Pentestit.ru noobs guide

Pentestit.ru noob guide

Whilst I’m a “blue teamer” (I specialise in the defensive side of InfoSec), I do enjoy doing Pentesting challenges both for fun and because “know your enemy” & “always think like an attacker” are invaluable bits of advice for any defender.

One of my favourites is Pentestit.ru Labs which closely mimic real environments you may come across in actual pentests and are designed in such as way that whilst they have a gentle learning curve, they normally require you to have decent IT and security fundamentals, rather than being aimed at people who have installed Kali and are watching “How to be a hacker” YouTube videos.

However, for the last year or so I’ve been sat in the pentestit.ru Telegram channel and whilst there are and awful lot of very knowledgeable people in the channel (far more knowledgeable than me, many are professional pentesters or prepping for things like OSCP exams) there are also a lot of people who join the channel that are really struggling with the basics. So I thought I’d put together a quick FAQ for those guys.

Do I need to use Kali Linux?

No. In fact, I intend to do the next lab entirely from a Windows Box to prove it’s possible (and because I love Powershell). However, if you’re asking that question, I strongly recommend you do as it’s probably the easiest starting platform to attack from.

Do I need to use PentestIt.ru’s downloadable Kali VM?

Again, no.  I’d wager almost everyone completing the labs is doing so using a vanilla Kali build. The only difference with the one on the Pentestit.ru website is it come pre-configured with everything you need to connect to their vpn.

If you’re going to struggle connect to a vpn from Kali when then instructions are on their website, you’d probably be better spending your time reading some linux vpn guides first.

The vpn is connected and I can ping their gateway machine(s). Now what?

Start your pentest! Normally these labs only start with one (or possibly two) gateways machines exposed, so don’t expect to be able to access the servers behind the gateway directly. However, usually these labs do have port forwarding set up for some services, so for example hitting port 25 on the gateway machine is likely to be forwarded to port 25 on the “email host” on the internal network.

You’re normally looking for some way to compromise the gateway machine (or some machine port forwarded to from it) and then pivot to the internal hosts.

I’m on the vpn, but I get disconnected constantly. Why?

Check you don’t have more than one vpn connection active to their labs as this will normally cause them to disconnect. Failing that, check out the Pentestit.ru Service channel for service outage notifications.

I’m on the vpn, but I get disconnected hourly. Why?

Many of the hosts reset on the hour. so may disconnect you and remove any changes you have made. This in intentional. If you have something running on a host that takes over an hour (i.e. some kind of brute force attack) you are probably approaching the problem in the wrong way.

I used “<insert tool name>”  and it found nothing. Why?

One of the great things about these labs is that they are often engineered to make life harder for people using automated tools (especially with the default options) and easier on those actually doing the attacks manually. So, just because sqlmap fails to find an sql injection point, a given password isn’t in the default john the ripper list, nmap doesn’t find an open port on a default scan or a folder isn’t found by dirb doesn’t mean that that approach isn’t going to work. The lab designers know these tools well too and want to give you more of a challenge than “can you run the right tool with the default options”.

How do I get admin/root?

I’m sure they’ll prove me wrong at some point, but it’s not likely you ever need admin or root on a host to get the token. This actually makes sense, as with root access you could easily screw over the challenge for other people. However traversing between users with different privs is quite common, often using techniques more commonly associated with escalating to root.

I’m stuck, now what?

Try Harder!

Seriously, that’s probably the first response you’re likely to get in the Telegram channel. Possibly with a link to this

It’s good advice. Go away, make a coffee, have a smoke, play Hello Kitty Island Adventure … whatever works for you. We’ve all got stuck on a challenge, then come back later with a fresh bunch of ideas.

But keep trying. These challenges are usually pretty logical and based on real world exploits, so take what you know about the situation and go hit the books (or google) and see if there is something more to learn.

Seriously, I’ve been trying for days, now what?

