ikawnoclastic thoughtscontemplating information security2026-02-23T02:52:57Zhttp://ikawnoclast.com/feed/atom/WordPress.comikawnoclasthttps://ikawnoclast.com<![CDATA[My Claude Code Notes]]>http://ikawnoclast.com/?p=130762026-02-23T02:52:57Z2026-02-23T02:48:51ZI haven’t programmed professionally in more than twenty years. Even then I am not sure what I did could be considered professional programming. However, I dabble in programming and have written some tools for my own use. One in particular I use everyday. Lately, I have been experimenting with Claude Code. I don’t think I need to impress upon you the value of this coding agent.
I am learning how to use Claude Code effectively and to avoid burning through too many tokens. This post is a collection of my notes from using Claude Code. I expect to revisit and edit this post frequently, as we are in time-warp inducing increase in AI capabilities.
UPDATED: February 22, 2026
RTFM — Read the Friendly Manual
I know many people that just want to get started and play. That’s great. Get your hands dirty and just go. But…
At some point you should check out the docs from Anthropic, you might learn some new things. https://code.claude.com/docs
CLAUDE.md
CLAUDE.md is a Markdown file at the top of your project folder. Think of it as a project-specific system prompt for Claude Code. It helps guide Claude Code. While the /init command will create an initial version of the CLAUDE.md file in your project directory, you can add more content to it or edit what Claude Code inserts there.
The content in CLAUDE.md can help Claude Code as it works on the project. By having important project details in one place, Claude Code doesn’t have to go discover this information each time. You can have a global CLAUDE.md file in your home directory (~/.claude/CLAUDE.md), which tells Claude how to work with you. A project-specific CLAUDE.md file in each project folder can be included in the git repo and shared. You can also have a project-specific file (CLAUDE.local.md) that is local to you and not in the git repo.
Use Plan Mode
Put Claude Code into plan mode any time you need to add create new functionality, add features, refactor code, or fix bugs. Plan mode should be used when you need the existing code analyzed to determine the changes needed. Claude Code will show you the plan before any changes are made. This your opportunity to check that plan for errors or needed additions. Once the plan is ready, Claude Code will start making the modifications.
Put Claude Code into plan mode by using the /plan command or Shift+Tab.
Store Plans in the Project Directory
Whenever plans are created before changes are made, Claude Code will place those plans in the Claude Code home directory (~/.claude/plans/). Ideally, those plans should be stored in the project directory. After the plan is created, tell Claude Code to store the plan in the project directory. I usually create a plans directory and tell Claude Code to put the plan in that directory.
I have added this requirement to my global CLAUDE.md file.
Enable Extended Thinking
Extended Thinking (or “thinking mode”) is helpful for complex tasks. This mode enables the model’s enhanced reasoning step-by-step thought process. Complex tasks could be starting a new project, implementing new features, correcting security issues, etc.
Choosing Models
Claude Code allows you to select models at any point during your work. Each model has different token consumption and speed. For complex planning, you may be better served by a higher end model. For well-defined tasks or simple changes, a faster, less token-hungry model might be fine.
Opus — Best
Planning
Coding
Troubleshooting
Sonnet — Capable
Coding with a detailed plan
Security code review
Basic troubleshooting
Haiku — Fast and Efficient
Code summary
Basic code review
Documentation
There is also the “opusplan” model which uses Opus for any planning and Sonnet for implementation. This is useful so that you don’t have to manually switch between the two.
Switch your model with the /model command.
Effort
The Opus and Sonnet models support an effort setting, which allows you to select the balance between and token efficiency. More effort means more tokens consumed but possibly better results with a given task. There is a balance here that will require more experimentation.
You configure effort when you select the model using the /model command. It applies (for now) to the Opus and the Sonnet 4.6+ models. Use the arrow key on a selected model to set the effort.
More to Come
I realized as I wrote this that there are a lot more notes that I have. Some are very specific and dive deeper. I will save that content for another blog post.
