Tag Archives: tools

Script(s) to ping a computer

I re-wrote a script I use at work. It was a messy bit of Python 3 previously. While it’s still not the cleanest of python scripts, it scratches my itch. It was originally just a straight line of commands with lots of repeated code. I made some functions and made it a little more modular. I know I need to learn PEP8, and start following it. This was just to improve something that I wrote previously with things I learned from Automate the Boring Stuff with Python.

I’ve shared it via my GitHub repository for DFIR scripts. They’re clean (not tied to any company). There is only Computer Ping for right now. There are 3 scripts all based on the same idea.

Ping a computer, if it is down, keep trying every 10 minutes for 1 hour. Pop an “alert” if the target is up, or the script finished before it came up.

  • 1 version for Windows running python (wComputerPing.py)
  • 1 version for Windows running Cygwin (cwComputerPing.py)
  • 1 version for boxes running Linux. (lComputerPing.py).

I’ll write others and upload to the repository as I have time / re-write stuff I use. They might not all be Python, but my goal is to be more Python than not.

Why I don’t have a lab

An industry mailing list I’m on recently had a conversation that started asking about Master Degrees but had some hiring managers chip in. They said a question they tend to ask is to have the candidate tell about their home lab.

I’ve been asked this question a few times in the past, and I’ve asked people this question in job interviews. I know it’s to find out what kind of passion the candidate has for the job, but I think it’s starting to become a bad question to ask.

Here is why I don’t have a home lab.

Continue reading

CSEC630 Lab 2

Ok. The lab was pretty much what I expected.

Click this Panic button to reset everything. Go look at this pcap in Wireshark. Run this command in cmd.exe (and even walks the student through opening a term window by go to the start button, type cmd in the run box).

Run Snort with the test option on a pre-defined rule set using the pcap you looked at. Modify the same rule multiple times, enabling and disabling an alert each time. Run to see the difference.

Answer these 10 questions.

The last question was how to improve the class… I forgot to say use a Linux VM instead of a Windows VM. Since one of my answers did require Grep. Which means copy and paste from the VM lab to my box connected to the lab.

Automating OSINT Python Course

A few months ago, a friend and co-worker asked if I had seen Automating OSINT. I hadn’t, so I went and checked it out and end up signed up for the free webinar. Turns out I had just missed the previous one by a few hours. And had some time to wait before the next one.

I’ve been wanting to expand beyond just bash scripting for most of my career. I tried learning Perl, and then I tried Python. The Google Python class, the MIT Python Class, Learn Python the Hardware, Think Python, Automate the Boring stuff with Python, and buying Python courses from Boing Boing. Problem is I never finished any of them. I think because I lose interest, and have other things to do.

Continue reading

Rough Outline for Circle City Con

Just so people have an idea of what the class is going to cover:

1. Basic theory of electromagnetic radiation known as radio waves
2. Install SDR# software and configure Dongle on Windows to monitor broadcasts (FM radio, Ham Radio, Other bands).
3. ADBS (Track airplanes, basically how FlightAware does it, with remote sensors people run)
4. Frequency counting (finding what Freqs are popular in an area to do more of item 2).
5. Radio Directional Finding, using RTL-SDR dongles on a Raspberry Pi with a touchscreen and gui software.
5a. (for licensed HAMS) how to turn the Raspberry Pi in to a broadcasting radio

RTL-SDR for Circle City Con

Remember I said you only need 1 of these. These are how they came from Amazon (where I got them all), see last post for links.

RTL-SDR.com: Again I like this because it’s a metal case and came with 2 antenna.

IMG_20160428_215113

 

 

 

 

 

 

The NooElec in the aluminum case. This is a bare USB stick put in to the block. The picture on Amazon is blue, but what I got was black with silver lettering (I like that look).
ChDhAznUUAEXdUX

 

 

 

 

The Blue NooElec, like the one in the block case, it comes with a telescoping antenna.
IMG_20160428_214705

 

 

 

 

 

Lastly the NooElec cheap option, with the stick antenna, that doesn’t collapse.
IMG_20160428_214304

Parts list for Circle City Con’s SDR talk

I’ll be teaching an Introductory class at Circle City Con this year, on Software Defined Radio.

Introduction to Software Defined Radio with the RTL-SDR on Windows and the Raspberry Pi 2

4-hour introduction to Software Defined Radio, using the RTL2832U chipset, covering both Microsoft Windows and the Raspberry Pi. We will be going over how to track airplanes, scan radio frequencies to find people talking, and covering a little radio theory. Covering RTL-SDR due to the cost of equipment. A list can be provided to students prior to the course.

Here is the part list you’ll need if you’re taking the class (Note the links got to RTL-SDR.com, Amazon, or Ada Fruit, and I am not associated with either of them). If you can get parts elsewhere that is fine :

All the RTL-SDR dong’es with antennas I’ve gotten so far have had magnetic mounts, and you need a ground plane for them to work right.

Raspberry Pi WPA_Supplicant setup taking way longer than it should

—- TL/DR —-
If you want to connect a raspberry pi to a hidden access point your wpa_supplicant.conf needs to have the following in the network statement.

Don’t put a ” or a ) in your ASCII PSK it causes problems. I couldn’t get it to work with the hex psk using wpa_passphrase but I broke the rules of troubleshooting making multiple changes at a time instead of one and resetting it.

—– End TL/DR —-

I got a new phone. Nexus 5x.  But this isn’t what this post is about. My SO got a new phone last August. It was an unplanned by after the last one went for a porta-john swim. Again. not what this is about.

A co-worker suggested setting up a NAS to back up the pictures to. Being a poor college student, yes still grad school isn’t cheap, that really isn’t an option. Then he said well if it’s just the phones, why not use one of your Raspberry Pis?

The problem is getting the wpa_suplicant.conf file talking. It has taken me 2 days. Mainly because I don’t mess with that file much.

it hated my passphrase because of the ” and the ) in the middle example:

I tried wpa_passphrase with the file, but it didn’t like that either. (although I kind of want to go back and test it again, in case I missed something.

Which I couldn’t find out until after I set the AP to broadcast. So after more digging I found that

scan_ssid=1 has to be in the config.

Sigh. This is taking way longer than need be, and I’d just wire it, but it’s going to not be near the cables, because of power.

It’s all about the pcaps baby

So my android phone as an interesting problem, granted it’s an S4, running not the latest build so I don’t know if that problem still exists. Apparently the way the default mail application is set up, it can’t sync the mailboxes unless the Sync button is turned on. But that doesn’t stop that the mail application from trying to sync on a schedule.

Continue reading