Well, the telegram channel is always there, but most of the people in it try to keep it spoiler free, so the usual etiquette is to ask for somebody to DM you about whatever you are struggling with.

Also, once the winners of a challenge are announced, people start publishing their solutions, these are great for getting you past you’re current hurdle, however, be very cautious as once you’ve cheated and taken a peek that first time, it becomes much easier to cheat every other time.

I’ve finished this lab, now what?

Try this list, or come hang out in the telegram channel and see what others are currently working on.

Obviously Disclaimer: I’m not part of the pentestit.ru team, just a fan of their work and this does not constitute official pentestit.ru documentation or is in anyway endorsed by them

Powershell based Plex “Local Player”

So, imagine a scenario where you’re trying to give a presentation on a customer’s PC, what you are trying to show is a video on a remote Plex server, but the customer’s PC is so locked down (whitelisted apps only) that whilst vlc will work, a web browser won’t! Seriously!!!

However, powershell did work and that gave me a way in.

So, what I thought wouldtake just a few simple lines to download the file from the plex server and play it through vlc, actually became a bit of an epic.

Therefore, in case anybody ever gets stuck in the same hole or wants some sample code demonstrating to do take “streamed” content and convert it back into something a media player will play locally. The code is now on github at https://github.com/glennpegden/PlexLocalPlayer

To use it just pass in the URL of the video details page in Plex, your plex username andpassword and the foldername to dump the video into (also optionally the paths to ffmpeg and vlc, or you can redefine these at the top of the script)

e.g.
.\PlexLocalPlay.ps1 “http://app.plex.tv/web/app#!/server/01380a5c2c9b4290-9c1136b6882a65c1/details/%2Flibrary%2Fmetadata%2F12345” “user@email.com” “yourplexpasswrd” “G:\Users\Glenn\Downloads”

Disclaimer: I’ve no idea if interacting with Plex is this way is against their terms and conditions. I’m also not sure any of how I’m doing it is “the right way” because it was reverse engineered by examining how the Plex Web Player works on a laptop rather than from any official documentation. I’m also not responsible for how you use it. My use case was to download marketing material that I was allowed to distribute, I imagine doing this with your family’s blu ray connection may be illegal in many places.

For anyone writing your own version of this, a few things about the design.

The convoluted background download. This is to address two problema.

  1. The Plex server seems to time out connections, even if they are happily delivering content. Their own web player gets around this by hitting a “ping” end point as a keep alive, we have to emulate that.
  2. Invoke-Webrequest is nice and simple, but it loads the entire downloaded content into memory and saves it upon completion. Fine for tiny webpages, a disaster waiting to happen for huge files. BITS would normally be my go to alternative (BITS support in powershell is great), but it needs a Content-Length header from the server, which we’re not going to get from a stream.

    So, we have to use .net functions to stream the content into a file, in a background task, so the foreground task can hand the keep alive.

    Potions of the stream downloading code are based on this blog post – https://blogs.msdn.microsoft.com/jasonn/2008/06/13/downloading-files-from-the-internet-in-powershell-with-progress/

I also added some hokey support for roughly passing back the progress, but as we only know the size of the file on the remote OS and who knows what the transfer/transcode is going to do with it, it’s far from accurate. It also only updates once every 15 seconds (which is how often the keep alive is sent). Really, only consider this as an indicator something is still happening, not a real estimate of progress.

Obviously simply saving the stream to a file doesn’t generate valid video file, however ffmpeg does a brilliant job or repairing it (or has done in all my tests at least, your mileage may vary).

Enjoy!

Online Anonymity, Privacy and Risk Evaluation

I got into a conversation the other day about why I, as a massive supporter of the right to online privacy, still tended to use my real name online, in places where a more anonymous handle would be more than acceptable.

You’d have thought as somebody quite proficient at OSINT (Open Source, Intelligence,  the art of finding information, particularly relating to people, from public information sources), I’d have taken every opportunity to grab a little anonymity, especially as my real name is almost certainly unique in the world.