]]>0ikawnoclasthttps://ikawnoclast.com<![CDATA[My Approach to Managing Dot Files with GNU Stow]]>http://ikawnoclast.com/?p=80372025-05-19T13:36:23Z2025-05-19T13:12:59ZGNU Stow is used to manage configuration files for my Linux/UNIX tools and applications on all of my personal systems. The term “Dot Files” is a reference to configuration files for many Linux/UNIX tools that prefix their configuration files with a “.” (in other words a “dot”). I maintain the configuration files in a shared directory (~/Shared/DotFiles) that is replicated across systems using SyncThing. Stow creates a series of symbolic links from the standard and known locations for those configuration files to the actual location of the configuration files in the shared configuration directory.
These instructions in this post serve as a reminder to me on how I use Stow to add new configuration files in the shared configuration folder or to update existing files. Perhaps, this content can be helpful for you too.
TL;DR
Use these commands to link dotfiles using the Stow command:
$ cd ~/Shared/DotFiles
$ stow -v --target=$HOME -S PKG
The PKG parameter is a directory in the ~/Shared/DotFiles directory that contains a collection of related files and directories. For example, I have a series of files for my Bash configuration in the bash directory. To install those, use the following command:
$ cd ~/Shared/DotFiles
$ stow -v --target=$HOME -S bash
Use the same command with each package directory in ~/Shared/DotFiles to install the symbolic links for that package.
Stowing Dotfiles from a Shared Directory
Here is a simple example for using Stow to create a link to the configuration file for Starship.
$ cd ~/Shared/DotFiles
$ stow -v --target=$HOME -S starship
There is only one file to link: ~/.config/starship.toml
Here is another example to update the configuration files for Doom Emacs.
$ cd ~/Shared/DotFiles
$ stow -v --target=$HOME -S doom
Doom Emacs is unique in that it has configuration files that can be shared across systems stored in ~/.config/doom. However, it also compiles code unique to each system it runs on that can’t be shared due to machine instruction differences (e.g., x86_64 versus arm64 machine code). Doom Emacs includes a script to manage the packages used and the compilation process, which is separate from the configuration file management tasks using Stow.
Creating Package Directories for Stow
The collection of configuration files and directories that can be linked to with Stow are referred to as packages. You must organize the files and directories under the package directories as they should appear under your home directory.
Here is an example to create a simple package for a single configuration file:
$ cd ~/Shared/DotFiles
$ mkdir bash
$ mv ~/.bashrc bash
Just remember that the .bashrc file will be hidden since it is prefixed with a “.”.
Here is a more complicated example that uses the ~/.config folder:
Stow will create a symbolic link in the ~/.config directory named starship.toml which points to the ~/Shared/DotFiles/starship/.config/starship.toml configuration file.
Create your package directories so that they have a file structure that mimics the structure needed for Stow to create symbolic links to appropriate files and directories.
Using Stow
Stow is described in the documentation as a link farm manager and was originally designed to administer software packages. Its flexibility allows for this use as a personal configuration file management tool. For more information see the main Stow documentation.
Shared Configuration File and Directory Location
When using Stow, you should change to the directory where the shared configuration files are stored. In my case that is ~/Shared/Dotfiles.
$ cd ~/Shared/DotFiles
Once there, you can execute the Stow commands.
Hidden Files in Packages
The ~/Shared/DotFiles directory contains packages with hidden files. These hidden files are configuration files with file names prefixed with a ‘.’. Be sure to look for hidden files in those sub-directories.
Stow Options
There are several Stow options to be aware of.
Verbose Output
Use the “-v” option generate verbose output from the stow command. This might help with diagnosing issues.
Show But Don’t Do
You may want to see what stow would do before you want to make changes. You can use the “-n”, “–no”, or “–simulate” options to show the actions stow would take.
Set Your Target
Stow needs to know where to create links. Use the “-t DIR” or “–target=DIR” options to set the location where stow should build symbolic links to your dot files. In almost all cases, this should your home directory: $HOME. For example, I use “–target=$HOME”.
Stow Those Files
To create the links, use the “-S” or “–stow” option.
Unstow Those Files
To delete the links, use the “-D” or “–delete” option. This will delete previously created links.
Restow Those Files
Why would you ever want to do this? Well you need to cleanup some older obsolete symbolic links. Use the “-R” or “–restow” option to unstow/delete and then to stow the packages.
