people to building the tools and making more value, it was that community effort that really makes these being established. I think that's what it really is, is they make people's lives better. They have really an ability to be very granular in solving a problem. And it has a community centered around it, the knowledge and sharing and helping, I think that's what really creates a lifespan.

Mike Gruen:
Yeah, I think so. I was thinking also from the perspective of in the end, everything we build is built on top of stuff that existed. And so these tools are the same tools that we used to debug systems back then. And everything we build on is still built on those same systems. And so not only is it, as you said, solving a problem and making people's lives better, which then creates a community because now everybody's flocking to it, so it gets supported. But, at the end, everything we're doing is still not that different from stuff we did a long, long time ago. It's just now we have layers and layers and layers. And as we add those layers, I think having those tools that let you peel it all the way back down to the basic, what are the actual packets-

Joseph Carson:
TCP.

Mike Gruen:
Yeah. Exactly.

Joseph Carson:
When you really get down to the basics, TCP's stack is still the same as well. It's been around since the RFC and really network traffic, and it's been around Windows, I know the interface and what looks ... Let's say, the book cover changes every version, but when you really uncover it, it's still DOS in the background, it's still NT. It's still the same kernels. What they've done is they've extended and extended and extended it further. That's why a lot of these tools even ... okay, the protocols and things like web clients and servers and so forth has definitely advanced, but Burp Suite has been able to extend those and maintain those updates. That's why it really is standing the length of time.

Joseph Carson:
But, absolutely. When you really get to really uncover a lot of the technologies at the basis, the foundation is, I guess, it's a bit like, for me, I talk about car engines. That the car engines, they all still function primarily the same. It's just the additions and the automations and the looks and the shell around it. But, at the end of the day, the combustion engine fundamentally is the same. I think that's where we get into technology. The look and feel and the efficiency has definitely improved, but the fundamentals and the background is still the same.

Mike Gruen:
Right. Yeah. Why don't you ... sorry to reverse a little bit, but-

Joseph Carson:
No, it's actually-

Mike Gruen:
I think it's a fun side conversation, but I'm curious what else-

Joseph Carson:
It's interesting as well. Even another one of my favorites I go to, which is also quite an all tool as well-

Mike Gruen:
I wonder if we had younger people on the show, if we'd have newer tools.

Joseph Carson:
Possibly. They might not even know some of the tools we're talking about.

Mike Gruen:
Listen to two old men talk about the good old days.

Joseph Carson:
Which is still ... You talk about Metasploit. Metasploit is still heavily used.

Mike Gruen:
Yes.

Joseph Carson:
And, I mean, for me, I go to Metasploit to do the automation because it really is a penetration framework. And I think it's written in Ruby and pulls a lot of different tools in and scripting and so forth and automation. And it's a great penetration framework. I use it for quickness and automation. And I can do things very quickly, and it's very flexible. I still like to, when I'm going through a penetration test, I still like to do it manually to understand how it works. And then once I understand manually, then I'll go and start using Metasploit as the automated way, but it's still one of the go-to tools for quick access or running quick exploits.

Joseph Carson:
Definitely, Metasploit. Again, another tool as Jim Gorman or Jim O'Gorman, trying to remember the author, but, and even Dave Kennedy, who's been ... there's a lot of people who've been really building on top of it and adding to it. But, for me, definitely another tool that's been around since the early 2000s that, for me, is definitely one of the toolkits in my arsenal of things that is always running and always available to me in the background. But, I think it's really important. I mean, when we look at a lot of this, fundamentally, it's troubleshooting. It's systems management. It's automation. It's the things really these tools really are there to make our lives easier to help us do what we need to do.

Joseph Carson:
If you want to understand how vulnerabilities work, that's why Metasploit is there. It's really that framework to help provide you the automation to do vulnerability scans to help you make a better, secure network. And you understand where attackers could exposure your infrastructure. These tools really have fundamental, very critical value to businesses and have multiple functionalities. I think this is really where ... That's why they're critical. And that's why they're probably, if you go to every, let's say, top five or top 10 list of tools that people use, these are all going to be at least in there. I think even script kiddies and newbies in the industry are definitely ... they're going to be using the tools that we're talking about. At least one of them.

Mike Gruen:
Yeah. Definitely. If they're not, then really are they that good?

Joseph Carson:
They're probably using a little more of the, what's it, user interfaces because a lot of these you really get into. What we're talking about is they're command lines. We're fundamentally driven. There's a few, of course, Nmap has Nmap interface, but I still use the command line. Sysinternals has user interfaces for some of the tools, but fundamentally, I'm still in the command line. Metasploit, command line driven. Of course, there's things like Cobalt and Armitage that really use the user interface of those. Burp Suite probably is the one that is very UI driven, even though there is some command capabilities in there for automation, integrations, and so forth. But, a lot of these are definitely lsof, netstat, all command line driven.

