CSEC630 Lab 2

Leave a reply

Ok. The lab was pretty much what I expected.

Click this Panic button to reset everything. Go look at this pcap in Wireshark. Run this command in cmd.exe (and even walks the student through opening a term window by go to the start button, type cmd in the run box).

Run Snort with the test option on a pre-defined rule set using the pcap you looked at. Modify the same rule multiple times, enabling and disabling an alert each time. Run to see the difference.

Answer these 10 questions.

The last question was how to improve the class… I forgot to say use a Linux VM instead of a Windows VM. Since one of my answers did require Grep. Which means copy and paste from the VM lab to my box connected to the lab.

Working through Violent Python

Leave a reply

I’m working through Violent Python. I’m still working on the Automating Python stuff to, but that requires WingIDE and I only have 1 license for that. Which means run on a VM at home.

Violent Python suggested an IDE at the beginning, but the examples are written in a way (at least in the first 2 chapters) so I can SSH to my multi-purpose server and do everything via VIM and the CLI.

Continue reading

SANS Forensics 578

Leave a reply

Work recently sent me to SANS Forensics 578, Cyber Threat Intelligence. This was my first SANS class ever, and it was pretty good. The instance of the class I was sent to was presented by Jake Williams and Rebekah Brown. I think having both of them teach the class was great, because it gave more from the trenches view than having just one of them as an instructor.

Continue reading

Automating OSINT Python Course

Leave a reply

A few months ago, a friend and co-worker asked if I had seen Automating OSINT. I hadn’t, so I went and checked it out and end up signed up for the free webinar. Turns out I had just missed the previous one by a few hours. And had some time to wait before the next one.

I’ve been wanting to expand beyond just bash scripting for most of my career. I tried learning Perl, and then I tried Python. The Google Python class, the MIT Python Class, Learn Python the Hardware, Think Python, Automate the Boring stuff with Python, and buying Python courses from Boing Boing. Problem is I never finished any of them. I think because I lose interest, and have other things to do.

Continue reading

Book Review: Mass Killers: How you Can Identify, Workplace, School, or Public Killers Before They Strike

Leave a reply

I bought Mass Killers: How you can identify workplace, school, or public killers before they strike (Amazon affiliate link) in December of 2013. I think started to read it, and lost interest / had other things come up. I recently picked this book up to read not that long ago, and went through it. Mike Roche, did a good job of breaking the book up in to parts. He uses his history in Law Enforcement to cover Mass Shootings, the signs, and how HR / Senior Leadership should handle the events leading up to a shooting.

Continue reading

Rough Outline for Circle City Con

Leave a reply

Just so people have an idea of what the class is going to cover:

1. Basic theory of electromagnetic radiation known as radio waves
2. Install SDR# software and configure Dongle on Windows to monitor broadcasts (FM radio, Ham Radio, Other bands).
3. ADBS (Track airplanes, basically how FlightAware does it, with remote sensors people run)
4. Frequency counting (finding what Freqs are popular in an area to do more of item 2).
5. Radio Directional Finding, using RTL-SDR dongles on a Raspberry Pi with a touchscreen and gui software.
5a. (for licensed HAMS) how to turn the Raspberry Pi in to a broadcasting radio