It comes down to risk vs reward. Understanding and mitigating the risk is crucial.

If you know my real name (which is pretty obvious from the domain name of this blog) then there is already loads of freely available information out there on me. I bought domain names in the 90s, back when a real postal address was mandatory (they even sent you a physical certificate of ownership) and I used to run a business out of my house, so it was a legal requirement to have my business address on any formal paperwork, so finding my home address is trivial.  I couldn’t find anywhere leaking my date of birth online but I’d bet there is some site I’ve entered it into (back before I thought to lie about it) which now leaks it publicly. Similarly, I get so many requests for genealogy info that I’m sure somewhere discloses my mothers maiden name. There are also documents I wrote at University on what is now called Cyber Security with my name on that I now wish didn’t exist, that highlight my security “white hat” has been bleached over the years.

That information is all out there. The genie is out of the bottle, it’s never going back in. So, you’d think that was ever MORE reason to hide my real name online? Not really and it’s all down to understanding and managing that risk.

If I operate under a pseudonym, I have a new risk. The risk of some detail linking the anonymous me to the real me. I’m going to be in the same physical location as my anonymous self, probably using the same computer, browser and internet connection, I’m going to have similar views, knowledge, understanding, frailties and experiences, the same grammar mistakes, the same typing patterns the same mouse movement patterns.

As mass tracking and analysis of both data and metadata becomes easier and more prevalent, the chances of me accidentally revealing a link between my real self and my anonymous self increases and once somebody makes that link, there is no point being anonymous at all.

What’s more, the ability to operate under a pseudonym means I’m more likely to reveal additional information than I normally would under my real identity (even if only subconsciously), increasing the risk even further. The instant all the content you wished to keep anonymous is linked back to your real identity you’re essentially stood there with a big sign saying “this is the stuff I didn’t want you to know was by me”.

To further evaluate the risk, you also have to understand that data can last forever and who can access this data over time changes. It’s not about who can see your private content now, it’s about who can see it in the future and then associate it back to you.

Back in 2006, I was in Amsterdam mainly to watch Feyenoord vs Blackburn Rovers, but I also visited the Amsterdam Museum (despite the cliche, not all English football fans in Amsterdam just hang out in De Wallen drinking beer and smoking weed) and read a fascinating but terrifying account of the Nazi occupation of Holland in World War 2. The dutch, quite sensibly, had collected everyone’s religion as part of the census, to ensure that in the case of their funeral being organised by the state, an appropriate ceremony was performed. However, after Nazi occupation, this same list has a whole different purpose.

The details you put online are no different. Just because you trust a website to responsibly keep your private data private, what if they are sold, hackedpressured by a nation state or have a rogue or sloppy employee?

I therefore operate under the assumption that EVERYTHING I put online can potentially end up in the wrong hands one day.

That doesn’t mean that I instantly post everything public, just because one day people might see it anyway, but it’s always a thought in the back of my mind when I post.

So, I’ve given up on online privacy? Hell No! It’s important to realise anonymity and privacy are not the same thing and the right to privacy is an important right to have, even if I choose to waive it.

Just because I feel one day, a hack, leak or change of government could see my emails/PMs/Skype calls etc being put in the wrong hands, doesn’t mean that I want to share them with everyone right now.  It’s precisely because anonymity is mere obfuscation that gives people a false sense of security that I think privacy is so very very important.

For example, my twitter account is public, this is my choice and I know anything I post on there can be seen by the entire world in perpetuity, so it tends to be limited mostly to conversations about tech, football or politics. Facebook however, I have configured to be more private,  that doesn’t mean I’ll post anything incriminating or particularly personal, but it will give you more of an insight into my daily comings and going, my social life and particularly upcoming and current events I’m attending. This includes data that may be of some value ahead of time (i.e. to allow you to break into my house, or scam my friends/bank etc into believing I’m stranded abroad without money) but virtually zero value after the fact. Therefore as long as I can trust Facebook to keep that data private for a short period, the risk is much smaller.