Adopt Existing Files
You can use Stow to take existing files and incorporate or adopt them into the DotFiles package structure. This might not do want you intend. Use caution with this option.
Version Control with git
You can use git or another source code management tool to track changes to the DotFiles packages over time. I have not yet implemented this, but I plan to document the use of git for this purpose at a later date.
]]>0ikawnoclasthttps://ikawnoclast.com<![CDATA[Scripting for Security Bash Course]]>http://ikawnoclast.com/?p=27412023-03-09T13:00:13Z2023-03-09T13:00:13Z
I have a new course available on Pluralsight. It’s a security analyst focused tools on GNU Bash and scripting. It is the first in a series of courses on Bash.
Scripting for Security with Bash is a technical course for information security analysts that need to understand the UNIX and Linux environment and use Bash as their primary shell and scripting tool. It is designed to be a quick introduction and focused on demonstrating how to use Bash for security operations and automation. (Course overview video)
In addition to understanding the detailed tasks associated with security operations, security analysts need a solid technical foundation. The role requires knowledge of systems that exists in their organization’s IT environment from desktops in offices, servers in far-away data centers, pervasive and distributed operational technology devices, and virtual machines in the cloud. Many of these systems are Linux distributions with installed with the Bash shell.
GNU Bash is the Bourne-Again SHell, which has been the GNU Project’s shell since it was released in 1989. It was designed to replace the Bourne shell, which was released with Version 7 UNIX. Bash is the default shell for most Linux distributions. Scripting in Bash is a common way to automate tasks on UNIX and Linux systems.
My course describes how to use Bash for security operations as a security analyst. I also show how to configure file permissions and ACLs, manage users and groups, use Secure Shell, and handle some security concerns with scripting. The Windows Subsystem for Linux (WSL) is a Microsoft-supported way to get Linux and Bash on your Windows system, so I show how to install and use WSL. There are seven separate demos included to show how to use Bash. I also included several scripts as examples.
Table of Contents
Bash Basics
Using Linux and Bash on Windows
Managing Security Concerns with Bash
Managing File Permissions
Managing Users and Groups
Running Commands Remotely
Please take a look and let me know your thoughts on this new course.
]]>0ikawnoclasthttps://ikawnoclast.com<![CDATA[Reconnaissance with Spiderfoot Course]]>http://ikawnoclast.com/?p=9532022-11-23T00:10:21Z2021-11-07T17:02:58Z
I have a new course available on Pluralsight. It’s another Red Team Tools course focused course on Spiderfoot. It is part of the Pluralsight Red Team Tools learning path.
While my other courses are a couple hours of content, the Reconnaissance with Spiderfoot course is 38 minutes. It is designed to be a quick introduction and heavily focused on demonstrating how to use Spiderfoot for recon in red team engagements. (Course overview video)
Reconnaissance is the first step when starting a red team project. Information must be gathered for the the target organization, including specific details about its connected devices, network block assignments, domain names and subdomains, and even physical locations for some engagements.
Spiderfoot is an open source intelligence automation platform. It utilizes more than 200 modules to gather information about reconnaissance targets. It uses an active intelligence gathering to directly interact and probe the target’s infrastructure. However, it’s real value is in its passive information gathering using a large variety of online open source intelligence sources.
My course describes how to use Spiderfoot for the reconnaissance phase of a red team operation. There are five separate demos included to show how to use Spiderfoot.
Table of Contents
Using Spiderfoot for Reconnaissance
Access the Shodan Web Site
Starting Spiderfoot
Initiate a Scan
Configure Modules
Use the Command Line Interface
Use Spiderfoot as a Red Team
Resources
Please take a look and let me know your thoughts on this new course.
]]>0ikawnoclasthttps://ikawnoclast.com<![CDATA[Reconnaissance with Shodan Course]]>http://ikawnoclast.com/?p=7362022-11-23T00:10:58Z2021-07-12T10:02:48Z
I have a new course available on Pluralsight. It’s a new type of course for me. My previous courses have been long-form courses. This one is shorter, tool-focused course on Shodan. It is part of the Pluralsight Red Team Tools learning path.
