Find my photos!

Find my photos at : Flickr


DSC_0180-Pano-Edit.jpg

Taters: Check Eggs: Check Onions: Check Butter: Check LETS COOK!

Been A while since I’ve updated this place. Even longer since I’ve updated with  FOOD POST! noms.

So. What shall I cook this time? *ponders*  …  EASY! -> taters!potaytoes

So. what shall I do with taters!

IDEA: ask twitter!

ingorethem

And then ignore them all! and attempt to make Potato Latkes!
and now off to whole foods and return with the things to make the stuff!

Here’s what I returned from Wholes Foods with!  (I can walk there)
20150915_212200YAY FOOD IN FOOD FORM THAT IS NOT READY FOR NOM!  (Wait…what?!)
…Also if you look up a recipe to latkes… you’ll notice a lack of my flour ownership…. BUYING THIS IS HARD. K.

oh wells! I’mm just start doing the things like chopping. and adding heat!

So, what shall I do now. Find pan!
20150915_212947I like big pans and I can not lie!  You other chefs can’t deny!

Let’s begin the process of Tater prep.
SKIN IT ALIVE MUAHAHAHAHAHA.
20150915_213442

OH MY, NAKED TATER! Do I need a censor bar for this?!
…also: I’m a murderer  :(
murdereBefore I eat your kind, CyberTaters. IMMA CHOP CHOP >:O
\m/

20150915_214002(I don’t own a cutting board… that I know of)

I swear I didn’t tear up cutting the onion….
20150915_214445(…I totally did though ;_;  )
also… even though I might smell good. DO NOT LICK THE RAW ONION.
its not very tasty….(life pro tips by pronto)

So, Taters: check, Onions: check….EGG TIME

20150915_214642Those are some mighty fine eggs if I say so myself.
time to get violent. AND BEAT THEM

20150915_214823

DIE EGGS DIE I END YOU. DIE DIE DIE DIE

now that the eggs are RIP. Time to butter the ban!
mmm butter.
20150915_215130while the fire is doing it’s thing to the butter. lets check the eggs and add onions to them!

20150915_215155if you look closely YOU CAN SEE ONION IN THE EGG. OMG

so time to add salt. I put it in the egg stuff because I didn’t know what else to do with it…

20150915_215407

….so, I failed pretty bad trying to open the salt.
IT’S NOT AN EASY PROCESS OKAY. -.-

 

LETS PUT THE CHOPPED TATERS ON THE HOT BIG PAN!
20150915_215500 20150915_215929 20150915_220302 20150915_220430:D FRY TATERS FRY!
So after that i let t hem fry some more. and added more butter. because butter.
who does not like butter!
Shy_Butters_by_Sonic_Gal007^_^

time for the EGG ONION MIXTURE (and more butter/ YES.)
20150915_220603
Egg! aww yeah!20150915_220640
mmmm.20150915_221031 20150915_221044
so @corq on twitter was jealous. and gave awesome idea of GARLIC.
I didn’t think I had any.BUT FOUND OUT I OWN GARLIC POWDER! YAY!

garlicTHANKS FOR THIS AMAZE IDEA!  mmm garlic (also proof I’m not a vampire!)

So I let it fry some more!  and here’s the finished noms.

 

20150915_221337 20150915_221344

ShmooCon 2015

Once again I made it to ShmooCon, and once again I didn’t make it to most of the talks I wanted to. Instead I valued talking with people. Caught up with some amazing friends/acquaintances to hear the fun things they’re working on. Also met some new people! A few of them whose first hacker-con was this very ShmooCon. It’s amazing what you can learn just by hanging out in the chill-out room, hotel-bar, lobby, and the various room-parties.

If I met you this past weekend at shmoo, and you want to follow up on anything we discussed please leave comment here or email me at (justin@ifconfig.pro).

Talks I did make:

httpscreenshot – A Tool for Both Teams – Steve Breen and Justin Kennedy

httpscreenshot is a tool developed internally over the past year and a half. It has become one of our go to tools for the reconnaissance phase of every penetration test. The tool itself takes a list of addresses, domains, URLs, and visits each in a browser, parses SSL certificates to add new hosts, and captures a screenshot/HTML of the browser instance. Similar tools exist but none met our needs with regards to speed (threaded), features (JavaScript support, SSL auto detection and certificate scraping), and reliability.

Check httpscreenshot out on github. This looks like a very useful project, might look into using it in the future.

No Budget Threat Intelligence: Tracking Malware Campaigns on the Cheap – Andrew Morris 

In this talk, I’ll be discussing my experience developing intelligence-gathering capabilities to track several different independent groups of threat actors on a very limited budget (read: virtually no budget whatsoever). I’ll discuss discovering the groups using open source intelligence gathering and honeypots, monitoring attacks, collecting and analyzing malware artifacts to figure out what their capabilities are, and reverse engineering their malware to develop the capability to track their targets in real time. Finally, I’ll chat about defensive strategies and provide recommendations for enterprise security analysts and other security researchers. I’ll also be releasing a suite of tools I created to help threat researchers perform tracking and attribution.

Andrew is someone who I first met at NovaHackers, and when I first met him I thought “This is someone to keep an eye on, he’s going to be doing some pretty awesome things”. Well Andrew, you have!
This talk had specific interest to me as one of my own projects is kinda about doing threat-Intel cheaply.

Firetalks!

