I'm going to share a short story from the last fortnight about an interaction I had which really highlights just how awesome the #infosec industry can be.

A few weeks ago, I was conducting a pen test against a Government client at their premises. Now if you know UK Government, you'll know a lot of their kit can be old, and they often try to squeeze as much assurance work into the shortest timescale to save money . I was presented with 20 firewall configs to review which hadn't been communicated in the original scope (I was expecting 4). No problem though, lets make this happen.

My immediate problem was I had no tools at all that could parse these old (very large!) configs into something sensible without spending some time coding something up. So a quick search pointed me to an older tool that hasn't been maintained since 2017. #Wallparse. I grabbed the exe and installed it. It ingested every one of the configs for me, giving me a lovely visual representation and made the reviews very rapid by comparison to the alternatives I was facing that day. I had used a trial license at the time.

Impressed with it and its applicability to the job and wondering how to get a license as I am sure it will come in useful again, I contacted the admins from the email address on the 2017 website, not really expecting any response.

Well I did get one, and not the one I was expecting. James D contacted me with a 1 year license and asked for no money for it, rather that I donate to a charity supporting Ukraine, if I could, or at least offer a prayer.

It really touched me what James D had done, so I calculated what proportion of my fee would be for the hours I spent reviewing the firewalls and donated that, and a bit more, to Unicef this morning.

I don't know who James D is, or why they stopped developing their tool, but their generosity has truly made my month.

New season of Warrior Nun on Netflix. OMG.

An under rated rollercoaster of a show. Bring it.