Joseph Carson:
I think that's really where retro and old school, we like to go into the command prompt and we like to be able to ... we like to see the granular control and see things as they happen rather than sometimes clicking the user interface and wait for that little spinning thing in order to do its thing. And all the things happen in the background. We'd like to know what's happening in the background, and that's ultimately why a lot of these tools fundamentally help us and uncover. Same as with Wireshark, it is command line driven in the background. You can do the capture files in the background, but you really need an easy way of displaying it and filtering and searching. And that's why Wireshark itself, the interface, is really for that automation and analyzing side of things.

Mike Gruen:
Yeah. I always feel like the GUI is just hiding things from me that I would otherwise ... And sometimes that's a good thing, right? I don't need to deal with the details, but most of the time, no, it's actually I feel like I'm just having to type with mittens on. I would prefer just to get down in there when I'm using a lot of the GUIs.

Joseph Carson:
Absolutely. Another tool that I've used heavily and it's something ... because I've used various ones over the years, but I've started using it more regularly for many things is ... We've come in the years where I had so many accounts. Back in early 2000s, I was doing network administration. I was doing server administration, and I had something like 50 to 100 accounts. I was using spreadsheets and using documents to try and maintain all of those. And back in the early 2000s, I started moving to a password manager. Back then it was Password Safe. It was one of the first ones I use.

Mike Gruen:
Yep. I forgot about Password Safe.

Joseph Carson:
So, Password Safe. Again, it saved me a lot of times, but it also caused me a lot of problems at the same time. If you locked yourself out of the Password Safe, you're like, "Oh. Now, I don't know any of the passwords." It was always getting into making sure you maintain backups and you have a master password for many of those. But, over the years, I've used a lot of different password managers, but even one from Thycotic ... Thycotic has a Secret Server free. And I think it's really important for small businesses and medium businesses is that you really need to move beyond what I would have used as a password manager for personal use or for administrator use to make sure I'm creating complex passwords, that it auto-fills, and that'll cut reports, but I find that now businesses really need to move beyond password managers. And this really means using something like Privileged Access Security.

Joseph Carson:
And Thycotic has a fantastic Secret Server free solution, a tool, that allows all of those out there that have many accounts, whether you have 100 accounts or 200 accounts, you may have five users, that there's Secret Server free, which is there, that will really enable you to actually move a lot of the passwords to the background, so you don't have to rotate them yourself. You don't have to manage them. You don't have to create them. And that's ultimately what we need to do is for those people that are managing many systems and accounts, you want to move that to the background. You want to be able to focus on what's important to do. And that's ultimately what we'd like to do is automation. We want to spend the time that we enjoy ... I want to spend the time learning. I want to spend the time growing my knowledge. And I want to spend the time doing the things that are really interesting and the things that are exciting.

Joseph Carson:
I don't want to spend my day when all of a sudden there's a compromised account out there, or the company got basically compromised and all the passwords, and now you need to rotate everything. And you're going, "Ah. Okay." Login to each system, rotate the password, login, go into active directory, rotate passwords. That's a very time consuming, mundane thing if you have to do that manually. Secret Server free allows you to simply automate a lot of that, give the visibility into which ones you do need to change, provide that disclosure ability, to provide the access in the systems, the auto-fill.

Joseph Carson:
That's what's really important is a lot of these tools, again, what we're talking about, is the automation capabilities that saves ... Anything that saves our time saves money and allows us to not do the things we don't like doing. It allows us to focus on things we enjoy doing, and that's why a lot of these tools are successful. And I think that's why they're up there in our top lists. That's why we talk about, and that's why we enjoy them is because it saves time.

Mike Gruen:
Yeah. No, that's awesome. And I can't agree more on the password manager. There's the individual password manager and then there's, once you get to a business level ... LastPass is a great password manager. They have a business offering. It's paid. It's not the same. I think it's awesome that Thycotic has one that's actually built for businesses that you can start using for free, as opposed to ... I've talked to the CTO of LastPass. LogMeIn is the parent company. Great guy. Talked to him. I love their product, so I don't want to take anything away from them. But, at the same time, it's a great product. Same thing with ... I've talked to people from Abine or Abine, they have Blur, which is, I think, really more towards the individual market. But, password managers, Joe and I have talked about a bazillion times. It's like step zero. At this point-

Joseph Carson:
It's the fundamental basics that everyone needs to be doing. And I think that's really good starting tool. And I've been looking at different data breach analyzing over the past couple of weeks. I'm looking at incidents. And every single time, I'm just like, "Ah." It really starts with a default credential. It starts with a weak password. And just can we move beyond that? But, we're not going to until actually, fundamentally, every organization is using a password manager. And absolutely, the likes of LastPass, I think they have a good solution, but it really can ... I think the big difference between using something like privileged access and password managers is that there's the accountability and responsibility.