But privacy in the modern world is tricky. It’s 16 years since of the launch of PGP and almost 3 years since google announced End to End, but there is still no practical way for me to send an email to any non-technical friends with the belief that nobody other than them will ever be able to read it. End to End (E2E) encrypted messengers like Signal, Telegram, WhatsApp and even Facebook Messenger are great, but do I really trust my phone and computer operating systems enough to  be sure the message wasn’t snooped on when it’s decrypted and even if I did, is it reasonable to expect my mum to install a new messenger app, when it’s unlikely I would ever say anything I’d couldn’t be overheard saying to her in the street?

And what of systems that don’t purport to offer E2E encryption? I love slack, but even if their data is encrypted both in transit and at rest as they claim, they can still be decrypted and subpoenaed. The tech simply isn’t there yet to make privacy EASY and that’s the way both corporations (who sell you data) and government agencies (who use is for surveillance purposes) like it.

Which brings us back to risk vs reward. In much the same way to only truly secure a computer is unplug it and encase in in concrete, the only way to stay truly private online is to never be online, However, if you want the rewards being online brings, the have to accept the risks. But, when you understand the risks, you can start to mitigate them somewhat.

There is always a risk and E2E encrypted chat could still be made public, but it’s certainly less risk than some public forum with an unknown operator who may be doing anything with your data to fund their project, even if you are operating under some veil of anonymity. There is a chance the government’s mass surveillance data could be compromised, but it’s much more likely that dodgy service that provides you with free PPV films and sports will have their subscribers details made public. There is chance your slack logs may be subpoenaed, but there is a greater chance you’ll leave your PC or phone unattended and logged into slack.

Risk vs Reward, but make sure you understand ALL the risks. Not just the immediate ones.

My advice – Choose your tools and sites wisely, choose what you say online and who you say it to wisely and work with people like the Open Rights Group and EFF to ensure your right to privacy is a legally protected right.

InfoSec Posts

A change of circumstances means I am able to blog about InfoSec related topics again (having previously removed all the old posts) !

I’ll probably start with a few write-up of the InfoSec Pentest Challenges and CTFs I’ve done recently and them something on how to set up and ELK stack as a super-low-cost SIEM system.

I can also announce that I’m getting on the the Pentest Challenge Bandwagon by building my own VPN of hosts with simulated vulnerabilities, but in this case the novelty is that we’ll be focusing on long dead OSs such as VMS, OS/2, SCO Sys V, PR1MEOS etc. More news as it happens

Disneyland Paris 1/2 Marathon (Part 3 – Race Day)

So, race day. Firstly, having to wake up at 5am for a race is no fun, waking up in a Cars themed hotel room and having somebody interrupt your race-day prep to take pictures even less so, especially when you know the photographer is going back to sleep for another few hours, hence the grumpy/asleep face

img_20160925_055620594

This picture illustrates where mine and Dom’s attitude to the race had differed, he’d raised a load of money for charity, and was going to have a great time. I was now a club runner who was going to set a good time (or at least hoped to), so shorts and vest at 5am it was.

I say Dom was going to have a good time, he looked about as happy as I did about being awake at 5am, only he’d realised he was now going to spend the morning in a Tigger Onesie

14435000_10100307919091702_2871977039754512637_o

About half five I left the hotel room, and started scoffing down bananas, cakes and whatever else why lying around the hotel room (the hotels were all full of runners, but Disney didn’t think doing a pre-race breakfast shift in the restaurant would have been a good idea) as I walked the mile or so to the start I was joined by more and more runners

img_6099

and more

img_6100

and more

img_6101

It was only when I got to the back of my starting pen I began to realise just how many people were running

img_6105

Even though the planned start was over an hour and a half away, I could barely see the start line, so I slowly and gently worked my way forward.

I wasn’t much closer when the first runners went off, what’s worse an hour after the first runners had set off, I’d still only made it to here, but at least now I could see the start.

img_6107

As you can see, it was light by then!