While my other courses are a couple hours of content, the Reconnaissance with Shodan course is 27 minutes. It is designed to be a quick introduction and heavily focused on demonstrating how to use Shodan for recon in red team engagements. (Course overview video)
Reconnaissance is the first step when starting a red team project. Information must be gathered for the the target organization, including specific details about its connected devices, network block assignments, domain names and subdomains, and even physical locations for some engagements.
Shodan is a search engine for internet-connected devices, not for human-oriented web pages. Shodan crawls the internet and indexes information about servers, desktops, printers, SCADA devices, mobiles devices, surveillance cameras, and many other systems with an IP address. It is an easy tool to use, with both web and command line interfaces available.
My course describes how to use Shodan for the reconnaissance phase of a red team operation. There are five separate demos included to show how to use Shodan.
Table of Contents
Reconnaissance with Shodan
Access the Shodan Web Site
Utilize the Shodan Command Line Tool
Use Plain Text Banner Searches
Use Search Filters to Refine Results
Explore Red Team Scenarios
Resources
Please take a look and let me know your thoughts on this new course.
]]>0ikawnoclasthttps://ikawnoclast.com<![CDATA[Metasploit: Getting Started Course]]>http://ikawnoclast.com/?p=7012022-11-23T00:11:35Z2020-09-05T15:01:50Z
I have a new course available at Pluralsight. It’s an introduction to the Metasploit Framework. In it, I focus on getting started quickly with using the framework. It’s a relatively short course (for me) at approximately two hours of content, including demonstrations. The course is called Metasploit: Getting Started. (Course Overview video)
This new course takes some of the original concepts presented in my very first Pluralsight course, Introduction to Penetration Testing Using Metasploit, and condenses it down to the essential information. It’s a style of course Pluralsight uses to get learners up to speed quickly on a new piece of software, platform, or service. Those type of courses focus on basic concepts and demonstrations to quick get the learner started. Later courses are used to expand their knowledge on more in-depth concepts and capabilities.
Table of Contents
Penetration Testing Ethics and Processes
Metasploit Framework Capabilities
Metasploit Framework Architecture
Installing and Configuring the Metasploit Framework
Preparing an Attack
Launching an Attack
Working with the Metasploit Framework
Summary and Next Steps
I hope you will check it out. I look forward to feedback on it.
Future Work
Since I left out a lot of information to keep the total length around two hours and the content focused on the primary subject matter, I am creating supplementary videos to address some of the missing topics and even cover some of the content in more depth. It will be similar to end notes and footnotes for a nonfiction book. Unfortunately, that type of content may be interesting to only 4 or 5 people in the world. However, I am creating it as something that I would love to have if I were the learner.
There are a couple more courses on Metasploit and Meterpreter in the works, so stay tuned for details.
]]>0ikawnoclasthttps://ikawnoclast.com<![CDATA[Introduction to Information Security Course]]>http://ikawnoclast.com/?p=6482022-11-23T00:12:06Z2018-09-04T21:33:30Z
I completed and published another course with Pluralsight. This time I was asked to create an introductory course for information security. It had to be high level. It had to be accessible to beginners that have little to no background in information security.
The objective of this course is to assist learners in understanding the foundational principles and the key concepts in security. I describe most of the program and management approaches from an organizational perspective. I used this method specifically so that learners can apply this knowledge to their current job and their organization.
Course Description
There are many components to an organization’s information security program. If you are new to cybersecurity or interested in getting started, it can be difficult to identify and understand all of the facets of protecting an organization’s information assets. In this course, you will learn about the information security programs used by organizations. First, you’ll learn about the foundational principles of security, such as confidentiality, integrity, governance, risk management, and compliance. Next, you will learn about organizational assets and how they are protected through the use of security controls. Then, you will learn about how auditing, monitoring, and testing is used to review and evaluate the effectiveness of those security controls. Finally, you will explore how organizations manage and prepare for security incidents, disruptions, and disasters and how they manage the day-to-day operations of a program. When you finish this course, you will have the knowledge and understanding of the bigger picture of information security.