Firetalks an event put on by @grecs of NovaInfosec. It’s a great event and I highly recommend attending. They’re short talks on people neat-projects/ideas, right to the good info with out a bunch of unneeded filler talk. My thoughts on each in sub-bullets
Watch the talks on irongeek.com here

  • 6:30: “Opening” by @grecs
  • 6:35: “PlagueScanner: An Open Source Multiple AV Scanner Framework” by Robert Simmons (@MalwareUtkonos)
    • Really interesting project frame work to use multiple AV Scanners.
    • the plague scanner website is not showing anything atm
    • has a mostly empty git-hub page
    • But very worth to keep an eye on.
  • 6:55: “I Hunt Sys Admins” by Will Schroeder (@harmj0y)
    • Overview of a bunch of useful windows tools
    • and how he uses them
    • …I don’t do much windows stuff, but this talk is useful if you pop mircosoft things
  • 7:15: “Collaborative Scanning with Minions – Sharing is Caring” by Justin Warner (@sixdub)
    • this project is just awesome, and something i might look into for sshranking
    • check it out on github
    • scan all the things!
  • 7:35: “Chronicles of a Malware Hunter” by Tony Robinson (@da_667)
  • 7:55: “SSH-Ranking” by Justin Brand (@moo_pronto)
    • ….my talk *hides*  it’s about sshranking
    • I’ve not actually watched the recording yet…
    • I’ll be doing some research on how to give a better presentation
  • 8:15: “Resource Public Key Infrastructure” by Andrew Gallo (@akg1330)
    • Disclaimer, I was in a bit of a ‘oh god what just happened’ while watching this talk
      • …my talk was the first talk I’ve given
    • He brings up a LOT of really good points about how IP addressing is handled
    • If you’re at all interested in how the Internet works(and how it’s broken) watch this

Parties: this year I didn’t do the normal loud crazy parties, but instead went to ‘social gathering’ parties. I Was invited to REDLattice party, was promised good discussion and free beer. They delivered on both, if you get a chance to, go check them out in the future shmoocons to talk to some great people they invite. Also found myself at the #MexiCon party put on by ViciousData (they also sponsored shmoocon epilogue). Was also able to have some really fun and interesting conversations there.

People: Was able to put a lot of faces-to-names this year from irc/twitter folk, that’s always awesome. Though chances are if we meet again, you’ll have to remind me (I’m horrible at remembering names/faces, I remember things/events).
Unfortunately I also meant to meet up with a lot of people who were also there, but we missed each other :(   oh well, there’s always the next hackercon!

Added some stickers to my tablet case!

tabletstickers(anyone remember what that red bird is a logo for?)

Anyways, see you all next hackercon!

ProTip: Useful things from @SwiftOnSecurity

Some useful reference things; mostly from @SwiftOnSecurity
(i’l be updating this with more things)

odd scapy issue (with work around!)

with scapy i was trying to do a traceroute:

traceroute(["www.example.com","pronto185.com"],maxttl=20)

and was getting this annoying error (…not sure why)

Traceback (most recent call last):
  File "", line 1, in 
  File "scapy/layers/inet.py", line 1294, in traceroute
    timeout=timeout, filter=filter, verbose=verbose, **kargs)
  File "scapy/sendrecv.py", line 309, in sr
    s = conf.L3socket(filter=filter, iface=iface, nofilter=nofilter)
  File "scapy/arch/linux.py", line 316, in __init__
    attach_filter(self.ins, filter)
  File "scapy/arch/linux.py", line 132, in attach_filter
    s.setsockopt(SOL_SOCKET, SO_ATTACH_FILTER, bpfh)
  File "", line 1, in setsockopt
socket.error: [Errno 22] Invalid argument

so i ran same thing with ipython (gives better error output)
and it showed this

/usr/lib/python2.7/socket.pyc in meth(name, self, *args)
    222 
    223 def meth(name,self,*args):
--> 224     return getattr(self._sock,name)(*args)
    225 
    226 for _m in _socketmethods:

so on line 223 for def meth(), i edited it: /usr/lib/python2.7/socket.py

def meth(name,self,*args):                                                     
    try:
        return getattr(self._sock,name)(*args)
    except:
        return 'wat'

and this seems to of fixed it! :D

>>> traceroute(["www.example.com","pronto185.com"],maxttl=20)
Begin emission:
.........*....*......*...*...*.....*......*.............*........*.......*....*......*.....*............**...........*...*........*.............**...........*.*............**................**............*.*...........*..*...........*..*.........*..*..........*.*....Finished to send 40 packets.
........*............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Received 928 packets, got 37 answers, remaining 3 packets
   208.100.54.15:tcp80 93.184.216.119:tcp80 
1  207.99.1.13     11  207.99.1.13     11   
2  207.99.53.41    11  207.99.53.41    11   
3  209.123.10.117  11  209.123.10.26   11   
4  -                   107.6.71.209    11   
5  -                   107.6.84.209    11   
6  154.54.6.226    11  208.122.44.201  11   
7  154.54.43.101   11  93.184.216.119  SA   
8  154.54.6.190    11  93.184.216.119  SA   
9  154.54.41.202   11  93.184.216.119  SA   
10 -                   93.184.216.119  SA   
11 154.54.1.210    11  93.184.216.119  SA   
12 38.104.103.238  11  93.184.216.119  SA   
13 208.100.32.78   11  93.184.216.119  SA   
14 208.100.54.15   SA  93.184.216.119  SA   
15 208.100.54.15   SA  93.184.216.119  SA   
16 208.100.54.15   SA  93.184.216.119  SA   
17 208.100.54.15   SA  93.184.216.119  SA   
18 208.100.54.15   SA  93.184.216.119  SA   
19 208.100.54.15   SA  93.184.216.119  SA