The start(s) were also a little bizarre, they were breaking people off into groups or 20 or 30 and doing little countdowns to have a race-start with each group. I’m sure there was a practical reason for it, but just added to my annoyance as I was beginning to realise there was a real chance people would finish before I set off.

csztghfwgaav1ui

Now, like any sane person, my photos stop between start line and finish line. But this is Disney, this is not home of the sane. The first couple of miles wound through the park (before it was open) which was actually very very cool, but at every few hundred meters they had Disney characters you could have your pictures taken with and people where doing … and they were queuing for the privilege! It wasn’t just the characters, every km had a different Disney themed banner and people were queuing to take selfies with them too! I guess it’s a Disney thing, but I just didn’t see the point of adding 5 minutes to your finish time  just to get a pic of me stood next teenager is a giant Donald Duck costume.

It was pretty cool though. Every Disney ride, shop and attraction had it’s staff out front cheering people on and they were making a real effort,  thought I won’t pass comment on the fact that one of the biggest queues for pictures was actually as we were leaving the park through a maintenance exit and Disney’s own fire crew were there to cheer everyone one! What is it about firemen?

It was round about that point that I’d realised they’d screwed the start up more than I expected, as I’d been passing hundreds of runners, many already having to walk, then (not for the last time that day) I hear “alreet Glenn” from a giant West Yorkshire Tigger. Hang on I thought, even at the 3hr ETA I put on my form (that I was now expecting to smash), I should have been a long way ahead of Dom who was genuinely worried about the 16 min mile sweep vehicle (he didn’t  need to be as it happened). Had they really let blocks D and E go ahead of block C, it certainly seemed so!

Still, I was running against my own watch and setting off with a bunch of people running way slower than me (rather than faster, like normal) was probably exactly the start I needed.

As we left the environs of Disney itself, we headed off into some very typical and rather pretty French countryside. A hand full of marshalls and locals were scattered along the route, but I was generally enjoying the scenery (which was nice, even if it was a dual carriageway Disney bypass road). As with many races there were the odd jobbing bands at various points, but special note goes out to the two didgeridoo players accompanied by a human beatboxer, I lost a good couple of miles contemplating that one.

Whilst the main section of the course was a big loop leaving one side of the Disney site and re-entering the other, there were quite sizable sections that looped back on themselves, allowing you to see the runners coming the other way, several miles ahead/behind of you and whilst a staggeringly high number of runners were in fancy dress, I did spot a few traditional UK club running vests, in amongst the myriad of Minnie Mouses and Marvel Characters. I also saw Dom again, who was moving well, albeit a few miles behind me.

The drink stations were plentiful, well stocked, with little bags of surprisingly succulent slices of apple being a pleasant addition to the power bars and isotonic drinks.

About 9.5 miles saw us re-entering Disney environs again, by looping around almost all of the resort hotels, where I was given a bit of a lift by my wife and son taking advantage of the meandering route by popping up to cheer me along a three different points within about a mile and a half.

img_20160925_093853724

Sadly you don’t re-enter the actual main parks on your return (I understand the logistics of this make it impractical), so after a trip down the main Disney shopping Boulevard, it’s a sharp left back into the far less magical Expo Centre Parking Lot to the finish line, which was off limits to non runners. Again I understand the logistics, but after such amazing support on the way around, having virtually none for the last half mile felt odd.

Still, it didn’t matter to me, I’d done it! I’d got around! I wasn’t in an ambulance or a sweep car, I’d got around under my own steam. Then I looked at my watch, 2:12, MUCH quicker than I expected!