Joseph Carson:
If you've got people that you want to delegate the accountability to, a password manager is still delegating the user responsible for changing and managing the passwords. It's giving them a tool to do that. Privileged access is really taking that centrally and taking away the need for the user to think about the password, to think about changing and rotating and managing it, and moves it to centrally managed, and allows a lot of those integrations. So, I think there's definitely a place for both solutions in the world, and my goal is that I would like every organization in the world to be using a password manager. So, therefore, it makes our job in regards to securing and protecting that we can actually start building more advanced security programs and more mature programs rather than always going back to this fundamental, weak credential, default password, poorly-managed, poor hygiene that leads to company all of a sudden having a disaster of a catastrophic nature, that their business comes to a halt from things like ransomware.

Mike Gruen:
Yeah. Couldn't agree more. And if we're doing shameless plugs, I mean, you can come to Cybrary. We're not completely free anymore, but there's still plenty of free content where you can learn a lot of this stuff, but-

Joseph Carson:
Absolutely. For me, that's really important. And there's many cases, there's a lot of offers out there and a lot of good offers and sometimes some free capabilities, but education, that's the most valuable tool that we have. Knowledge. We're in a knowledge driven world today. While a lot of these tools that we're talking about help automation, it's the education part that I wouldn't be able to know how to use many of these tools without the people who create the education around them. With Mark writing the books on things like Sysinternals, I've went in and I spent days and weeks of reading those and understanding. And that's the only way I can get to really fully understand the capabilities of those tools is the education material.

Joseph Carson:
And that's more where I, myself, I spent a lot of time going into the ... For Secret Server and Thycotic, all I do is educational content. My goal is to help create educational material to share the knowledge, to make knowledge available. And I think that's what's really important between Thycotic and Cybrary is that we are really focusing at educating the world, especially around risks in security and technology. And I think that's fundamentally something that I think it can only be good. I'm hoping that the audience, a lot of the tools we're talking about today, that they will go and check them out. We'll make sure that ... I'll make sure that we get footnotes and the videos and podcasts so that people can see references to the tools we're talking about.

Joseph Carson:
For me, going and learning them ... And this education and these tools, if you know how to use these tools, it will also make you more hireable. As you go to job interviews and people are asking you if you're in this scenario, how would you maybe solve this problem, and if you have basically, "I'm fully knowledgeable in Burp Suite. I know all the functionality and all the capability. I'm trained, and I can use it very, very well," that will make you more attractive to employers. I think that's also important thing that everybody hears that ... And these tools are not going away. These are something-

Mike Gruen:
Yeah. I mean, I think we've proven that. I mean, right? They've been around for a while. I don't see them going anywhere. And to your point with what are employers looking for, I know when I'm interviewing candidates, whether it's for infrastructure in the operation side, software developers, whatever, for me, it's a little bit more meta than do you understand every single feature that that thing ... a good tool, there's no way you know everything. For the lay person, that's like Excel, right? If I ask you how well do you know Excel? If you tell me that Excel like a 9 or a 10, I know you don't know Excel. There's no way. There's nobody on earth that knows it that well.

Joseph Carson:
There's too many attributes. There's too many flexibility capabilities. These tools are the Swiss Army knife of system administration.

Mike Gruen:
Right, but if you know how those tools are to be applied and the general thing, and then where to go to get more information, like if you say like, "Oh, I'd use Burp Suite to do some things, I don't know exactly all of the flags and all the rest of it." Right. You just need to know what bible to look in, right?

Joseph Carson:
That's exactly the point. It's knowing where to get that information. Some of the commands and tools we're talking about have awesome help functions. But, if you can simply go ... I spent a lot of my time in Linux man pages because I just can't remember. I just can't remember everything.

Mike Gruen:
No, I mean, man, that's actually ... I mean, if you want to go really far back to when I was in college. And I started as a mechanical engineer. I didn't start in computer science or doing software development. I was trying to do ... I was just trying to write some emails or whatever. And then the guy across the hall showed me, "Oh, you can switch into vi." I was like, "What's that?" And then, "Oh, let me show you how to ... Now you're on the command line, here's how to find out more information about all these things." Man, finger, man this, man that, and you just start building up and man, man. That's the first ...

Joseph Carson:
Should we go into vi?

