Thursday, July 29, 2010

Learning Python via Scapy

t my new job some of the things I need to do is network mapping and interface mapping so we can figure out where potential risk lies within the network. I have been looking for a framework in Ruby that can help me programatically map a network. I thought I found what I need in Scruby. However, it seems like Scruby is not  in development anymore and is really just a proof of concept of Scapy. Recently I saw a post by Chris Gates on the Carnal0wnage blog about exactly what I need. I have also been trying to diversify when it comes to my programming languages and python is first on my list. So I decided to give Scapy a shot. The out of the box network visualization tools in Scapy are amazing (if you get all of the correct dependencies installed). You have multiple choices when it comes to outputs. I don't think I have even begun to scratch the surface of the visualization capabilities of Scapy.  

One of the best things about Scapy is that it allows for low level packet manipulation. For those of us who know and care what tcp flags and ttls are there is a lot of power in Scapy.  The Scapy demo page has a lot of greate demos to go through to get a feel of Scapy. This has helped me get a better feel for pythonesque formatting. So far so good. So if you ever need to craft packets, analyze pcap files or do some network visualization Scapy is the way to go.

Posted via email from Ian's posterous

Wednesday, July 21, 2010

Sam loves swimming and ribs

Here is a few pictures of Sam at our last swim and BBQ in the backyard. He loves his gator floaties and is pretty fearless. He likes to go down the slide all by himself with Mommy waiting to catch him. Still with skin like that I feel I need to invest in a 50 gallon barrel of sunscreen at Costco.

Smiling for the camera.
MMMM Ribs and BBQ Sauce.

Sunday, June 20, 2010

It’s time for the Security Industry to grow up

It’s time for the Security Industry to grow up. Most of us have been drawn to the security industry because of the fun things we get to do. We like finding problems with security controls and love being paid to break into systems and networks. However, as much fun as those things are information security has become a very important part of businesses and industry. As more and more businesses digitize their business information and assets the more important information security becomes. Whether we like it or not information security is quickly becoming a critical part of the business process.

 In that light it is important for us as information security practitioners to learn more about business processes. I know that it feels great to get a shell on a box. However, that shell might not be attacking a critical business process and therefore is a potential waste of effort. By understanding the underling business processes of the company you are testing you can identify targets that are critical to the business as a whole.

 This approach however, requires an understanding of business processes. A great way to begin to understand general business processes is through education. I know that business classes can be uninteresting and even boring at times.  I will admit that during my education the business classes were the least interesting classes I took. I still can barely remember the content I went over even though I did very well in the class.  Recently I have realized my shortcoming in understanding business processes and have been going back over my business classes’ textbooks. If I take more of a “hackers” view at business processes I can begin to see critical places in the business process of where a successful attack could be critical to the business as a whole.

 There are many obvious targets such as high-level executives, payroll, and data warehousing. However, some targets could be just as critical. Imagine targeting the PR department and having the ability to send out press releases that could immediately damage the businesses’ reputation with their customers. All it takes is one factitious press release going viral and the company’s reputation could be irreparably damaged.

 By understanding the business process we as “security professionals” can begin to see these cracks in them and begin to design stopgaps to protect them. I still believe that the hacker mentality can thrive in a business environment. However, in order to do that we need to grow up, educate ourselves and take our rightful place in the business world.

I am writing this in hopes to spark a discussion on this topic. If you don't agree with me please feel free to let me know why. I am a firm believer in open, uncensored and frank discussions.


Posted via web from Ian's posterous

Tuesday, June 8, 2010

Western Tracking Institute Tracking Class


1 I spent last Saturday at an animal tracking class provided by the Western Tracking Institute. The instructors Rick, Lee and William were top notch and we were able to learn a lot about gaits and animal identification.  2 You have no idea how many ways a rabbit track can present itself. Our Tracking location was very interesting. We spent all day under the 805 and 56 merge underpasses and bridges. The first part of the day was spent under the big overpasses. The underpasses were a great place to see many different types of tracks. The substrate was very soft in places and that allowed us to analyze the gaits and tracks fairly easily. We saw raccoon, skunk, bobcat, deer, opossum and the ever present cottontail tracks.  3  4 The second part of the day was spent under the bridge in the muck. Luckily I brought a pair of rubber boots to keep all of the mud and water at bay. We found some really interesting tracks under the bridge including crawfish, deer, bobcat, a ton of raccoon tracks and a mystery track that no one could identify. In all it was a fun day of tracking even if you could barely hear each other talking over all of the traffic noise. I'm looking forward to the trailing workshop later on this summer and hope to get through the entire curriculum. In all it was a great experience and I highly reccommend taking any of the classses offered by the WTI.


Posted via web from Ian's posterous