3EB46000-6206-408B-B294-B4019231CD69

There were 2 stings in the tail though, the first was in an attempt to make Disney more special that a normal half, they medal they dropped around you neck was more akin to a ships anchor! Trust me, after 12 miles, you felt every ounce.

img_6110r

Now the second sting, the more observant of you may have spotted, I certainly hadn’t at this stage

It was only after the adrenaline had worn off and I was back in my hotel room, about to jump into the bath ….. I’d forgotten the Vaseline and now both me and my new Pudsey Pacers vest were a bit of a bloody mess.

img_6111

So, in summary, it was special to me because mentally after that I consider myself a runner again, rather than a fat lad doing some jogging and the magic of Disney does as a certain something to events, but I can’t see it being one for seasoned runners who aren’t partial to the World of Disney.

 

Disneyland Paris 1/2 Marathon (Part 2 – Disneyland)

So, fast-forward a few weeks and I’m in Paris, up to now, bar one “bad” 13 mile Sunday training run (where I’d fallen apart at 8 miles) my preparation had gone great, well apart from two long days in Disneyland with super-excited three year old wanting to sit on my shoulders for hours on end

img_5913-copy

and more junk food in 3 days in than I’d eaten in 3 months. Especially overpriced gimmicky junk food

img_5956-copy

Ok, I’ll admit, my inner 9 year old loved eating Jedi burgers watching a live action Star Wars show.

It wasn’t that grueling. I’ve done the two US Disney parks as an adult and rather enjoyed them, but doing them with a 3rd year old is just magical (if very very tiring).

Moments like this
img_6128-copy

and this
img_20160925_123119435_hdr

were so special to him, that I didn’t mind multiple rides on the teacups, it’s a small world (the most horrible saccharine sweet experience in the world, bar none) and the Pirates of the Caribbean when secretly I wanted to sneak off for a go on Space Mountain.

I did manage to sneak off the day before the race to the Expo centre to pick up my number, race T-Shirt and and wander around a couple of dozen stands selling various bits of running and general fitness paraphernalia.  Wandering through the middle of the exhibition I spotted somebody I recognised giving a talk (in French) to about 20 or 30 people.

img_5960

It wasn’t until the TV behind her changed that I clocked who I was looking at.

img_5961

What I didn’t realise was she speaks impeccable French, so whilst she had a translator on stage with her, she took and answered most questions just in French. My rather rusty GCSE French couldn’t keep up, I worked out she was very happy and something about doing a marathon with her dad, Had she wanted to book a hotel room with two beds and a bathroom, wanted to know where the beach was or even wanted to know where the monkey is, I may have understood more of what she was saying.

 

Disneyland Paris 1/2 Marathon 2016 (Part 1 – The road to Disneyland)

So, Sarah from Pudsey Pacers asked me to do a write up of the Disneyland Paris 1/2 Marathon and as she’s kind enough to coach the group I run with twice a week, there was no way I could refuse.

Important Note: This got massively long (so big I split it over 3 posts), if you just want the summary. 14 stone and inactive to 12 stone “runner” who did 2:12 my first half marathon since the early 90s. Disneyland Paris is an amazing place to run, but not without it’s drawbacks. The American’s I met afterwards said the US Disney runs are much better organised and feel much more special, but it felt pretty special to me, especially the first 2 and last 3 miles which were through the Disneyland Parks & Hotels themselves.

So, I’ll start with a little backstory, mid June to be precise, I was a 14 stone IT geek with a penchant for real ale, fried food and avoiding exercise. But I was finding out that being the dad of an energetic 3 year is really really tiring, especially when even chasing him up the stairs would leave me out of breath. I needed to get fit.

Now I’d been a very active runner in the mid 80s to early 90s, But that had long since stopped. I’d had numerous attempts to get back into running over the years, but bar a couple of 10ks with woefully inadequate training, I’d never managed it, so I had gone from this

080811-03

to this

img_1496

After returning home from a day at a beer festival and a little full of dutch courage, I spotted a social media post from my mate, fellow geek and comedian Dom about his entry for the Disneyland Paris 1/2 Marathon. My brain went into overdrive, I’d really wanted to take my son to Disneyland and Paris is an obvious first park to do with him, plus if Dom’s doing it, well he’s even heavier than me and probably does even less exercise (I was wrong) , what’s more I was a runner once, I can get into shape, it’s only June and October is ages off.

