Category Archives: random thoughts

A Black Hat Python Easter Egg?

My good friend Justin has released his second book on using Python called Black Hat Python (you should buy a copy or two from http://www.nostarch.com/blackhatpython).

I was fortunate to be a tech reviewer for the book. I learned so much from Justin and from the real tech reviewer, Dan during the development of the book. Thank you Justin and Dan.

For the section on Paramiko, I created a diagram to explain SSH tunnelling. Unfortunately, my original diagrams wouldn’t show up very well in printed format so I thought I would share them here.

SSH forwarding Tunnel

SSH forwarding Tunnel

SSHreverseTunnel

SSH Reverse Tunnel

 

Christmas Challenge 2011

Well….I didn’t win the annual Ed Skoudis and friends Christmas Challenge (http://pen-testing.sans.org/blog/2012/01/26/holiday-challenge-2011-winners-answers) but thought I would share my solution anyway.
Please fell free to sing along…………….

Well now Rudolph was frantic
cause Grandma was missing
The police thought he did it
His iPhone confirmed it.
The GPS on the phone
Matched a jpg showing Grandma’s coat alone.

Rudolph heard little Timothy
interrupt and tell the court.
He had found some evidence
but did not know how to parse it out.

Cupid had mad Wireshark skills
and went right to work.
The first thing that he noticed
was an email and a doc in Word.

The email revealed a secret plan
that Grandma had cooked up.
She planned to frame Rudolph
and topped her insurance up.

The capture showed a fatal flaw
with Santaslist PHP.
Grandma took over MyDNS,
by hacking her some Apache.

Then with trojaned updates
and the DNS manipulation,
SQLite was used to add
the damning CellLocation.
Rudolph was proven innocent.
The Plaza was where they knew,
the police could find Grandma
wearing one red shoe.

BONUS: Extended special live only verse
And so little Timmy Tweeted,
“Network Miner is ‘freein’
Rudolph’s not a flea bitten beast
and for Grandma there’ll be no Caribbean”

Welcome to Blogger

I’ve been trying live spaces. It works OK, but thought I would give blogger a try.

The purpose of the blog (like just about every other blog) is to to help me keep track of things and if it helps someone else, great.

Most of the blogs will be focused on information security, but there might be the odd rant, review or random thought.