Author Archive

« Older Entries
Newer Entries »

Finding Anomolies

Saturday, February 28th, 2009

This is one of the talks that will be presented at the March meeting, pic very related.

hoffmannickFinding network anomolies is becoming more and more difficult as there are literally terabytes of information to sort through.  This research offers possibility of breaking behavior up into machine and user generated content and then gives ability to see how ‘predicatble’ any given traffic is.  Looking into the behavior of the traffic can shine light on very regular activity (eg: malware beacons) as well as completely random activity.

Nick has two loves in life, one is wolves and the other is wolf shirts.  Legend says that he is an incident responder for a large company, but other legends say that he hopes to be wolf sometime.

Posted in Cincinnati 2600, Presentations | No Comments »

Load > 4000, is this bad? (y/n)

Friday, February 27th, 2009

One of our systems at work is doing some heavy crunching, check this out.

load average: 4040.80, 4685.54, 4773.97

I am trying to get it OVER 9000!!!!!!!

Tags: , ,
Posted in Cincinnati 2600 | 3 Comments »

BackTrack 4, ShmooCon release

Thursday, February 12th, 2009

I have uploaded the BackTrack 4 ISO from ShmooCon:

  1. http://cinci2600.com/BT4.iso
  2. http://www.int0×80.com/upload/BT4.iso

Also, Hackaday just posted today that the official ISO has been released; so you might have better luck with a P2P client.

Tags:
Posted in Cincinnati 2600, Downloads | No Comments »

Meeting

Monday, February 9th, 2009

Apologies that the meeting did not happen for February.  I waited too long to book the room and it was already reserved.  Here is hoping for next month.

In the meanwhile, join us on SILC:  #cin2600 on sauna.silcnet.org

Tags: ,
Posted in Cincinnati 2600 | No Comments »

aptitude and apt-get

Tuesday, February 3rd, 2009

Read this: http://pthree.org/2007/08/12/aptitude-vs-apt-get/

Back story: Yesterday someone on SILC asked about the difference between aptitude and apt-get, and why to use one over the other. I haven’t looked at the source code so could only provide reasons based on anecdotal evidence. The link posted above contains a concise write-up by Aaron Toponce on the difference between these apps.

Tags: , , ,
Posted in Cincinnati 2600 | 1 Comment »

Extracting lines with sed

Friday, January 30th, 2009

Say you have a file and want to pull a line out of the middle, for example line 4 from functions.php:

  • sed -n 4p functions.php

function uuid() {

If you want to pull a range, say lines 4 through 10:

  • sed -n 4,10p functions.php

function uuid() {
return sprintf( ‘%04x%04x-%04x-%04x-%04x-%04x%04x%04x’,
mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ),
mt_rand( 0, 0×0fff ) | 0×4000,
mt_rand( 0, 0×3fff ) | 0×8000,
mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ) );
}

Tags: ,
Posted in Cincinnati 2600 | No Comments »

« Older Entries
Newer Entries »