Table of Contents
Course Overview
Security Principles, Governance, Risk, and Compliance
Protecting and Defending Assets
Auditing and Monitoring
Managing Incidents and Operations
What is the Learning Path?
This learning path is a specific set of Pluralsight courses on information security. These are Big Picture courses since they provide a wide survey (i.e. “big picture”) of relevant content in security. They are not in-depth courses but introductory ones.
]]>0ikawnoclasthttps://ikawnoclast.com<![CDATA[Penetration Testing: The Big Picture Course]]>http://ikawnoclast.com/?p=6212022-11-23T00:00:55Z2017-10-30T13:15:06Z
I have another Pluralsight course published. Still focusing on penetration testing, I was asked to create a high level overview course on the subject. Penetration Testing: The Big Picture was published on October 6, 2017 and looks at a wide variety of topics on penetration testing.
The focus in this course is to present information about pen testing that would be useful to those interested in learning more about it as a career option or training direction. It can also be useful for individuals and organizations interested in hiring pen testers or organizations seeking pen testing services.
As more businesses create, collect, and manage large volumes of customer data and provide access to that data through mobile apps, the Web, and IoT devices, there are more opportunities for that data to be compromised and stolen by nefarious individuals, criminal groups, and even governments. Organizations are struggling to improve the accessibility to and increase the value of their intellectual property while simultaneously protecting it from unauthorized exposure. As news in the past few years has shown, this is a significant challenge and many organizations lost control over their customer’s data and their own intellectual property. Penetration testing is one technique that organizations use to find and correct weaknesses in their network and systems before someone else does. First, you will learn how penetration testing serves as key component in an organization’s information security management program. Next, you will learn about the penetration testing process and techniques used to discover and exploit vulnerabilities. Finally, you will have a good understanding of the software tools, certifications, and other courses that can help you build your technical skills. When you finish this course, you will have the knowledge of how penetration testing is used to improve the security of a network and the techniques and tools used to conduct the testing.
Table of Contents
Course Overview
The Role of Penetration Testing in Security Testing
Penetration Tests
Penetration Testing Execution Standard (PTES)
Penetration Testers and Their Tools
Why Another Penetration Testing Course?
Most pen testing courses that I have reviewed focus on specific tools or a very narrow aspect of penetration testing. This course is intended to provide a wide overview of penetration testing showing how it is a part of security testing and how that applies to an organization’s information security management program. We also dive into the various types of tests from network focused testing to social engineering and up to physical testing (i.e. red teams).
Why the Penetration Testing Execution Standard?
This maybe a little more controversial. However, there isn’t a formal standard on penetration testing. There several documents describing pen testing in standards such as the PCI-DSS and NIST Special Publications 800-115. The Penetration Testing Execution Standard (or PTES) is an informal document, or more accurately a wiki page, that describes a lot of the aspects of a consulting engagement from starting the business relationship to the actual testing phases and final reporting. The PTES serves as a living document that can change over time as the field changes.
The PTES certainly needs some work in terms of organization of topics and editing. However, it serves as a good foundational document for the field to build on.
]]>0ikawnoclasthttps://ikawnoclast.com<![CDATA[Kali Linux Changes for the Introduction to Penetration Testing Using Metasploit Course]]>http://ikawnoclast.com/?p=5902022-11-23T00:12:38Z2016-12-30T14:11:11Z
I developed the Pluralsight course Introduction to Penetration Testing Using Metasploit using Kali Linux, which is a project from Offensive Security. Kali is a Linux distribution with most of the tools an information security professional would need. It is also a great platform for designing courses around because most, if not all, of the tools needed are installed by default.
The challenge is that Kali changes over time. Most of the times those changes are good and necessary to stay current and relevant. Of course, those changes often negatively impact ancillary products and information resources, including instructional courses. My Metasploit course is no exception. Revising an existing course that is already in use has its own challenges. Instead, I offer this blog post as a “living document” highlighting changes in Kali Linux that impact my Metasploit course. My hope is that if you run into issues with the course due to changes in Kali, you can find the answers here.
