2020 Mar 16

AXIOM Framework logo

Today I released an open source knowledge management framework for organizing, sharing, and getting the greatest possible value from one’s knowledge of command line programs. In this relatively shorter post I describe why I created it, how you might benefit from using it, and what I learned from building and releasing my first publicly-available software project.

Personal Motivation

I’ve spent countless hours learning so many aspects of cybersecurity, and I have no intention of slowing down. The abundance of learning resources available (training courses, conferences, blogs, books, open source tools, online labs, etc.) for security professionals is staggering, but if you’re not reinforcing the skills you learn through routine, hands-on experience then it can all be forgotten.

I have an effective note-taking methodology for much of my training and learning endeavors, but I found that traditional approaches to taking notes were preventing me from being hands-on specifically when learning and using command line programs. It didn’t matter how diligently I wrote my own notes when reading a book or taking a training course. In the end, if I forgot how to use a certain program I had to search through unstructured, free-form text, find any instructions I wrote, and then try to adapt them to the task at hand if possible. It’s certainly better than having no notes at all, but it’s particularly wasteful when you’ve done it more than once for the same program. I started to think about taking all of the ‘instruction-like’ details out of my notes, and placing them into their own files (one file per program), but I wanted something that could do even more.

Necessity is the mother of invention. It was clear that this need could make a good starting point for my own coding project. I had learned the basics of reading and writing code in school, but I never applied those skills to any real-world projects until I entered the workforce. Even then, I’ve never been a professional software engineer, and, historically, many of my work assignments that required coding were fairly boring. I wanted to work on my own project so that I had to learn what was needed in order to solve the problems that I cared about solving. I was also curious to see how far my motivation and personal discipline would carry me in the absence of any specific incentives aside from solving those problems and feeling proud of the product of my efforts.

Black text on a pale command terminal background

Through this project, I have the means to provide something valuable directly to my professional peers in cybersecurity and students or other practitioners in the field. We all want to see the state of security improve, and expanding our contingent of knowledgeable, capable “good guys” is an important objective toward that end. If I can play even a small part in making that happen, then I’ll count it as a personal achievement.

Better Results Faster

When I started this blog, I spelled out my vision for how reading it could benefit other infosec professionals. Specifically, I said that it could enhance your arsenal of tools, help you integrate new knowledge, and turn that knowledge into capability. Creating and releasing AXIOM Framework is one way in which I hope to deliver on this expectation.

Using AXIOM Framework doesn’t merely increment the number of tools at your disposal by one. It gives you a data model, interface, and set of functions to learn, use, experiment with, and master a near-limitless number of arbitrary command line programs for any platform. By storing the instruction-like details about CLI tools in a structured format you can maximize how efficiently you reference commands and execute them at whatever prompt you find in front of you.

You can use AXIOM Framework to recall and run thousands of complex, multi-input commands for hundreds of tools, each of which may use a different syntax, while conserving time and keystrokes. It also supports interactive programs too, so you can automate tasks that would otherwise require repetitive, manual, interactive input.

When a new command line tool gets released you can add the instruction-like info to your own custom “toolkit”, and AXIOM Framework will integrate and present it in a unified, discoverable interface along with all the other tools and commands you’ve added. It also outputs command text to the screen so you can copy and paste into other prompts or programs such as while writing a script file, using an existing command execution interface, or providing payloads to a GUI program.

Lessons Learned

Working on this project for quite a while, and looking back on all the high and low points throughout my progress, has taught me a few valuable lessons that I’ll take with me to my next venture:

  1. Know (then push) your limits. Understand time commitments. Take breaks when needed.

  2. Be selective. Time is finite. Choose features that maximize returns on your time investment.

  3. Accept incremental progress. Know what “done enough” is. High quality != absolute perfection.

  4. Do what you love. Life’s too short for anything less. Know when it’s time for a new adventure.

Build Your Something

When I started blogging I also set out to inspire my peers to build their own “somethings” too. This project has completely consumed my focus and free time for the past few months, and I’d be lying if I said that juggling it along with all of life’s other demands was anything close to easy. That said, there’s no substitute for the profound feeling of accomplishment from creating something from nothing. It requires tremendous effort, and it’s absolutely worth it. Thanks for reading!

Mike Iacovacci
Mike Iacovacci is an information security professional specializing in endpoint security, intrusion investigation, and security research. His efforts have prevented serious security incidents and continue to disrupt cybercrime operations and sophisticated threat actors.