Mike Gruen:
I mean, I could teach a whole course in vi. In college, I actually used vi as a programming language for a course just for fun. Just to show that you actually have enough power in vi, what registers-

Joseph Carson:
It's one of the least intuitive programs I've ever used.

Mike Gruen:
It speaks to me. It's intuitive to me.

Joseph Carson:
Yeah. I mean, that's going ... In vi, I've got so many notes.

Mike Gruen:
There's people right now still trying to figure out how to get out of what they accidentally started that they don't know how to get out.

Joseph Carson:
I started vi 10 years ago and haven't been able to exit it and save my file.

Mike Gruen:
I just learned that if I hit control Z, and then I can kill it.

Joseph Carson:
I mean, actually sitting on my wall to my left is basically a bunch of vi notes because I just ... it's literally, I can't remember everything. I do it for quick edits or remote edits, and I learned so much. I think even there's Tom Numnum as well. He does an awesome video on YouTube. He's from UK, and he's great in vi and IPsec as well. IPsec, I also follow quite often. I mean, some of the things they know in vi are just like-

Mike Gruen:
I'll send you my card. A long, long time ago I got the O'Reilly book on vi. By the way, I'm talking vi, I'm not talking Vim-

Joseph Carson:
Yeah, Vim is in nano, and there's so many GS-

Mike Gruen:
It's way too user friendly. I'm talking the hardcore Vim, and I actually, or hardcore vi. I even have my Vim set up to only do vi mode. But, in any event, so I have the O'Reilly book, and in that book had this tri-fold card that just was a cheat sheet of vi. I will send it to you. I've made copies of it.

Joseph Carson:
I think I've got a cheat sheet also.

Mike Gruen:
But, it shows it in a very logical way. Anyway. We're going way deep.

Joseph Carson:
Into the deep. There's probably a lot of people going vi. What is vi?

Mike Gruen:
Why is that a security tool? But, there's nothing you can't do without vi.

Joseph Carson:
Exactly. Everything comes in vi these days, but I mean, it is the least intuitive. I mean, once again, I remember, it was probably ... I was introduced to it around, I think, maybe 1999, 2000 was the first time I got introduced. And I was... I have notes and papers behind me. I've still got print outs on my screen here about even using terminator and team ups, emulators, and then up and above it is the vi commands. I just, I mean, sometimes you're looking for these basically because there's a lot of breakouts and there's a lot of different automation and replace and dot and insert and, yeah. But, an awesome tool.

Mike Gruen:
Yeah. I mean it takes its toll on your life, but otherwise it's very-

Joseph Carson:
Absolutely. I think at that point, with vi, we'll have to share some notes. I'll probably start ... I think what we'll do is we'll include some of the videos, the back links to videos from IPsec, yourself, and even Tom Numnum. We'll definitely make sure we include those in because I think those are valuable definitely from educational side as well. But, I think we'll leave it at that note.

Mike Gruen:
Yeah. Definitely.

Joseph Carson:
We'll not get into vi. I think I've got some scars of trying to exit it many times.

Mike Gruen:
That's what I said. It takes its toll. It's not a free tool. It'll leave its marks on you.

Joseph Carson:
Yeah. Overriding the wrong file. A lot of pain from that one. But, I think for the audience, I think hopefully this is valuable. I think there's nothing more that we can get out other than the free tools. Free tools are really where even a lot of people getting in the industry, it's your starting point. It's where you get familiar. And these are things that are zero costs. You might just need a computer that will run it. Great education material. There are great help files, great communities around these. And definitely, they will make you much more hireable in the industry by having knowledge of those. So, absolutely.

Joseph Carson:
Mike, great chatting with you today as always. I think this is going to be another great episode for the audience. And definitely, if you have free tools and you're listening to us, let us know and let us know what we're missing. And if you are under the age of 35 or 40 and there's tools that you're using which are more modern, let's say, recent tools, we'd love to hear about them. Let us know which tools you're using, which are, let's say, less than five years old.

Mike Gruen:
Right. Now, get off my lawn.

Joseph Carson:
Maybe myself and Mike need to learn some new things as well. I'm always interested, so. But, absolutely, Mike, great talking with you today. And for the audience, always tune in every two weeks. You'll get an episode from us that basically we'll have guests coming on every now and again that will be amazing and really add a lot of value to the industry. But, we're excited. 401 Access Denied is getting very popular. We are getting a significant following. Hopefully, we continue growing that. If you missed episodes, go back and listen to old episodes. They're always available. And again, stay safe, stay healthy and keep us informed about what things you would like to hear about, so. Absolutely. 401 Access Denied. Mike, awesome speaking to you. And for the audience, stay safe and talk to you soon. Thank you.