Kali Linux Rolls On
The Introduction to Penetration Testing Using Metasploit course was developed using Kali Linux 2.0. Unfortunately, I am not the fastest course creator. When the course was released by Pluralsight in June 2016, Kali Linux had switched to a rolling release model five months earlier. The benefits to the security practitioner were tremendous. To my course and students…not so much.
A rolling release is an approach to operating system distribution release management that relies on a continuous stream of updated and tested packages instead of a single release of packages at a specific point in time. Kali Linux is based on Debian, one of the older and more stable Linux distributions. Debian is continually updating software packages and those “trickle-down” into Kali rather quickly. This means that the Kali Rolling Releases will also have a lot of updated packages appear several times a week. For the most part, these package updates fix bug and security issues. However, those updates can also introduce new issues sometimes.
Overall, the Kali Rolling Release distribution model helps us, and I have no complaints about it.
Some of the issues that I and some students uncovered are related to updated packages. One issue occurs because a major tool was removed from the new Kali distribution entirely. I have noted the known course issues that have arisen in the new distribution of Kali Linux below along with solutions. The course remains relevant, and these notes should help you complete the course without significant tool problems.
I hope this helps!
Package Upgrade Notes
In the course, I have you run apt-get dist-upgrade and then proceed with the installation and configuration of the system. In the Kali Rolling Releases, the package upgrade process installs a new major version of the Linux kernel. There is a version number difference between the running kernel (the one the system started up with) and the kernel installed in the upgrade process. This causes issues later when you need to install the kernel header files package because the command used (uname -r) lists the running kernel version and not the new one that was just installed.
To overcome this problem, just reboot the system after installing the upgraded packages. The system will boot with the new Linux kernel and the header file version mismatch goes away.
There are also older software packages that are no longer needed once the system software packages are upgraded. Use the apt-get autoremove command to clean those software packages out.
Once the system comes back up, you can continue with the installation of VirtualBox Guest Additions and kernel header files.
OpenVAS
The biggest change that I noted in the Rolling Releases of Kali is OpenVAS is missing. OpenVAS is the Open Vulnerability Assessment System that we use in the course to find and identify vulnerabilities in target systems. It is gone from the base Kali Rolling Releases, but it can be easily added. Before you are ready to start the configuration of OpenVAS, install the OpenVAS software packages and its dependencies. It’s just one command thankfully.
# apt-get install openvas
After determining all of the software packages that will need to be installed, apt-get will ask whether you want to proceed with the installation. Type a ‘y‘ for “yes” to proceed.
The installation will also display the following query related to the openvas-scanner package and the REDIS database configuration:
Query displayed when installing OpenVAS.
Select the “<YES>” answer and hit return.
Once apt-get completes the installation of packages, OpenVAS is installed and you can proceed with the initial configuration of OpenVAS using the instructions in the course.
I have not yet found the reasons that OpenVAS has been removed from the Kali Rolling Releases. If you know, please tell me.
PostgreSQL
When all of the software packages are upgraded, you will encounter a warning that looks like the following:
Warning message for PostgreSQL
The message indicates that there are two major versions of PostgreSQL installed and that there could be conflicts. The message suggests upgrading the 9.5 PostgreSQL database instances to version 9.6 and removing the PostgreSQL 9.5 software packages.
For the purposes of the course though, PostgreSQL works just fine without changes. Ignore this warning and continue with the Metasploit database configuration as described in the course.
If you are building a full pen test workstation for regular use, follow the instructions in the warning message.
Other Issues?
These are the issues that I have found and fixed so far. There may be others that you find while using the course. If so, please let me know.
]]>0ikawnoclasthttps://ikawnoclast.com<![CDATA[Metasploit and Pentest Discussion on Test Talks Podcast]]>http://ikawnoclast.com/?p=5772022-11-23T00:00:09Z2016-09-21T10:29:48Z
Joe is a fellow Pluralsight Author and host of the Test Talks Podcast, which is a weekly podcast all about software test automation.
We discussed concepts in penetration testing, Metasploit and its auxiliary modules and OpenVAS for vulnerability scanning, Meterpreter for post-exploitation activities, ethics in the use of tools like Metasploit, and Kali Linux.
Check out this episode and other episodes from Joe Colantonio and the Test Talks Podcast.