So having woken up the next day with a hangover and some very expensive family tickets to Disneyland Paris, a race entry, a wife that would never forgive me if I didn’t get fit in time and about a week to convince a doctor I was fit enough to run (a doctors note stating you weren’t likely to die trying was a prerequisite for registration), it suddenly dawned on me what a stupid thing I’d done. Deciding to do a half marathon in less than 4 months whilst drunk, and unfit is a stupid idea. But the fear of the wrath of my wife and disappointing my son were big enough motivators

So after the disheartening realisation during my first couple of runs that I now couldn’t get around a mile loop without stopping, things slowly started to pick up. Very very slowly, but after a few weeks I found the two mile loop around my village was occasionally doable without stopping to walk, but 13 miles still seemed like an impossible task.

It was about this time that somebody mentioned parkruns to me, knowing I was nowhere near fit enough for any kind of race but missing the company of other runners I gave it a go (with the lovely people of Oakwell Hall) and even though for the first couple of weeks I had to walk parts of the course, I found something that had been sorely missing every other time I’d tried to get back into running … I was enjoying myself.

Soon I started judging my runs by how far I could get without resorting to walking and that soon passed 3 then 4 then 5 miles,  I might be plodding along at 12 min mile pace, but I wasn’t walking. I’d promised myself once I could do 10k in one go, I’d look for a race to enter. However when that day came, I couldn’t find a convenient 10k in the near future, so got brave and set my eyes on the 10 Miler in Lancaster.

Why Lancaster? Why that race? Well, it was where I was living last time I was actively running, I still have family there and the course in question was the location of my proudest moment as a runner (in roughly 1989) when I broke the hour for 10 miles. I knew the course, I knew it was fast and flatish and I knew it would be fun to say hello to some folks who hadn’t seen me in 20+ years.

I ended up doing much better than I thought and found out three amazing things

1. I’d got so used to running with headphones on with runkeeper telling me my splits that suddenly running in a big field without it, I found I went off far quicker than I intended. However it meant that when I worked out how fast I was at half way and that I still felt ok, I pushed on even harder!

2. Jellybeans are a thing (well, a running thing) and they actually work!

3. It gets quite lonely at the tail end and having a marshall ask “do you think there are any more after you” is quite disheartening, especially when you’re doing much better than you expected.

I ended in doing it without stopping (which was a big mental boost as it was 3 miles further than I’d done in training) in 1:45:10, which I was very happy with and I was 154 of 171, which I wasn’t so happy about. Official Results are here.

By now I’d stopped worrying if I’d get around a half marathon without dying and actually started training that includes shorter runs to work on my speed, rather than just my distance, I stopped wearing my headphones for everything bar my long Sunday runs and actually started to look forward to Disney. Also mainly thanks to eating sensibly and calorie counting for the fist time in my life,  I’d lost 2 stone!

I also started to think about hat I’d do after Paris. There was a real risk of me reverting back to being a fat lad on a couch again and whilst the Park Runs were fun (and almost every week was a new PB) they weren’t enough to keep me motivated to go out training alone on those dark winter nights.

As luck would have it, the night before a Park Run, I’d been looking for a local running club and whilst there wasn’t one particularly close to where I lived, Pudsey was probably the closest and not far away. So I was a bit surprised when the following morning PP did a take over the Oakwell Hall Park run. After a couple of minutes talking to some of the runners afterwards, I was sold!

Nothing to see here

Don’t expect to find much here. I’m normally too busy doing stuff to write it up afterwards.

Stuff that is currently taking up my time

  • Being a dad and husband.
  • Getting fit and slim again. I’m back running again and I’m on a serious diet for the first time ever.
  • Taking my lifelong hobbyist interest in Infosec and expanding it to be useful in my day job.
  • Running BRFCS (I’m currently working on a relaunch for the new season).
  • I still have a little free time for gaming and the cinema, but nowhere near as much as I used to.